Trojan.MSIL.Agent

Trojan.MSIL.Agent Description

Type: Trojan

Trojan.MSIL.Agent is a malicious trojan infection which uses malicious tricks to download nasty malware threats from the web. Trojan.MSIL.Agent penetrates and installs the infected computer system without a user's awareness or authorization when he/she open unidentified email attachment or image, use instant messaging, etc. Trojan.MSIL.Agent is often bundled with free downloadable software or a malicious website you visited that set Trojan.MSIL.Agent on your machine. Trojan.MSIL.Agent may track your Internet activities, steal user names and passwords, credit card numbers and other private details. Trojan.MSIL.Agent is a serious threat for the PC system and has to be removed immediately.

Technical Information

File System Details

Trojan.MSIL.Agent creates the following file(s):
# File Name MD5 Detection Count
1 SoftwareUpdService.exe 08ee53134d503e717b9913f15bbecd4f 2,580
2 marshall.exe 979750935a9c5ae663c2ce1903c24385 1,879
3 JavaUpdateScheduler.exe df42f11d0ec5102632d40e1ba13e8722 435
4 vmnethcp.exe 338283cc6173ebcace3f53ffe53d913e 194
5 CjvK0cDVXH.exe 5488a8d14687c9e6ab0444ce895980c0 158
6 AMD External Events Client.exe ee9638647f73da0fec5da0d165670b49 121
7 MicrosoftcriticalUpdate.exe 51b4290905850a74f321abfd4826f790 77
8 AppVShNotifyt-t.exe 0b925cbf8479752674161740b0a3e30f 56
9 vstools.exe a3e71acf4cb478d9d108d393f65017d8 42
10 MicrosoftSecurityClient.exe 3c7a1e9c0a5bcb84cf0c1c045f518178 36
11 Files Manager_Part1.dll 042feaf877eeafa0f573c14eec1036fc 13
12 Windows10.exe 993fbf24daf1888811dd7b95dffef401 9
13 System Disks Storage_Part1.dll 4ea010bdcbf011e94c9da553eca8b7b2 4
14 5beaedad620926c7d78777eeb702b8a1.exe b5ad362fe8b6f4ada91b84d9bf3eb8a8 3
15 iepv_setup.exe df6e95971e700f2a3231ee0366b92cf6 2
16 Audiodb.exe 61f0565f425d0bb28ea3d4790012876e 2
17 cryptedstealerserver.exe f20327c8bd7c272f82a3fa62ab858cfb 1
18 thostmgr.exe a9d619ba076612e87ba75a3c3a8edd99 1
19 mdn.exe 6f7ae7991e1dd6c0a1c8153e61bd378c 1
20 sourcehash{8220eefe-38cd-377e-8595-13398d740ace} 263ab98632ed4c32a7f3af02de7f080b 1
21 c:\Documents and Settings\All Users\Start Menu\Trojan.MSIL.Agent\ c:\Documents and Settings\All Users\Trojan.MSIL.Agent\ and delete N/A
22 %PROGRAM_FILES%\Trojan.MSIL.Agent N/A
23 viafile.exe f37d28e6663b0ce28f6c4f59294e3dd6 0
More files

Registry Details

Trojan.MSIL.Agent creates the following registry entry or registry entries:
Directory
%APPDATA%\kna
%APPDATA%\Temp\TasksHost
%APPDATA%\ViaFolder
%userprofile%\Documents\IISExpress\Nonce
Regexp file mask
%ALLUSERSPROFILE%\Application Data\UpdateService\UpdateService.exe
%ALLUSERSPROFILE%\GameConfig\Gameconfig.exe
%ALLUSERSPROFILE%\Intel\iusb3.exe
%ALLUSERSPROFILE%\syscall.exe
%ALLUSERSPROFILE%\Updates\MicrosoftSecurityClient.exe
%ALLUSERSPROFILE%\UpdateService\UpdateService.exe
%APPDATA%\Bonjour mDNS Responder.exe
%APPDATA%\Java\JavaUpdateScheduler.exe
%APPDATA%\Microsoft\dwmDesktop.exe
%APPDATA%\Microsoft\Network\Connections\hostdl.exe
%APPDATA%\Microsoft\Windows\Start Menu\Client.exe
%APPDATA%\Microsoft\Windows\Templates\vmnethcp.exe
%APPDATA%\suchost.exe
%APPDATA%\ViaFile.EXE
%APPDATA%\view\viewU{0,1}.exe
%APPDATA%\Workspace\vstools.exe
%appdata%\xmscl.exe
%LOCALAPPDATA%\AppVShNotify[RANDOM CHARACTERS].exe
%TEMP%\SystemServices\[RANDOM CHARACTERS].exe
%USERPROFILE%\Documents\IISExpress\Config\MicrosoftIISAdministration.exe
%USERPROFILE%\Documents\IISExpress\Config\Updates\AU3_EXE11.exe
RegistryKey
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsegui.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsmpeng.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon "Shell" = '%UserProfile%Application Data[SET OF RANDOM CHARACTERS].exe'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsascui.exe "Debugger" = 'svchost.exe'
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon "Shell" = '%UserProfile%Application DataMicrosoft[SET OF RANDOM CHARACTERS].exe'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsekrn.exe "Debugger" = 'svchost.exe'
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmsseces.exe "Debugger" = 'svchost.exe'

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.