TROJ_AGENT.MGSM

TROJ_AGENT.MGSM is an alert for a browser hijacker, MyGeeksmail.dll, which exploits ISAPI filtering to cause browser redirects to unwanted websites. The TROJ_AGENT.MGSM-detected variant of MyGeeksmail.dll includes an Adobe certificate that seemingly confirms its identity as a trustworthy program, although SpywareRemove.com malware researchers note that this is clearly the consequence of an Adobe server breach that allowed criminals to gain limited access to Adobe's certificate information. TROJ_AGENT.MGSM, like all browser hijackers, is a danger to your PC and can expose you to harmful content – or just block you from visiting desirable websites. To delete TROJ_AGENT.MGSM safely, anti-malware software is recommended, since TROJ_AGENT.MGSM can conceal itself in unusual or sensitive locations (such as your Windows System folder).

The Agent of Browser Redirects Gets a Little Help from Hackers

A recent security compromise for an Adobe build server allowed criminals to access certificate-related information that, under normal circumstances, would only be available for the purposes of certifying official Adobe programs. TROJ_AGENT.MGSM was one of the two offspring of this effort, with the second being the spyware program PwDump7 (AKA HTKL_PWDUMP). Whereas PwDump7 steals passwords from Windows, TROJ_AGENT.MGSM is designed to redirect HTML requests to unwarranted destinations. SpywareRemove.com malware analysts have found similar browser-hijacking functions to be linked to phishing attacks, drive-by-download exploits, adware, negatively impacted search results and websites being blocked by fake warning pages.

Because TROJ_AGENT.MGSM uses an Adobe certificate to make itself seem trustworthy, SpywareRemove.com malware experts especially caution against downloading or launching files on the basis of their certificates alone. Adobe is scheduled to revoke the abused certificates early in October, but this revocation will not remove the certificates from PC threats like TROJ_AGENT.MGSM that already have them. Anti-malware software shouldn't experience any problems in detecting TROJ_AGENT.MGSM, regardless of its fraudulent identity credentials.

Getting Your Browser Back on the Straight and Narrow

The only major symptom of a TROJ_AGENT.MGSM infection is a series of browser redirects that take you to sites that are unrelated to your intended destinations. If you start to see redirects that you suspect to be from TROJ_AGENT.MGSM or another source, you should consider the likelihood of a security compromise and use anti-malware software for TROJ_AGENT.MGSM's detection and removal. In most circumstances, including those pertaining to TROJ_AGENT.MGSM, changes to browser settings are inadequate for preventing such attacks, which can attack multiple types of browsers.

TROJ_AGENT.MGSM is limited to Windows PCs and hasn't shown any form of defense to anti-malware software-based removal. Hence, the main danger of TROJ_AGENT.MGSM lies in its Adobe certificate, which is indicative of the increasing usage of social engineering by criminals who would prefer that their victims install malware of their own free will. As always, sites with downloads that may not be trustworthy should be avoided. If you must download a file that could turn out to be TROJ_AGENT.MGSM, SpywareRemove.com malware researchers can recommend no defense better than scanning it beforehand.

Technical Details