Trojan.Agent.MSDGen

Short Bio

This is the generic detection based on the properties of a value under the following registry key, which is indicative for Andromeda/Gamarue infections:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

 

Common infection method

Andromeda/Gamarue is often dropped onto a system by exploit kits. You can see an example in our blog post, Neutrino EK Campaign Drops Andromeda.

Remediation

Malwarebytes can remove Trojan.Agent.MSDGen without further user interaction. Note that it usually finds and removes Backdoor.Andromeda along with it.

Associated threats

  • Backdoor.Andromeda

Cybersecurity info you can’t do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language