suspected of Trojan.MSIL.InfoStealer.U removal tips

The suspected of Trojan.MSIL.InfoStealer.U is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What suspected of Trojan.MSIL.InfoStealer.U virus can do?

Sample contains Overlay data
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics
CAPE detected the RedLine malware family
Binary compilation timestomping detected

How to determine suspected of Trojan.MSIL.InfoStealer.U?


File Info:
name: 4C3B52791528FAE1764B.mlw
path: /opt/CAPEv2/storage/binaries/18044ec4419f8eac697bc30200576595caf50bc24a337185bdf990b9bac53e77
crc32: 42FDEF47
md5: 4c3b52791528fae1764bbc682c9b6f9b
sha1: 8c1e0f30ce6dc4f23983d0e913ee02f975b39da7
sha256: 18044ec4419f8eac697bc30200576595caf50bc24a337185bdf990b9bac53e77
sha512: 35d0f9e20571b7f45ef74f04921e0d22e42b90752c249c3cbb95e7ba639241614963a4775f9d1ebebf7500d054f28048cbce7cc0218616c69ec82ce8210601bf
ssdeep: 3072:NJ+k2VDgpC4CKs8nbPGIWh/u/AO6pBfuJevh2hMy/UrIkQiA:nlUhKfY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18C3618C1D38D8914F97A0F384435693442BABE9BB865F78E5D99B0A71F737C12021EA3
sha3_384: b50f357b0846c0f4567faa7b63a0ff3c2cdef87160c605356bba39faa5146b77c5072660864981828e688605e9d7919e
ep_bytes: ff25002040006100750074006f006600
timestamp: 2038-06-20 23:19:24

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: Unstocked.exe
LegalCopyright:  
OriginalFilename: Unstocked.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

suspected of Trojan.MSIL.InfoStealer.U also known as:

MicroWorld-eScan	Gen:Variant.Tedy.135933
FireEye	Generic.mg.4c3b52791528fae1
ALYac	Gen:Variant.Tedy.135933
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
Cybereason	malicious.0ce6dc
Cyren	W32/MSIL_Agent.BJO.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Spy.Agent.DFY
APEX	Malicious
ClamAV	Win.Trojan.Redline-9938775-1
BitDefender	Gen:Variant.Tedy.135933
Ad-Aware	Gen:Variant.Tedy.135933
DrWeb	Trojan.PWS.StealerNET.125
VIPRE	Gen:Variant.Tedy.135933
McAfee-GW-Edition	GenericRXQA-AF!4C3B52791528
Sophos	ML/PE-A
SentinelOne	Static AI – Malicious PE
GData	MSIL.Trojan-Stealer.Redline.G
Avira	HEUR/AGEN.1234971
MAX	malware (ai score=85)
Arcabit	Trojan.Tedy.D212FD
Microsoft	Trojan:Win32/Sabsik.TE.B!ml
Google	Detected
Acronis	suspicious
McAfee	GenericRXQA-AF!4C3B52791528
VBA32	suspected of Trojan.MSIL.InfoStealer.gen.U
Rising	Stealer.Agent!1.DC63 (CLASSIC)
Ikarus	Trojan.MSIL.Spy
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	MSIL/Agent.DFY!tr
BitDefenderTheta	Gen:NN.ZemsilF.34592.@p3@aeDVfsb

How to remove suspected of Trojan.MSIL.InfoStealer.U?

suspected of Trojan.MSIL.InfoStealer.U removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X