Should I remove “HackTool:MSIL/SmbAgent!atmn”?

The HackTool:MSIL/SmbAgent!atmn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What HackTool:MSIL/SmbAgent!atmn virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine HackTool:MSIL/SmbAgent!atmn?


File Info:
name: D420B3E3AF2230BCA262.mlw
path: /opt/CAPEv2/storage/binaries/c2ea6b04fe29f0b6b16bc7cb8a24443de01d5934b95fe9a78b814fdea051d5d0
crc32: 45080543
md5: d420b3e3af2230bca262265ad414db0f
sha1: a521a08a06ee46c6786edcae97b913b076ad9c18
sha256: c2ea6b04fe29f0b6b16bc7cb8a24443de01d5934b95fe9a78b814fdea051d5d0
sha512: fb8dac751d4f7f80d8c393f3a81ab5e2aa063106116d29875f02f7006af64ca1ffb701447847e9adf1d9cd89b8fe611b0f23e644c5b86202b9522c0e0dc4a413
ssdeep: 96:0H+lj9YDhx/cHyTqc8AU7y0Lz88JP44OBOpobqw9YM9K:0HQYb/Zu1ym88JpdkW
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1A5C1E889BBD40E53F83A07795E73932957B4FD529E535B9F082016346C51B902E71BF0
sha3_384: 519be142527289c27b642c3dc9a04123a6e71a60c08eede2e993c94fc3d4741e44b95a694c3172651e8f55029ddd9ab8
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-01-10 19:52:44

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: 6nv1mys-.dll
LegalCopyright:  
OriginalFilename: 6nv1mys-.dll
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

HackTool:MSIL/SmbAgent!atmn also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Riskware.Win32.Generic.1!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Generic.Malware.WX.986CFB2D
ClamAV	Win.Malware.Smbagent-9769162-0
Skyhigh	BehavesLike.Win32.Agent.xt
McAfee	Agent-SMB.b!D420B3E3AF22
Cylance	unsafe
Zillya	Tool.Agent.Win32.50896
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 005962b21 )
K7GW	Trojan ( 005962b21 )
CrowdStrike	win/malicious_confidence_70% (W)
Arcabit	Generic.Malware.WX.986CFB2D
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/HackTool.Agent.BW potentially unsafe
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:HackTool.MSIL.SMBScan.gen
BitDefender	Generic.Malware.WX.986CFB2D
NANO-Antivirus	Trojan.Win32.Ric.ezglxv
Avast	Win32:HacktoolX-gen [Trj]
Tencent	HackTool.MSIL.SmbScan.ha
Emsisoft	Generic.Malware.WX.986CFB2D (B)
DrWeb	Trojan.Siggen7.34567
VIPRE	Generic.Malware.WX.986CFB2D
Sophos	Generic Reputation PUA (PUA)
SentinelOne	Static AI – Malicious PE
Jiangmin	HackTool.MSIL.mdj
Antiy-AVL	Trojan/Win32.Generic
Kingsoft	malware.kb.c.835
Xcitium	TrojWare.MSIL.HackTool.Agent.ASD@8sg90t
Microsoft	HackTool:MSIL/SmbAgent!atmn
ZoneAlarm	HEUR:HackTool.MSIL.SMBScan.gen
GData	MSIL.Riskware.SMBScanner.A
Varist	W32/Hacktool.J.gen!Eldorado
AhnLab-V3	Malware/Win.Generic.R424570
TACHYON	Trojan/W32.DN-SMBScan.6144
Malwarebytes	Trojan.Crypt
Panda	Trj/GdSda.A
Ikarus	PUA.Hacktool.SMBAgent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Riskware/HackTool
AVG	Win32:HacktoolX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove HackTool:MSIL/SmbAgent!atmn?

HackTool:MSIL/SmbAgent!atmn removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X