PWS:MSIL/Dcstl.GC!MTB removal instruction

The PWS:MSIL/Dcstl.GC!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What PWS:MSIL/Dcstl.GC!MTB virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine PWS:MSIL/Dcstl.GC!MTB?


File Info:
name: E839636104A53E8055EA.mlw
path: /opt/CAPEv2/storage/binaries/274f399bc31818eddf086ae185110b5720dd1c299e50f0c1a5de1e80e6917601
crc32: E8630679
md5: e839636104a53e8055ea2ecf3f234048
sha1: fcc28acc3fa35e6c675172a5d27377fb08660025
sha256: 274f399bc31818eddf086ae185110b5720dd1c299e50f0c1a5de1e80e6917601
sha512: 5099809604ebd216f4fc72fee637bef78a2c8dbb95513587863db5dfa3182ac9d318857cb853926230a6a855cec1d492a68a8d9fc7eed000b3db04c3e04ad5ca
ssdeep: 96:Bcsmt7fxPX49VHhqf0fGSiwWk0HCGYMecGKzNt:BsNxaHhw0f3LWKfs
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C1C1EA02B3E48B69E0EB47382DB3921047B2EBA15872D78F6CDC510D9D31794DA637B2
sha3_384: bf76b4a63dae5c021e6d40cde9c591508ed658e83cbe62082cf9a476419ed1a25255c08b4adcd8fe866b1d5cab192be1
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-06-18 14:28:20

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: test.exe
LegalCopyright:  
OriginalFilename: test.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

PWS:MSIL/Dcstl.GC!MTB also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Razy.4!c
DrWeb	Trojan.PWS.DiscordNET.5
MicroWorld-eScan	IL:Trojan.MSILZilla.13338
Skyhigh	GenericRXKD-JW!E839636104A5
McAfee	GenericRXKD-JW!E839636104A5
Malwarebytes	Generic.Malware/Suspicious
VIPRE	IL:Trojan.MSILZilla.13338
Sangfor	Trojan.MSIL.Discord.CI
K7AntiVirus	Password-Stealer ( 0055ba9b1 )
Alibaba	TrojanPSW:MSIL/Dcstl.d26a4ce0
K7GW	Password-Stealer ( 0055ba9b1 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZemsilF.36802.am0@a0qDXtm
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/PSW.Discord.CI
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
Kaspersky	HEUR:Trojan-PSW.MSIL.Stealer.gen
BitDefender	IL:Trojan.MSILZilla.13338
NANO-Antivirus	Trojan.Win32.Discord.hljeqa
Tencent	Msil.Trojan-QQPass.QQRob.Jtgl
Emsisoft	IL:Trojan.MSILZilla.13338 (B)
F-Secure	Heuristic.HEUR/AGEN.1357629
Zillya	Trojan.Discord.Win32.2112
FireEye	Generic.mg.e839636104a53e80
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.PSW
Google	Detected
Avira	HEUR/AGEN.1357629
Antiy-AVL	Trojan[PSW]/MSIL.Discord
Kingsoft	malware.kb.c.990
Microsoft	PWS:MSIL/Dcstl.GC!MTB
Xcitium	Malware@#w8aqm0ru0lf2
Arcabit	IL:Trojan.MSILZilla.D341A
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Stealer.gen
GData	IL:Trojan.MSILZilla.13338
AhnLab-V3	Malware/Win32.RL_Generic.C3582529
ALYac	IL:Trojan.MSILZilla.13338
Cylance	unsafe
Panda	Trj/GdSda.A
Rising	Stealer.Discord!8.10A86 (CLOUD)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.7164915.susgen
Fortinet	MSIL/Discord.CI!tr.pws
AVG	Win32:MalwareX-gen [Trj]
DeepInstinct	MALICIOUS
alibabacloud	Trojan[stealer]:MSIL/Discord.CI

How to remove PWS:MSIL/Dcstl.GC!MTB?

PWS:MSIL/Dcstl.GC!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X