MSIL/Spy.RedLine.A removal tips

The MSIL/Spy.RedLine.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Spy.RedLine.A virus can do?

Authenticode signature is invalid
CAPE detected the RedLine malware family
Binary compilation timestomping detected

How to determine MSIL/Spy.RedLine.A?


File Info:
name: 12395994C2A77067D926.mlw
path: /opt/CAPEv2/storage/binaries/ecf6f9dbb2194cf0f5690fa57d6c473974a8449bca5cf7a7183996bfd34c4536
crc32: B29364F4
md5: 12395994c2a77067d926bd55285ab85a
sha1: 4e49b31beff786ee2366557d53a5bff774c81de0
sha256: ecf6f9dbb2194cf0f5690fa57d6c473974a8449bca5cf7a7183996bfd34c4536
sha512: 5b15b579133a5f6d45c49afb49716325837072ee485a3190c351cfd14cd37be71b34a4802b189ab020251c441d3a6e5e94ba52242b8a32d2d7a27f5d36e8b870
ssdeep: 3072:WSC+pNP81Q3kCNDsno0XNH8XJgYSwcPb3WMeaCpiu+:WSC+o10snjfE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11214F97063DC4E05C4BE1E3A80B8B95C75B1294E5485875E9AC8F3FE5D72F489A02BA3
sha3_384: 26e375c2a4e157a0fd5b84316cc6fd173455c9ffc4b4ba5b497696cab9b606c1161c0eefb3a81f35dd0c1f70d0d584a6
ep_bytes: ff250020400000000000000000000000
timestamp: 2071-01-20 00:19:20

Version Info:
Translation: 0x0000 0x04b0
Comments: Nokia Desktop Client
CompanyName: Nokia
FileDescription: Nokia USB Tool
FileVersion: 12.2.1
InternalName: Womanishly.exe
LegalCopyright: Nokia Inc. 2022
OriginalFilename: Womanishly.exe
ProductName: Desktop USB Manager
ProductVersion: 12.2.1
Assembly Version: 312.23.2.0

MSIL/Spy.RedLine.A also known as:

Bkav	W32.AIDetectNet.01
tehtris	Generic.Malware
MicroWorld-eScan	Trojan.GenericKDZ.93709
ALYac	Trojan.GenericKDZ.93709
Cylance	Unsafe
Cyren	W32/MSIL_Kryptik.IDY.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Spy.RedLine.A
APEX	Malicious
ClamAV	Win.Trojan.Redline-9938775-1
Kaspersky	HEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefender	Trojan.GenericKDZ.93709
Avast	Win32:PWSX-gen [Trj]
Ad-Aware	Trojan.GenericKDZ.93709
Emsisoft	Trojan.GenericKDZ.93709 (B)
DrWeb	Trojan.PWS.Stealer.34723
VIPRE	Trojan.GenericKDZ.93709
McAfee-GW-Edition	GenericRXOO-JB!12395994C2A7
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.12395994c2a77067
Sophos	ML/PE-A
SentinelOne	Static AI – Suspicious PE
Google	Detected
Antiy-AVL	Trojan/MSIL.RedLineStealer
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Arcabit	Trojan.Generic.D16E0D
ZoneAlarm	HEUR:Trojan-Spy.MSIL.Stealer.gen
GData	MSIL.Trojan-Stealer.Redline.G
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.FRAX.C5198182
Acronis	suspicious
McAfee	GenericRXOO-JB!12395994C2A7
MAX	malware (ai score=87)
VBA32	Trojan.MSIL.InfoStealer.gen.U
Malwarebytes	Spyware.PasswordStealer.MSIL
Rising	Stealer.Agent!1.DC63 (CLASSIC)
Ikarus	Trojan.MSIL.Spy
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.DFY!tr
BitDefenderTheta	Gen:NN.ZemsilCO.34796.mm0@aarIcNi
AVG	Win32:PWSX-gen [Trj]
CrowdStrike	win/malicious_confidence_90% (D)

How to remove MSIL/Spy.RedLine.A?

MSIL/Spy.RedLine.A removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X