Trojan

MSIL/TrojanDownloader.Agent.KTB removal guide

Malware Removal

The MSIL/TrojanDownloader.Agent.KTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What MSIL/TrojanDownloader.Agent.KTB virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine MSIL/TrojanDownloader.Agent.KTB?



File Info:

name: 460B571C3D3152708029.mlw
path: /opt/CAPEv2/storage/binaries/a410ee5ad600cf4c1d9fce3c547452c1962714046a2cedeefdb02b7df4a86ef2
crc32: 8DE4D379
md5: 460b571c3d3152708029cf0945b2c06e
sha1: f893b747803a9decf7bf2fed4c362ef7cf3f6198
sha256: a410ee5ad600cf4c1d9fce3c547452c1962714046a2cedeefdb02b7df4a86ef2
sha512: f42d589684be0e1dafd40e22fbd3a9c397e28ca842563536df2c2e4c8d1d2fb71cb1cc3b1c4bc856326170c0950812a1c6ad37b7a0d9467b56b225697d6de724
ssdeep: 384:ef7a/Mvtg5eLhXlaiiiay9ycyrsR2vZwrtjT:ef7a/PujdycyrsR2vZwrtjT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F2421AA567A8C9F4D8660AFF3C7356101A7DB617D8669E1F34CE220FAC1361205B2F23
sha3_384: c12636dc0ad047fb62c04ce9659768a00f7f4e23a0dcea856a8c8e25e302c02fc9bea28fb6894274264163cc20bca027
ep_bytes: ff250020400000000000000000000000
timestamp: 2094-03-11 19:11:37


Version Info:

Translation: 0x0000 0x04b0
Comments: Email Checker Pro
CompanyName: TriSun Software Limited
FileDescription: Email Checker Pro
FileVersion: 4.1.75.0
InternalName: Hilpofg.exe
LegalCopyright: Copyright © 2010-2019 TriSun Software Limited. All rights reserved.
LegalTrademarks: 
OriginalFilename: Hilpofg.exe
ProductName: Email Checker Pro
ProductVersion: 4.1.75.0
Assembly Version: 4.1.75.0

MSIL/TrojanDownloader.Agent.KTB also known as:

BkavW32.AIDetectNet.01
LionicTrojan.MSIL.Agensla.i!c
DrWebTrojan.Inject4.27787
MicroWorld-eScanTrojan.GenericKD.48532644
FireEyeTrojan.GenericKD.48532644
ALYacTrojan.GenericKD.48532644
CylanceUnsafe
SangforInfostealer.MSIL.Agensla.gen
K7AntiVirusTrojan-Downloader ( 0058f4061 )
AlibabaTrojanPSW:MSIL/AgentTesla.800a65b6
K7GWTrojan-Downloader ( 0058f4061 )
BitDefenderThetaGen:NN.ZemsilF.34606.am0@aSlggDp
CyrenW32/MSIL_Troj.BZI.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/TrojanDownloader.Agent.KTB
TrendMicro-HouseCallTROJ_FRS.0NA104C822
Paloaltogeneric.ml
BitDefenderTrojan.GenericKD.48532644
NANO-AntivirusTrojan.Win32.Agensla.jmutro
AvastWin32:MalwareX-gen [Trj]
Ad-AwareTrojan.GenericKD.48532644
SophosTroj/Krypt-IN
ZillyaDownloader.Agent.Win32.464712
TrendMicroTROJ_FRS.0NA104C822
McAfee-GW-EditionRDN/AgentTesla
EmsisoftTrojan.GenericKD.48532644 (B)
IkarusTrojan-Downloader.MSIL.Agent
GDataTrojan.GenericKD.48532644
JiangminTrojan.PSW.MSIL.dpfy
WebrootTrojan.Dropper.Gen
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASMalwS.353F7AF
KingsoftWin32.PSWTroj.Undef.(kcloud)
ViRobotTrojan.Win32.Z.Sabsik.12800
MicrosoftTrojan:MSIL/AgentTesla.PK!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C5000867
McAfeeRDN/AgentTesla
MalwarebytesTrojan.Downloader.MSIL.Generic
APEXMalicious
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:fidarSm7flbcK5bY4JIJJg)
YandexTrojan.DL.Agent_AGen!creNYsKN3gQ
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMalicious_Behavior.SB
AVGWin32:MalwareX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove MSIL/TrojanDownloader.Agent.KTB?

MSIL/TrojanDownloader.Agent.KTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment