Should I remove “TrojanDownloader:MSIL/RedLineStealer.KL!MTB”?

The TrojanDownloader:MSIL/RedLineStealer.KL!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What TrojanDownloader:MSIL/RedLineStealer.KL!MTB virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine TrojanDownloader:MSIL/RedLineStealer.KL!MTB?


File Info:
name: 8590EB2CFA894DC5D47D.mlw
path: /opt/CAPEv2/storage/binaries/d718bb2cc5f266b288e87c5d741cf485ea54d250d98cb9a08d90f35c3160c5dd
crc32: 8936F475
md5: 8590eb2cfa894dc5d47dd8d20885e1eb
sha1: 35b839984d7b5d591e24360c885011a3ce13c654
sha256: d718bb2cc5f266b288e87c5d741cf485ea54d250d98cb9a08d90f35c3160c5dd
sha512: 4a4c369e1fd36e2d4fe5b80b2de2c31c34542e6fbc6313611c024e410b2932bd958b1b792b0adca860378003e1a5f55466e8be52c2e193d88ff630ef4a9d3972
ssdeep: 768:fn1A2ND9MrXtQblKr+M1qTUWokpE/db/k1BbIp9FXPEEjOa5GCNC:v1A2NDirXtQb7M1qTu0E/Rk1yy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T195339120622CBCF8E27419B91CCDC6F1FDAD9D8EE6A195A659483C3EB50DDC61D21E03
sha3_384: 03761c1b0d1ed8ee6575e5c9d9b272a021c8c78d3567d1dea537c2314a0fc58085dcda02ff893da740d7f0af0764a054
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-09-05 12:14:23

Version Info:
Translation: 0x0000 0x04b0
Comments: WinRAR archiver
CompanyName: Alexander Roshal
FileDescription: WinRAR archiver
FileVersion: 6.11.0.0
InternalName: Xrlax.exe
LegalCopyright: Copyright © Alexander Roshal 1993-2022
LegalTrademarks: 
OriginalFilename: Xrlax.exe
ProductName: WinRAR
ProductVersion: 6.11.0.0
Assembly Version: 6.11.0.0

TrojanDownloader:MSIL/RedLineStealer.KL!MTB also known as:

Bkav	W32.AIDetectMalware.CS
AVG	Win32:RATX-gen [Trj]
Elastic	malicious (high confidence)
Malwarebytes	Trojan.Downloader.MSIL.Generic
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	MSIL.Downloader!gen8
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.NGY
APEX	Malicious
Kaspersky	HEUR:Trojan-Downloader.MSIL.Agent.gen
Avast	Win32:RATX-gen [Trj]
F-Secure	Heuristic.HEUR/AGEN.1308450
DrWeb	Trojan.DownLoaderNET.459
Varist	W32/MSIL_Kryptik.GYT.gen!Eldorado
Avira	HEUR/AGEN.1308450
Kingsoft	malware.kb.c.879
Microsoft	TrojanDownloader:MSIL/RedLineStealer.KL!MTB
ZoneAlarm	HEUR:Trojan-Downloader.MSIL.Agent.gen
Google	Detected
VBA32	OScope.TrojanDownloader.MSIL.Seraph.e
Rising	Malware.Obfus/MSIL@AI.91 (RDM.MSIL2:phRXCpFWidgAU4eKXpugSQ)
SentinelOne	Static AI – Malicious PE
Fortinet	MSIL/Agent.NDX!tr.dldr
BitDefenderTheta	Gen:NN.ZemsilCO.36804.dm0@aSHd!b
DeepInstinct	MALICIOUS

How to remove TrojanDownloader:MSIL/RedLineStealer.KL!MTB?

TrojanDownloader:MSIL/RedLineStealer.KL!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X