Trojan

Should I remove “Trojan:MSIL/AgentTesla.PAAR!MTB”?

Malware Removal

The Trojan:MSIL/AgentTesla.PAAR!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:MSIL/AgentTesla.PAAR!MTB virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Trojan:MSIL/AgentTesla.PAAR!MTB?



File Info:

name: 410E1EBE578A88BF7702.mlw
path: /opt/CAPEv2/storage/binaries/5b05b975ad2fe898d06800148deee2fed594dd0ef9857719579dbc01ec1b2637
crc32: E20788D3
md5: 410e1ebe578a88bf7702621f086a8a13
sha1: 5d86aeb2140952b8fc803f038eaca1c5dc8a8109
sha256: 5b05b975ad2fe898d06800148deee2fed594dd0ef9857719579dbc01ec1b2637
sha512: a12bdf9707034255c326982061ad70921bb4cf8e4e6bf6d27edf9ec984932dc1af2e6d74bbbbe282930cb1b001837fe317af4bfbe9e4bcd3d6b764191a78117a
ssdeep: 49152:J8ahTySCtbLLKJJzbV1Dd/BEvOf/NCfiziJXU8dKKr+vRlqL117RrPpI8P:Jth+5FXoDd/qmfVdQUWKKrCRC1JRLp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D7F50112A29CBCD2E17A83B5037313C10B2EED569566C51DB0A835AA7F7E383391B717
sha3_384: 716d2618a95c3b138049cf4b66e683ff72717ade580de6e73d0077466a1f9982c7994e2e112625d351020f1a5a7800c6
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-04-24 20:40:18


Version Info:

Assembly Version: 16.0.0.0
Comments: 6b2f20d4
CompanyName: Microsoft Corporation
FileDescription: TFSBuild.exe
FileVersion: 16.166.30024.1 built by: releases/dev16/16.6-preview5 (77caed4305)
InternalName: TFSBuild.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: TFSBuild.exe
ProductName: Microsoft® Visual Studio® Azure DevOps Server®
ProductVersion: 16.166.30024.1
Translation: 0x0409 0x04b0

Trojan:MSIL/AgentTesla.PAAR!MTB also known as:

MicroWorld-eScanTrojan.GenericKD.47823820
FireEyeGeneric.mg.410e1ebe578a88bf
McAfeeArtemis!410E1EBE578A
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.3667868
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0058c9321 )
AlibabaTrojanPSW:MSIL/AgentTesla.1bcd45ee
K7GWTrojan ( 0058c9321 )
CyrenW32/MSIL_Agent.CNW.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of MSIL/Kryptik.ADYV
TrendMicro-HouseCallTROJ_FRS.0NA103A522
AvastWin32:Trojan-gen
KasperskyHEUR:Trojan-PSW.MSIL.Agensla.gen
BitDefenderTrojan.GenericKD.47823820
TencentMsil.Trojan.Kryptik.Oyew
Ad-AwareTrojan.GenericKD.47823820
TACHYONTrojan-PWS/W32.DN-AgentTesla.3468800
EmsisoftTrojan.GenericKD.47823820 (B)
ComodoMalware@#3hh48rmer3ym4
DrWebTrojan.Siggen16.25251
TrendMicroTROJ_FRS.0NA103A522
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
Paloaltogeneric.ml
GDataTrojan.GenericKD.47823820
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1236058
Antiy-AVLTrojan/Generic.ASMalwS.3500757
KingsoftWin32.PSWTroj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:MSIL/AgentTesla.PAAR!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Sabsik.C4897414
BitDefenderThetaGen:NN.ZemsilCO.34212.tp0@ayOyXtai
ALYacSpyware.AgentTesla
MAXmalware (ai score=100)
VBA32TScope.Trojan.MSIL
MalwarebytesTrojan.Injector
SentinelOneStatic AI – Suspicious PE
FortinetW32/Malicious_Behavior.VEX
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:MSIL/AgentTesla.PAAR!MTB?

Trojan:MSIL/AgentTesla.PAAR!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment