HackTool:MSIL/SmbAgent!atmn removal guide

The HackTool:MSIL/SmbAgent!atmn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What HackTool:MSIL/SmbAgent!atmn virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine HackTool:MSIL/SmbAgent!atmn?


File Info:
name: 7B44B7E29762C1378B2E.mlw
path: /opt/CAPEv2/storage/binaries/4a47a6d10c47d5230617f58b0e080fe5648886909b7e107da794d546f6f4bd4c
crc32: 67D200D9
md5: 7b44b7e29762c1378b2edf6506a27ea8
sha1: 52217521d89e106ef2b84bad7ba750485110c304
sha256: 4a47a6d10c47d5230617f58b0e080fe5648886909b7e107da794d546f6f4bd4c
sha512: 141828f3fe9a03d9928a38b51f65e10ca79436df122972fd2530a1e48dbe301d3f0823557d829acd5b2617cb0bcdf2280a9e63581c466c411d8cc4cda4b93e2d
ssdeep: 96:cH+lj9YDhx/cHyTqc8AU7y0Lz88WvenOBOpobcw9Y8MK:cHQYb/Zu1ym88Wvgvk7
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1F6C1E88A7BD40E53F83A03795973932A5778FD529E53579F0D601634AD12B902E31BF0
sha3_384: 21c142dd5c4121dd10f1fde645df16b19ebb495b863a0124ccc87994edda3fbb32edd02d9ea0274790c9f05571b08c17
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-07-14 05:59:54

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: 1h6rpmnx.dll
LegalCopyright:  
OriginalFilename: 1h6rpmnx.dll
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

HackTool:MSIL/SmbAgent!atmn also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Hacktool.MSIL.SMBScan.3!c
DrWeb	Trojan.Siggen7.34567
MicroWorld-eScan	Generic.Malware.WX.585BDD59
ClamAV	Win.Malware.Smbagent-9769162-0
FireEye	Generic.mg.7b44b7e29762c137
Skyhigh	BehavesLike.Win32.Agent.xt
McAfee	Agent-SMB.b!7B44B7E29762
Cylance	unsafe
Zillya	Tool.SMBScan.Win32.4320
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/grayware_confidence_100% (W)
K7GW	Trojan ( 005962b21 )
K7AntiVirus	Trojan ( 005962b21 )
Arcabit	Generic.Malware.WX.585BDD59
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/HackTool.Agent.BW potentially unsafe
APEX	Malicious
Kaspersky	HEUR:HackTool.MSIL.SMBScan.gen
BitDefender	Generic.Malware.WX.585BDD59
NANO-Antivirus	Trojan.Win32.Ric.ezglxv
Avast	Win32:HacktoolX-gen [Trj]
Tencent	HackTool.MSIL.SmbScan.ha
TACHYON	Trojan/W32.DN-SMBScan.6144
Emsisoft	Generic.Malware.WX.585BDD59 (B)
VIPRE	Generic.Malware.WX.585BDD59
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Malicious PE
Google	Detected
Antiy-AVL	HackTool/Win32.Agent.a
Kingsoft	malware.kb.c.806
Xcitium	TrojWare.MSIL.HackTool.Agent.ASD@8sg90t
Microsoft	HackTool:MSIL/SmbAgent!atmn
ZoneAlarm	HEUR:HackTool.MSIL.SMBScan.gen
GData	MSIL.Riskware.SMBScanner.A
Varist	W32/Hacktool.J.gen!Eldorado
AhnLab-V3	Malware/Win.Generic.R424570
ALYac	Generic.Malware.WX.585BDD59
MAX	malware (ai score=86)
Malwarebytes	Trojan.Crypt
Panda	Trj/GdSda.A
Ikarus	PUA.Hacktool.SMBAgent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Riskware/HackTool
AVG	Win32:HacktoolX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove HackTool:MSIL/SmbAgent!atmn?

HackTool:MSIL/SmbAgent!atmn removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X