Malware

MSIL/Agent.TBG removal tips

Malware Removal

The MSIL/Agent.TBG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/Agent.TBG virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family
  • Anomalous binary characteristics

How to determine MSIL/Agent.TBG?



File Info:

name: DB567893D7ED6EA41F23.mlw
path: /opt/CAPEv2/storage/binaries/1aeba7ca78d9bbe78b381af8176247444255082a1a9fb52350d76f92042372c6
crc32: 05465654
md5: db567893d7ed6ea41f230567c25cbcab
sha1: 83f9f4dd9744d3103c20d5654380c14ab38ebce2
sha256: 1aeba7ca78d9bbe78b381af8176247444255082a1a9fb52350d76f92042372c6
sha512: 57eed8c6575ec09233ebd6c314c1a92181b0afccefa24dd1906fe17811f797c2431f03c39897193504f0b4a78a17165388a58ca94fe0f84ab52b642da2cc9c57
ssdeep: 12288:yh1Lk70TnvjctE3Kg8CDuHPup374V1eHrTY7U526zEw4FV5TCcDy:Gk70Trc+PvD7x7PL+6zDGVPy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14115E1201B90C077C26278F8C1E1DF99A5B85C701B668A83F6BB3D798734397EE5518E
sha3_384: bfdb67decd934589318a304a6b459e5743c0a00e1a370711c909fae99a60d9a0887b0c532320aa44c04cfcd85f5f1eff
ep_bytes: e8e15c0000e9a4feffff8bff558bec83
timestamp: 2012-07-13 22:47:16


Version Info:

Translation: 0x0000 0x04b0
Comments: Windows
CompanyName: 
FileDescription: Windows
FileVersion: 1.0.0.0
InternalName: Windows.exe
LegalCopyright: Windows Copyright ©  2015
LegalTrademarks: 
OriginalFilename: Windows.exe
ProductName: Windows
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Agent.TBG also known as:

LionicTrojan.Win32.Blocker.j!c
MicroWorld-eScanTrojan.GenericKD.31474472
ALYacTrojan.GenericKD.31474472
CylanceUnsafe
SangforBackdoor.Win32.Bladabindi.ml
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:Win32/Starter.ali2000005
K7GWRiskware ( 0040eff71 )
CrowdStrikewin/malicious_confidence_70% (W)
CyrenW32/Agent.CIW.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Agent.TBG
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Ransom.Win32.Blocker.llsj
BitDefenderTrojan.GenericKD.31474472
NANO-AntivirusTrojan.Win32.Blocker.flquka
TencentWin32.Trojan.Blocker.Wsju
Ad-AwareTrojan.GenericKD.31474472
ComodoMalware@#f8enxls7rq9t
DrWebBackDoor.Bifrost.29284
ZillyaTrojan.Blocker.Win32.41614
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
FireEyeGeneric.mg.db567893d7ed6ea4
SophosMal/Generic-S
IkarusTrojan.MSIL.Crypt
GDataTrojan.GenericKD.31474472
AviraTR/Agent.horpi
MAXmalware (ai score=81)
MicrosoftBackdoor:Win32/Bladabindi!ml
AhnLab-V3Malware/Win32.Generic.C2954871
McAfeeArtemis!DB567893D7ED
VBA32TrojanRansom.Blocker
PandaTrj/CI.A
RisingRansom.Blocker!8.12A (CLOUD)
YandexTrojan.Blocker!n4wW7pvpdXk
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.74036593.susgen
FortinetW32/Blocker.LLSJ!tr
BitDefenderThetaGen:NN.ZexaF.34606.1q0@aWT5Cgg
AVGWin32:Malware-gen
Cybereasonmalicious.3d7ed6
AvastWin32:Malware-gen

How to remove MSIL/Agent.TBG?

MSIL/Agent.TBG removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment