How to remove “Trojan:MSIL/AveMaria.NECT!MTB”?

The Trojan:MSIL/AveMaria.NECT!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/AveMaria.NECT!MTB virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine Trojan:MSIL/AveMaria.NECT!MTB?


File Info:
name: 3BA715287C09EDCFA6C1.mlw
path: /opt/CAPEv2/storage/binaries/327c78bd97a02afb5e3bdbfb9a198aa55f35d2df76aa945de41d5dcc7ee39355
crc32: 239BFDCB
md5: 3ba715287c09edcfa6c17515211a4c08
sha1: 72eac2d1546b97faa7e650b46234d54a5f94ec9d
sha256: 327c78bd97a02afb5e3bdbfb9a198aa55f35d2df76aa945de41d5dcc7ee39355
sha512: e4f807dd357610f110e4a90a5b0cc1c617da57814461ef5bc942bc4e3991c7a1e078de3fe467e6acfdbe9f30b8773d7004470f6df2f9de3c4442613146104796
ssdeep: 49152:uBZ6v3/0HTj169yWEY969K22VwFH4bNMIsM:uWv3/0HTj169yWEY969r2VJbN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T102D594462F88C533E249973AC6E36A2C93E7F40CA656D2C334E957B7345A7039D21B1E
sha3_384: 6134e57cc686ad54e50a531b8d6443ef03f86cd48ff11a0330a594d25a0b37ea1361f3ec3bfaf7875936140e3f4bd63e
ep_bytes: ff258c616c0000000000000000006061
timestamp: 2023-06-04 17:11:15

Version Info:
Translation: 0x0000 0x04b0
Comments: fCGAKwbHZFEaqXPM
CompanyName: bHJMs
FileDescription: rLTRqANNdkQQKtExMGLfBYYbAnRKSaHyFj
FileVersion: 45.134.52.47
InternalName: HqBrW
LegalCopyright: DjPZFaSfJXQexMBEKqZrFKAy
OriginalFilename: HqBrW
ProductName: gLZWWbHxYcJ
ProductVersion: 45.134.52.47
Assembly Version: 45.134.52.47

Trojan:MSIL/AveMaria.NECT!MTB also known as:

DrWeb	Trojan.Siggen19.9878
MicroWorld-eScan	IL:Trojan.MSILZilla.26396
ALYac	IL:Trojan.MSILZilla.26396
Malwarebytes	Crypt.Trojan.MSIL.DDS
VIPRE	IL:Trojan.MSILZilla.26396
Sangfor	Virus.Win32.Save.a
BitDefenderTheta	Gen:NN.ZemsilF.36250.Xo0@aqMoDg
VirIT	Trojan.Win32.MSIL_Heur.A
Cyren	W32/MSIL_Agent.EZD.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.NEN
APEX	Malicious
Kaspersky	HEUR:Trojan-Spy.MSIL.SnakeLogger.gen
BitDefender	IL:Trojan.MSILZilla.26396
Emsisoft	IL:Trojan.MSILZilla.26396 (B)
F-Secure	Heuristic.HEUR/AGEN.1310181
McAfee-GW-Edition	GenericRXVQ-ET!3BA715287C09
FireEye	IL:Trojan.MSILZilla.26396
GData	IL:Trojan.MSILZilla.26396
Google	Detected
Avira	HEUR/AGEN.1310181
MAX	malware (ai score=87)
Arcabit	IL:Trojan.MSILZilla.D671C
ZoneAlarm	HEUR:Trojan-Spy.MSIL.SnakeLogger.gen
Microsoft	Trojan:MSIL/AveMaria.NECT!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Infostealer/Win.RequestPOST.C5389899
McAfee	GenericRXVQ-ET!3BA715287C09
VBA32	OScope.Malware-Cryptor.MSIL.Agent
Panda	Trj/GdSda.A
Rising	Spyware.SnakeLogger!8.15FDD (TFE:dGZlOg0gU0ST/JFS3A)
Ikarus	Trojan.MSIL.Krypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.MQA!tr
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Trojan:MSIL/AveMaria.NECT!MTB?

Trojan:MSIL/AveMaria.NECT!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X