Adware Reports malware removal guides and threat research Updated security instructions for Windows users
Home/Backdoor
Threat report

Backdoor:MSIL/SpyGate.DCC!MTB information

Published Nov 7, 2021 Backdoor category 2 min read
Report context

What to verify before removal

Backdoor:MSIL/SpyGate.DCC!MTB information deserves a credential-safety review because this backdoor label can overlap with remote access, browser data theft, or persistence after reboot. Cleanup should include scanning the file, removing the persistence point, and rotating exposed passwords from a clean device.

The technical section is meant to connect the detection name with observable evidence such as credential theft, browser data access, remote-control activity, and persistence after reboot. Compare the identifiers here with the local file before deleting anything, then use the cleanup workflow to scan, quarantine, and verify the system state.

  • Confirm the detection name matches Backdoor:MSIL/SpyGate.DCC!MTB information before removing related files.
  • Review the report for credential theft, browser data access, remote-control activity, and persistence after reboot so the cleanup is based on observed behavior, not only the label.
  • After cleanup, rotate passwords from a clean device and review browser sessions or saved credentials.

The Backdoor:MSIL/SpyGate.DCC!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Backdoor:MSIL/SpyGate.DCC!MTB virus can do?

  • Network activity detected but not expressed in API logs

How to determine Backdoor:MSIL/SpyGate.DCC!MTB?



File Info:

crc32: 4F47D723
md5: abd5a435f1eca3e4f999bb82b6560eb4
name: ABD5A435F1ECA3E4F999BB82B6560EB4.mlw
sha1: 09159564e60dfad903279fbd50e591b867eed7e4
sha256: 1a2a96929291f09ea53d7cfa9cf579443fdf3f8472e4a890da2412f0ee1ee3d1
sha512: 894de12ae0c7fb57c3fbc29fe0a7562666293205c41f95f2ca7699d0626f9ad1180bb58e1d14a3b605417cabf33462dca8239ccc4bdfdaa4cf852ba6d5c35868
ssdeep: 12288:Hh0wIKrTa5kYKvBIE+SH6vwoNKirvFi1jZtzf:B0lKrTl
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 Microsoft 2018
Assembly Version: 1.0.0.0
InternalName: Windows.exe
FileVersion: 1.0.0.0
CompanyName: Microsoft
ProductName: Windows
ProductVersion: 1.0.0.0
FileDescription: Windows
OriginalFilename: Windows.exe

Backdoor:MSIL/SpyGate.DCC!MTB also known as:

K7AntiVirus Trojan ( 004ce3151 )
Lionic Trojan.MSIL.Disfa.4!c
Elastic malicious (high confidence)
DrWeb Trojan.PackedNET.248
ClamAV Win.Packed.Bladabindi-7082976-0
ALYac Gen:Variant.Ursu.130124
Cylance Unsafe
Zillya Trojan.Disfa.Win32.67063
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (D)
Alibaba Backdoor:MSIL/Disfa.5d91d21c
K7GW Trojan ( 004ce3151 )
Cybereason malicious.5f1eca
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.DLU
APEX Malicious
Avast Win32:Malware-gen
Cynet Malicious (score: 99)
Kaspersky Trojan.MSIL.Disfa.muxf
BitDefender Gen:Variant.Ursu.130124
NANO-Antivirus Trojan.Win32.Kryptik.exsqec
MicroWorld-eScan Gen:Variant.Ursu.130124
Tencent Msil.Trojan.Disfa.Lqor
Ad-Aware Gen:Variant.Ursu.130124
Sophos Mal/Generic-S
Comodo Malware@#ei822jq5tz98
BitDefenderTheta Gen:NN.ZemsilF.34236.@q0@aiOTSOk
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition AgentTesla-FDAH!ABD5A435F1EC
FireEye Generic.mg.abd5a435f1eca3e4
Emsisoft Gen:Variant.Ursu.130124 (B)
SentinelOne Static AI – Malicious PE
Avira HEUR/AGEN.1111863
Microsoft Backdoor:MSIL/SpyGate.DCC!MTB
GData Gen:Variant.Ursu.130124
AhnLab-V3 Malware/Win32.RL_Generic.C3995749
McAfee AgentTesla-FDAH!ABD5A435F1EC
MAX malware (ai score=100)
Malwarebytes Backdoor.Bladabindi
Panda Trj/GdSda.A
Ikarus Trojan.MSIL.Crypt
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Kryptik.DCC!tr
AVG Win32:Malware-gen
Paloalto generic.ml

How to remove Backdoor:MSIL/SpyGate.DCC!MTB?

Recommended second-opinion scan

Verify the infection before changing system settings

Use GridinSoft Anti-Malware to run a full scan, review detected persistence entries, and quarantine confirmed threats before restarting Windows.

Download GridinSoft Anti-Malware
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.