Trojan:MSIL/AgentTesla.NMR!MTB removal guide

The Trojan:MSIL/AgentTesla.NMR!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/AgentTesla.NMR!MTB virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Trojan:MSIL/AgentTesla.NMR!MTB?


File Info:
name: 958B8A0290412CDCFF15.mlw
path: /opt/CAPEv2/storage/binaries/a3d20092881be670619afcba185a7ba710e406906342f639f30c40952b400751
crc32: BC6EF2BE
md5: 958b8a0290412cdcff1561f88a69d055
sha1: fff8530150a70afd284c93baa31aada8a9df7648
sha256: a3d20092881be670619afcba185a7ba710e406906342f639f30c40952b400751
sha512: 4959f2b9d90312e91104a4f1022d15625fc44270d4910448582c84fcaf26bd878dd9068034b37abe7786e9f87523514a808ee6cb4e9baef5472064e5de3f7999
ssdeep: 196608:i06s8k2CEZUl+/4mUIoG3/2GPR2VgRGIUEcWcFeoTG016Q:V6rZ14mUIbvqmiM1W
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EC86230433C8463ECA6FB77DB36605085AF0D402D9CEA76E9F69DAB7341A3BE4441396
sha3_384: 331fb7c21e57cd7a1ea5ff4d4fe12b8bcca92a163334a52c473973295394a47d9558d101115cc8836ea112c819c6fa95
ep_bytes: ff250020400000000000000000000000
timestamp: 2024-01-04 12:00:11

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: 
FileVersion: 1.0.0.0
InternalName: audiienceintroductory.exe
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: audiienceintroductory.exe
ProductName: 
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:MSIL/AgentTesla.NMR!MTB also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Seraph.a!c
Elastic	malicious (high confidence)
Skyhigh	BehavesLike.Win32.Generic.wc
McAfee	Artemis!958B8A029041
Cylance	unsafe
Sangfor	Trojan.Msil.Kryptik.Vrg9
Alibaba	Trojan:MSIL/AgentTesla.5b36e99d
Cybereason	malicious.150a70
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.AKME
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	UDS:Trojan-Downloader.MSIL.Seraph.gen
Avast	FileRepMalware [Ransom]
Tencent	Win32.Trojan.Agen.Fflw
Sophos	Mal/Generic-S
F-Secure	Heuristic.HEUR/AGEN.1367580
Ikarus	Backdoor.MSIL.Agent
Google	Detected
Avira	HEUR/AGEN.1367580
Microsoft	Trojan:MSIL/AgentTesla.NMR!MTB
ZoneAlarm	HEUR:Trojan-Downloader.MSIL.Seraph.gen
Varist	W32/MSIL_Kryptik.KHA.gen!Eldorado
BitDefenderTheta	Gen:NN.ZemsilF.36680.@p0@aOS7xob
Malwarebytes	Generic.Malware/Suspicious
Rising	Downloader.Seraph!8.111C6 (CLOUD)
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.BSG!tr
AVG	FileRepMalware [Ransom]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Trojan:MSIL/AgentTesla.NMR!MTB?

Trojan:MSIL/AgentTesla.NMR!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X