HackTool:MSIL/SmbAgent!atmn removal guide

The HackTool:MSIL/SmbAgent!atmn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What HackTool:MSIL/SmbAgent!atmn virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine HackTool:MSIL/SmbAgent!atmn?


File Info:
name: BE0CADBFF943BB0B4875.mlw
path: /opt/CAPEv2/storage/binaries/cf40b4d46d65808adce2d3f29b31b08b9657c58fcffd7a5f414c9ee81b113c7b
crc32: B8EA0572
md5: be0cadbff943bb0b487540945db89549
sha1: 7ee4dd2b5bd939f95634024fc9ff09ff52dad056
sha256: cf40b4d46d65808adce2d3f29b31b08b9657c58fcffd7a5f414c9ee81b113c7b
sha512: 48293316dfa882b95938762e1fce2ccea709c40b4070f535fa2ca416fedfbb2a0777f363fc56d8d91cf8bd6c6d2ccf15b055f890342b1e9be0d7cdec205d2c91
ssdeep: 96:xKH+lj9YDhx/cHyTqc8AU7y0Lz88m/gGHOBOpobmQw9YFqwK:xKHQYb/Zu1ym88IT9vQkw4
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T14DC1D58A7BE80E53F83A07785A73932A57B8FD529E43979F0C2016346C51B901E71BF0
sha3_384: f4d07f5ae5fed71ffbd7586d000aa273e44e9cb5faae48146612b87a1e555a2196a489b9caccc84a6195b7e80658619d
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-01-15 16:10:36

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: ewrjgmjp.dll
LegalCopyright:  
OriginalFilename: ewrjgmjp.dll
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

HackTool:MSIL/SmbAgent!atmn also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Generic.4!c
MicroWorld-eScan	Generic.Malware.WX.2F84326C
ClamAV	Win.Malware.Smbagent-9769162-0
Skyhigh	BehavesLike.Win32.Agent.xt
McAfee	Agent-SMB.b!BE0CADBFF943
Cylance	unsafe
Zillya	Tool.Agent.Win32.54677
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (W)
K7GW	Trojan ( 005962b21 )
K7AntiVirus	Trojan ( 005962b21 )
Arcabit	Generic.Malware.WX.2F84326C
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/HackTool.Agent.BW potentially unsafe
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:HackTool.MSIL.SMBScan.gen
BitDefender	Generic.Malware.WX.2F84326C
NANO-Antivirus	Trojan.Win32.Ric.ezglxv
Avast	Win32:HacktoolX-gen [Trj]
Tencent	HackTool.MSIL.SmbScan.ha
Sophos	Generic ML PUA (PUA)
DrWeb	Trojan.Siggen7.34567
VIPRE	Generic.Malware.WX.2F84326C
Emsisoft	Generic.Malware.WX.2F84326C (B)
Ikarus	PUA.Hacktool.SMBAgent
Google	Detected
Antiy-AVL	Trojan/Win32.Generic
Kingsoft	malware.kb.c.977
Xcitium	TrojWare.MSIL.HackTool.Agent.ASD@8sg90t
Microsoft	HackTool:MSIL/SmbAgent!atmn
ZoneAlarm	HEUR:HackTool.MSIL.SMBScan.gen
GData	MSIL.Riskware.SMBScanner.A
Varist	W32/Hacktool.J.gen!Eldorado
AhnLab-V3	Malware/Win.Generic.R424570
TACHYON	Trojan/W32.DN-SMBScan.6144
Malwarebytes	Trojan.Crypt
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Riskware/HackTool
AVG	Win32:HacktoolX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove HackTool:MSIL/SmbAgent!atmn?

HackTool:MSIL/SmbAgent!atmn removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X