MSIL/Asbit.R removal tips

The MSIL/Asbit.R is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Asbit.R virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine MSIL/Asbit.R?


File Info:
name: DF922E42FA1616C569AF.mlw
path: /opt/CAPEv2/storage/binaries/0c591f44326135516c6f9cc613db391ce3d69a2b18505cd63d96ab278c1ce9cc
crc32: F5D62137
md5: df922e42fa1616c569af10adb8c0cd21
sha1: 5e3cccc4411e80f93db4e8517d98eb1e3425d44d
sha256: 0c591f44326135516c6f9cc613db391ce3d69a2b18505cd63d96ab278c1ce9cc
sha512: a27f582286e06461f3ce0ff0cfd1d4a121e561aab12dac143c4c37107c738a35cff199c520f492f4533b63f7f74bd9cc243dbc8725beb85946bf7b8ee21bf295
ssdeep: 96:t/VWDMMCywaj6goPG3tldNx3ApZxk10Jt4lTisvynhW2:t/VOMMFwaj61uldNaprINGsanR
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T105D1EA19A7DC463DD9EF8FB4ACD5624207F4EBA1A5129B9D3C84010D9E01650CEB2FBD
sha3_384: 0edd6233ff18a5eaf740ae438d54a563d9fd2c14c5b244a7e55deb0185156bab394e146284707cccdb99e333778d3d2f
ep_bytes: ff250020001000000000000000000000
timestamp: 2049-05-10 06:31:34

Version Info:
Translation: 0x0000 0x04b0
Comments: dXNpbmcgU3lzdGVtLlJlZmxlY3Rpb247CnB1YmxpYyBjbGFzcyBQcm9ncmFtIHsKICAgIHB1YmxpYyBQcm9ncmFtKHN0cmluZyBzLCBwYXJhbXMgb2JqZWN0W10gYXJncyl7CiAgICAgICAgQXNzZW1ibHkuTG9hZChuZXcgU3lzdGVtLk5ldC5XZWJDbGllbnQoKS5Eb3dubG9hZERhdGEocykpLkNyZWF0ZUluc3RhbmNlKCJQcm9ncmFtIiwgdHJ1ZSwgQmluZGluZ0ZsYWdzLkNyZWF0ZUluc3RhbmNlLCBudWxsLCBhcmdzLCBudWxsLCBudWxsKTsKICAgIH0KfQ==
FileDescription: aHR0cHM6Ly9yZGxpdGUuY29tLw==
FileVersion: 1.0.0.0
InternalName: System.dll
LegalCopyright:  
OriginalFilename: System.dll
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

MSIL/Asbit.R also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Cerbu.4!c
Elastic	malicious (high confidence)
CAT-QuickHeal	PUA.MFC.S28621403
Cylance	unsafe
Zillya	Trojan.Asbit.Win32.162
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 00597da81 )
Alibaba	TrojanDownloader:MSIL/Asbit.86763dc5
K7GW	Trojan ( 00597da81 )
CrowdStrike	win/malicious_confidence_100% (D)
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/Asbit.R
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Packed.Cerbu-9965437-0
Kaspersky	HEUR:Trojan-Downloader.MSIL.Agent.gen
SUPERAntiSpyware	Trojan.Agent/Gen-Downloader
Tencent	Trojan.Win32.Asbit.yd
F-Secure	Trojan.TR/Dropper.MSIL.Gen
DrWeb	Trojan.DownLoaderNET.465
Sophos	Troj/DwnLd-AEP
Ikarus	Trojan.MSIL.Asbit
Jiangmin	TrojanDownloader.MSIL.ancb
Avira	TR/Dropper.MSIL.Gen
Antiy-AVL	GrayWare/MSIL.Regasm.a
ZoneAlarm	HEUR:Trojan-Downloader.MSIL.Agent.gen
Varist	W32/MSIL_Tiny.AG.gen!Eldorado
AhnLab-V3	Trojan/Win.TrojanX-gen.R512047
Acronis	suspicious
VBA32	Trojan.MSIL.RdLoader.Heur
Malwarebytes	Generic.Malware.AI.DDS
Rising	Backdoor.FastDesktop!1.E02A (CLASSIC)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.187020364.susgen
Fortinet	MSIL/Tedy.1448!tr
DeepInstinct	MALICIOUS

How to remove MSIL/Asbit.R?

MSIL/Asbit.R removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X