Backdoor

Backdoor:MSIL/WebShell!pz removal guide

Malware Removal

The Backdoor:MSIL/WebShell!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor:MSIL/WebShell!pz virus can do?

  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous .NET characteristics

How to determine Backdoor:MSIL/WebShell!pz?


File Info:

name: 48B306E581531C0CD523.mlw
path: /opt/CAPEv2/storage/binaries/c2ab40d33740f1260c83082fcbe4779ab8f67f41ef3e59162a54f3f7ee06b763
crc32: F04F5DD1
md5: 48b306e581531c0cd5232111dc1fdf75
sha1: d6e2787fbe91395f9b08cb689def173da6c28403
sha256: c2ab40d33740f1260c83082fcbe4779ab8f67f41ef3e59162a54f3f7ee06b763
sha512: ea0c92e318b3e3f614afdbe38b3cd0b95034b271b5a1be9fa645ab28007a7bdb11fc4c29f6e639bcd6fc8b3fe642840515d0f64899b02e41d564fe32055f43ac
ssdeep: 3072:TUdPeVW2nZjxbjPpdSXSJMT+mzMfU4Fm1MyWmribpD6gej:hJjxyypC
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T19EC3F80A22E49754F4FE977FA6B848484774F957A511D20F8DC0A89ECEB17D08C1FBA2
sha3_384: a93038e2334643317a135d45d3590256e95da0590a9bdb71e54539d7faee8cb95adbf6de4c2b99f12675fae6e5bff972
ep_bytes: ff250020001000000000000000000000
timestamp: 2024-04-24 12:09:27

Version Info:

0: [No Data]

Backdoor:MSIL/WebShell!pz also known as:

BkavW32.AIDetectMalware.CS
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.552043
FireEyeGen:Variant.Bulz.552043
CAT-QuickHealTrojan.GenericFC.S30114737
SkyhighBehavesLike.Win32.Generic.cm
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Variant.Bulz.552043
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 005ab4bd1 )
K7GWTrojan ( 005ab4bd1 )
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of MSIL/Webshell.AU
TrendMicro-HouseCallTROJ_GEN.R011C0DDQ24
ClamAVWin.Packed.Bulz-9891413-0
KasperskyHEUR:Backdoor.MSIL.Convagent.gen
BitDefenderGen:Variant.Bulz.552043
AvastWin32:BackdoorX-gen [Trj]
TencentTrojan.Win32.Webshell.16000396
TACHYONBackdoor/W32.DN-WebShell.118784
EmsisoftGen:Variant.Bulz.552043 (B)
F-SecureHeuristic.HEUR/AGEN.1362733
DrWebBackDoor.WebshellNET.8
ZillyaTrojan.Webshell.Win32.13873
TrendMicroTROJ_GEN.R011C0DDQ24
SentinelOneStatic AI – Malicious PE
GoogleDetected
AviraHEUR/AGEN.1362733
VaristW32/MSIL_Kryptik.JGP.gen!Eldorado
Antiy-AVLTrojan/MSIL.WebShell
MicrosoftBackdoor:MSIL/WebShell!pz
ArcabitTrojan.Bulz.D86C6B
ZoneAlarmHEUR:Backdoor.MSIL.Convagent.gen
GDataMSIL.Trojan.PSE.1502OL3
AhnLab-V3Trojan/Win.DZ.C5437542
VBA32TScope.Trojan.MSIL
ALYacGen:Variant.Bulz.552043
MAXmalware (ai score=81)
PandaTrj/GdSda.A
IkarusWin32.Outbreak
FortinetMSIL/Webshell.AZ!tr
AVGWin32:BackdoorX-gen [Trj]
DeepInstinctMALICIOUS
alibabacloudBackdoor:MSIL/Webshell.AU

How to remove Backdoor:MSIL/WebShell!pz?

Backdoor:MSIL/WebShell!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment