Should I remove “Trojan:MSIL/AgentTesla.RPI!MTB”?

The Trojan:MSIL/AgentTesla.RPI!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/AgentTesla.RPI!MTB virus can do?

CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Trojan:MSIL/AgentTesla.RPI!MTB?


File Info:
name: 8D2F4BB2131ECE073CD8.mlw
path: /opt/CAPEv2/storage/binaries/27a1a3cb088a55dd26cb3c946f755eea3fcd8873c96319d8d1d18ad0a076c78b
crc32: 1EE2ABEA
md5: 8d2f4bb2131ece073cd86ca057ded2a4
sha1: b74ad4905f973917b9e4a3f6bb6b38152e07f063
sha256: 27a1a3cb088a55dd26cb3c946f755eea3fcd8873c96319d8d1d18ad0a076c78b
sha512: 79a6dd8feede02da30d13782367266d7c47679299c27047c96c8564ebdbb4400c90660ad9a355049f4fbc479e3d64f7a9f9b12f10379815d6dac879e6075be52
ssdeep: 3072:YjVLDkDkWK6xwrdgvzSSna9Yjfqmxr+7IjThgs8RKKUDiXqRk:GiD6ruvzke7B+7aFKFX
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T117340F7E0BA76EB1CB9536FA016212CF1E37639321A6C611ABF138B42504F66F78550F
sha3_384: a1b1aecce88ad91d8ff27f86c6196aaf6196a3da06401817c5baea6407f2bd9410e8f8224a5c12bb24b338fa76290265
ep_bytes: ff250020001000000000000000000000
timestamp: 2020-03-27 00:05:39

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: wwbncsoft_Ext.dll
LegalCopyright:  
OriginalFilename: wwbncsoft_Ext.dll
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan:MSIL/AgentTesla.RPI!MTB also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.MSIL.Kryptik.4!c
MicroWorld-eScan	Trojan.GenericKDZ.80423
Skyhigh	BehavesLike.Win32.Generic.dm
McAfee	Artemis!8D2F4BB2131E
Malwarebytes	Trojan.Crypt.MSIL.Generic
Zillya	Trojan.Agent.Win32.2592730
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0058ea051 )
Alibaba	Trojan:MSIL/Kryptik.f28b2f58
K7GW	Trojan ( 0058ea051 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Generic.D13A27
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Agent.VRS
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Trojan.Agent-9967677-1
Kaspersky	HEUR:Trojan.MSIL.Kryptik.gen
BitDefender	Trojan.GenericKDZ.80423
Avast	Win32:MalwareX-gen [Trj]
Tencent	Msil.Trojan.Kryptik.Jtgl
Emsisoft	Trojan.GenericKDZ.80423 (B)
F-Secure	Heuristic.HEUR/AGEN.1301100
VIPRE	Trojan.GenericKDZ.80423
TrendMicro	TrojanSpy.MSIL.NEGASTEAL.SMRJAHSPH
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Agent
Jiangmin	Trojan.MSIL.aliwi
Varist	W32/MSIL_Agent.CKH.gen!Eldorado
Avira	HEUR/AGEN.1301100
Antiy-AVL	Trojan/MSIL.Kryptik
Microsoft	Trojan:MSIL/AgentTesla.RPI!MTB
ZoneAlarm	HEUR:Trojan.MSIL.Kryptik.gen
GData	Trojan.GenericKDZ.80423
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C4722119
SentinelOne	Static AI – Malicious PE
Fortinet	MSIL/Agent.VRS!tr
AVG	Win32:MalwareX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove Trojan:MSIL/AgentTesla.RPI!MTB?

Trojan:MSIL/AgentTesla.RPI!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X