Trojan:MSIL/ClipBanker.RPH!MTB removal guide

The Trojan:MSIL/ClipBanker.RPH!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/ClipBanker.RPH!MTB virus can do?

Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Trojan:MSIL/ClipBanker.RPH!MTB?


File Info:
name: E3CEB1C1311593230417.mlw
path: /opt/CAPEv2/storage/binaries/0e634e9f9ffce457a82724bbde47824c868089c19a2655a0945bc89cf481ab61
crc32: A17557D6
md5: e3ceb1c13115932304170d8c0efcacca
sha1: 44f3f90d05e2b8f5f3b951ed6dee820048f9b608
sha256: 0e634e9f9ffce457a82724bbde47824c868089c19a2655a0945bc89cf481ab61
sha512: 75c0cfca6e773f9b869bc686a229c80a79060d80917f138f9f9767f4ef9efcd13194904ed6c9febbc5b2cefc8f7eaa4621d20b30ab86e9a5094dd923c11e1c4d
ssdeep: 192:RedxNQwx19LvV0wlOEELlTNGBIDGAjB8fnkfg:Redx2wxxF6lTNhVWfnko
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17E12E755B7D8D672D8FA4E3498B362400B76A756D8BACA2F59CC009F5E733400AE2F74
sha3_384: fe9a7166425515a57fb07ccc86ad05261aa75bba1f5f69a29f1e396da8b0f895096010a23620f96438f323ed602a0f06
ep_bytes: ff250020400000000000000000000000
timestamp: 2075-05-12 19:06:45

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: Freya Bitcoin Clipper
FileVersion: 1.0.0.0
InternalName: Freya Bitcoin Clipper.exe
LegalCopyright: Copyright ©  2022
LegalTrademarks: 
OriginalFilename: Freya Bitcoin Clipper.exe
ProductName: Freya Bitcoin Clipper
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:MSIL/ClipBanker.RPH!MTB also known as:

Cynet	Malicious (score: 100)
FireEye	Gen:Variant.Tedy.121453
CAT-QuickHeal	Trojan.YakbeexMSIL.ZZ4
McAfee	GenericRXTF-BI!E3CEB1C13115
Cylance	Unsafe
VIPRE	Gen:Variant.Tedy.121453
K7AntiVirus	Trojan ( 005928f61 )
K7GW	Trojan ( 005928f61 )
Cybereason	malicious.d05e2b
Elastic	malicious (high confidence)
ESET-NOD32	MSIL/ClipBanker.ABB
APEX	Malicious
Kaspersky	HEUR:Trojan-Banker.MSIL.ClipBanker.gen
BitDefender	Gen:Variant.Tedy.121453
MicroWorld-eScan	Gen:Variant.Tedy.121453
Tencent	Malware.Win32.Gencirc.10d066a6
Ad-Aware	Gen:Variant.Tedy.121453
Emsisoft	Gen:Variant.Tedy.121453 (B)
DrWeb	Trojan.PWS.Stealer.33295
McAfee-GW-Edition	GenericRXTF-BI!E3CEB1C13115
SentinelOne	Static AI – Suspicious PE
GData	Gen:Variant.Tedy.121453
Jiangmin	Trojan.Banker.MSIL.gps
Avira	TR/Spy.ClipBanker.xdjcz
Arcabit	Trojan.Tedy.D1DA6D
Microsoft	Trojan:MSIL/ClipBanker.RPH!MTB
AhnLab-V3	Trojan/Win.PWS-Banker.C5143023
ALYac	Gen:Variant.Tedy.121453
MAX	malware (ai score=88)
Malwarebytes	Trojan.ClipBanker
Rising	Trojan.ClipBanker!8.5FB (TFE:dGZlOgwhOQy5CgPCtw)
Yandex	Trojan.ClipBanker!2yC9CfJdVbw
MaxSecure	Trojan.Malware.73489558.susgen
BitDefenderTheta	Gen:NN.ZemsilF.34742.am1@aiCCGoj
AVG	Win32:Malware-gen
Avast	Win32:Malware-gen

How to remove Trojan:MSIL/ClipBanker.RPH!MTB?

Trojan:MSIL/ClipBanker.RPH!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X