Trojan

Trojan:MSIL/AgentTesla.NJI!MTB removal guide

Malware Removal

The Trojan:MSIL/AgentTesla.NJI!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:MSIL/AgentTesla.NJI!MTB virus can do?

  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine Trojan:MSIL/AgentTesla.NJI!MTB?



File Info:

name: 9E8B8EAA7D52F19ABE71.mlw
path: /opt/CAPEv2/storage/binaries/b00cdf9d18b71e7ce33253104aab178e2576a282594403b40873d37887e5c458
crc32: 997E7274
md5: 9e8b8eaa7d52f19abe7194b46ea58f75
sha1: cc9d84d30fb46e834bbeacaf07962666c7e6d33e
sha256: b00cdf9d18b71e7ce33253104aab178e2576a282594403b40873d37887e5c458
sha512: 6a2df892b6fda8e6419014c05a9fb3ffa97488d4eea7851e9d786ee54a050787c65ad488ae0763f0cdea1b4af716f18e588bdcdf7ba6314dddc2d0bd72586cc1
ssdeep: 12288:gaTQO2iNUJZzFoGYuA2t/+lrvtqzt+cBXmwgVc9KnxJJBKmdWhvAv3OOtx9T3Au:lD1qtA060YbQKndwvAB9LA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1532558BA11C54117E8297175D893D1F32AFBAD2061A2D2CB6AD73F2FBC411BB9112387
sha3_384: 077a488e31f98b71a56436322f8f165e78d5e3bbe62b7258a1a72e13ee79945429d2d1d51ce0b81744ea9a25111f7d63
ep_bytes: ff250020400000000000000000000000
timestamp: 2044-11-29 09:54:54


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: ConsoleGameEngine
FileVersion: 1.0.0.0
InternalName: eztk.exe
LegalCopyright: Copyright ©  2018
LegalTrademarks: 
OriginalFilename: eztk.exe
ProductName: ConsoleGameEngine
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:MSIL/AgentTesla.NJI!MTB also known as:

BkavW32.AIDetectMalware.CS
Elasticmalicious (high confidence)
DrWebTrojan.Inject4.44892
MicroWorld-eScanGen:Variant.Ransom.Loki.2072
FireEyeGeneric.mg.9e8b8eaa7d52f19a
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
McAfeeGenericRXUL-BZ!9E8B8EAA7D52
Cylanceunsafe
ZillyaTrojan.Androm.Win32.1884
SangforBackdoor.Msil.Kryptik.Vb3z
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/Kryptik.ali2000016
K7GWTrojan ( 700000121 )
K7AntiVirusTrojan ( 700000121 )
BitDefenderThetaGen:NN.ZemsilF.36802.8m0@a4B2Thj
VirITTrojan.Win32.MSIL_Heur.A
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of MSIL/Kryptik.AGSP
APEXMalicious
TrendMicro-HouseCallTROJ_GEN.R002C0DAA24
ClamAVWin.Dropper.NetWire-9974918-0
KasperskyHEUR:Backdoor.MSIL.Androm.gen
BitDefenderGen:Variant.Ransom.Loki.2072
NANO-AntivirusTrojan.Win32.Inject4.jtkrgi
AvastWin32:PWSX-gen [Trj]
RisingMalware.Obfus/MSIL@AI.100 (RDM.MSIL2:jt7g/JKidkT3rVIJQ++XDQ)
SophosTroj/MSIL-TAR
F-SecureHeuristic.HEUR/AGEN.1309976
VIPREGen:Variant.Ransom.Loki.2072
TrendMicroTROJ_GEN.R002C0DAA24
EmsisoftGen:Variant.Ransom.Loki.2072 (B)
SentinelOneStatic AI – Malicious PE
GoogleDetected
AviraHEUR/AGEN.1309976
VaristW32/MSIL_Kryptik.IDI.gen!Eldorado
Antiy-AVLTrojan/MSIL.Kryptik
MicrosoftTrojan:MSIL/AgentTesla.NJI!MTB
ArcabitTrojan.Ransom.Loki.D818
ZoneAlarmHEUR:Backdoor.MSIL.Androm.gen
GDataMSIL.Trojan.PSE.1X9XSNI
AhnLab-V3Malware/Win.CH.C5275770
VBA32OScope.Trojan.MSIL.Bitrans.gen.P
ALYacGen:Variant.Ransom.Loki.2072
MAXmalware (ai score=80)
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/GdSda.A
TencentMsil.Backdoor.Androm.Yolw
YandexTrojan.Igent.bYRVeO.12
IkarusTrojan.MSIL.Inject
MaxSecureTrojan.Malware.73691364.susgen
FortinetMSIL/Agent.ECJ!tr
AVGWin32:PWSX-gen [Trj]
DeepInstinctMALICIOUS

How to remove Trojan:MSIL/AgentTesla.NJI!MTB?

Trojan:MSIL/AgentTesla.NJI!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment