Backdoor:MSIL/Webshell.BB!MTB removal instruction

The Backdoor:MSIL/Webshell.BB!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor:MSIL/Webshell.BB!MTB virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Backdoor:MSIL/Webshell.BB!MTB?


File Info:
name: 2B711171EE411AA7E45A.mlw
path: /opt/CAPEv2/storage/binaries/4218afd50cb49dd689c991904469b19ab0526e63a12642f4a4a8501e85da16f9
crc32: 72DC7FDC
md5: 2b711171ee411aa7e45a964cdfcd30d5
sha1: 6abb27afcd60f2c5cf003b639d4eb55f9ae718a6
sha256: 4218afd50cb49dd689c991904469b19ab0526e63a12642f4a4a8501e85da16f9
sha512: 3d0efe7d97b2aa6ec43bfc1c0b371f335303a0bd248bc71af4dcbb68bfe9f700fd34e58e59cb9a4f0baa6f091c891272a9055d5d9f3adb54749423c589b23574
ssdeep: 384:2/ZFsGPa8Zak1YCgS1vZvLeTWuJrqtl8texOtKX:2RFHPaDkFRvLyTJrqv84xOtK
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1FB62EA0B7B998923CABB63399B729954C2BAE5134126CF1A7DEC559C0FB3B040261FD1
sha3_384: 9914744ec6f9c84029b68b03942cb1765209ce548dcfada80a0cbd0ff955a84defe2edd1a3bbe1ab085b5da390999fd6
ep_bytes: ff250020001000000000000000000000
timestamp: 2024-03-15 14:03:44

Version Info:
0: [No Data]

Backdoor:MSIL/Webshell.BB!MTB also known as:

Bkav	W32.AIDetectMalware.CS
AVG	Win32:BackdoorX-gen [Trj]
MicroWorld-eScan	Gen:Variant.MSILHeracles.61452
FireEye	Gen:Variant.MSILHeracles.61452
McAfee	RDN/Generic BackDoor
Malwarebytes	Trojan.WebShell
VIPRE	Gen:Variant.MSILHeracles.61452
K7AntiVirus	Trojan ( 005b19ee1 )
K7GW	Trojan ( 005b19ee1 )
CrowdStrike	win/malicious_confidence_60% (D)
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Webshell.EV
Avast	Win32:BackdoorX-gen [Trj]
ClamAV	Win.Packed.Webshell-10016062-0
Kaspersky	HEUR:Backdoor.MSIL.WebShell.gen
BitDefender	Gen:Variant.MSILHeracles.61452
F-Secure	Trojan.TR/Dropper.MSIL.Gen
DrWeb	BackDoor.WebshellNET.9
Zillya	Trojan.Webshell.Win32.16819
TrendMicro	TROJ_GEN.R011C0DCH24
Emsisoft	Gen:Variant.MSILHeracles.61452 (B)
SentinelOne	Static AI – Malicious PE
Varist	W32/WebShell.E.gen!Eldorado
Avira	TR/Dropper.MSIL.Gen
MAX	malware (ai score=83)
Antiy-AVL	Trojan/MSIL.WebShell
Microsoft	Backdoor:MSIL/Webshell.BB!MTB
Arcabit	Trojan.MSILHeracles.DF00C
ZoneAlarm	HEUR:Backdoor.MSIL.WebShell.gen
GData	MSIL.Trojan.PSE.18J0OUJ
Google	Detected
AhnLab-V3	Backdoor/Win.WEBSHELL.C5557907
ALYac	Gen:Variant.MSILHeracles.61452
TACHYON	Backdoor/W32.DN-WebShell.14848.C
VBA32	TScope.Trojan.MSIL
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R011C0DCH24
Tencent	Backdoor.MSIL.WebShell.hn
Ikarus	Trojan.MSIL.Webshell
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Webshell.EE!tr
DeepInstinct	MALICIOUS

How to remove Backdoor:MSIL/Webshell.BB!MTB?

Backdoor:MSIL/Webshell.BB!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X