What is “Troj/MSIL-TBK”?

The Troj/MSIL-TBK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Troj/MSIL-TBK virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Troj/MSIL-TBK?


File Info:
name: 8C9704D419CA9A5A7F3F.mlw
path: /opt/CAPEv2/storage/binaries/39332270e15778b5c51e1c2339d67f9d7572d54fe92b53636b39bbbc73f73830
crc32: FEDD5BAE
md5: 8c9704d419ca9a5a7f3fb7388bcaf61e
sha1: 9c99d0f178615463ebaedcf4d032d6ae06b3ebb4
sha256: 39332270e15778b5c51e1c2339d67f9d7572d54fe92b53636b39bbbc73f73830
sha512: 9ed9951b7a9de4556d9744683853f417919e2412a03db82dea887601f0b703ed077348cc51a65082be283a2be60bef8200cbab4e613c35a19e73547b44d0252c
ssdeep: 12288:OWb6DNdh8Z72d1mbTYaMjumpQ5rFDr/gS2jdSJ2e+E5jpediqOh8u:/hZzjxrlrp0dze+MjEiqU8u
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A8C4F113BB06EF3ED53A93FA3C6591104BA3DE4EA950E3151D8A71E56C767038438E2B
sha3_384: 4ca9a361785865a2c892dd69a3ecbfd93c236ead94d8895daa3048c1fd64c93f948ab43b9d30713d62e3cdd3afce8580
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-08-23 07:30:30

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: QuanLyKho
FileVersion: 1.0.0.0
InternalName: aLoH.exe
LegalCopyright: Copyright ©  2016
LegalTrademarks: 
OriginalFilename: aLoH.exe
ProductName: QuanLyKho
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Troj/MSIL-TBK also known as:

Bkav	W32.Common.8DE351BA
Lionic	Trojan.Win32.Taskun.4!c
MicroWorld-eScan	Trojan.GenericKD.68893166
FireEye	Trojan.GenericKD.68893166
Malwarebytes	Trojan.MalPack.PNG.Generic
Sangfor	Trojan.Msil.Kryptik.V7vq
K7AntiVirus	Trojan ( 005aa3b91 )
K7GW	Trojan ( 005aa3b91 )
VirIT	Trojan.Win32.MSIL_Heur.A
Cyren	W32/MSIL_Agent.FPI.gen!Eldorado
Symantec	Scr.Malcode!gdn34
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/GenKryptik.GNCP
TrendMicro-HouseCall	Backdoor.Win32.XWORM.YXDHYZ
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.MSIL.Taskun.gen
BitDefender	Trojan.GenericKD.68893166
Avast	Win32:PWSX-gen [Trj]
Rising	Malware.Obfus/MSIL@AI.90 (RDM.MSIL2:ar7WF+wXaP4B8FyZYQJffQ)
Sophos	Troj/MSIL-TBK
F-Secure	Trojan.TR/AD.Nekark.ealht
DrWeb	Trojan.PackedNET.2299
VIPRE	Trojan.GenericKD.68893166
TrendMicro	Backdoor.Win32.XWORM.YXDHYZ
McAfee-GW-Edition	BehavesLike.Win32.Generic.hc
Trapmine	suspicious.low.ml.score
Emsisoft	Trojan.GenericKD.68893166 (B)
SentinelOne	Static AI – Suspicious PE
GData	Trojan.GenericKD.68893166
Avira	TR/AD.Nekark.ealht
Xcitium	Malware@#unp2z1x8xz1a
ZoneAlarm	HEUR:Trojan.MSIL.Taskun.gen
Microsoft	Trojan:MSIL/AgentTesla.ALAW
Google	Detected
AhnLab-V3	Trojan/Win.AgentTesla.C5475424
MAX	malware (ai score=84)
Cylance	unsafe
Panda	Trj/GdSda.A
APEX	Malicious
Tencent	Msil.Trojan.Taskun.Hdhl
Fortinet	MSIL/Kryptik.HDZY!tr
AVG	Win32:PWSX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Troj/MSIL-TBK?

Troj/MSIL-TBK removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X