Trojan

About “Trojan:MSIL/Confuser.UI” infection

Malware Removal

The Trojan:MSIL/Confuser.UI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:MSIL/Confuser.UI virus can do?

  • Executable code extraction
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself

How to determine Trojan:MSIL/Confuser.UI?



File Info:

crc32: FF9C7856
md5: b0152e7c164fff8da188ae5a54e9cb31
name: B0152E7C164FFF8DA188AE5A54E9CB31.mlw
sha1: 275ac64a12289092dc4213f90e90884da3074efe
sha256: 1de6ece9ccddd74d4b667e83f39f9d3fe6c2c2ca991f1f837eb60d17259df1fe
sha512: dc6d8bc2cb709615c53a9e595ed9e1622c31eb8c108c33d641fde6db158cd7b287e48b03a95306eb1f823256193d90d3cf7f37dcc2d4476331d04e851929a9bb
ssdeep: 12288:iJ5UlFroFYmrkY/ZE0GUXXQ6M954qM2bnOM7CMYvZdG24AS9235I91MgG83:iJ54teYmr7ueXXQ684qpOMmVBg2c923
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

LegalCopyright: Copyright(C) 2013 by FtpScripter
InternalName: FtpScripter Editor
FileVersion: 2.0.5.25
CompanyName: Scripter
LegalTrademarks: FtpScripter
ProductName: FtpScripter
ProductVersion: 2.0
FileDescription: FtpScripter Editor
OriginalFilename: FtpScripterEditor.exe
Translation: 0x0409 0x04e4

Trojan:MSIL/Confuser.UI also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGeneric.MSIL.Ransomware.Jigsaw.46D26714
FireEyeGeneric.mg.b0152e7c164fff8d
ALYacGeneric.MSIL.Ransomware.Jigsaw.46D26714
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0053fc801 )
BitDefenderGeneric.MSIL.Ransomware.Jigsaw.46D26714
K7GWTrojan ( 0053fc801 )
Cybereasonmalicious.c164ff
BitDefenderThetaGen:NN.ZemsilF.34590.Nm0@aS4AZmni
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
AvastWin32:PWSX-gen [Trj]
KasperskyHEUR:Trojan-Banker.MSIL.BitStealer.gen
AlibabaTrojanBanker:MSIL/Confuser.871840db
NANO-AntivirusTrojan.Win32.Ransom.euviwc
AegisLabTrojan.Win32.Generic.4!c
RisingRansom.JigsawLocker!8.52DD (CLOUD)
Ad-AwareGeneric.MSIL.Ransomware.Jigsaw.46D26714
EmsisoftGeneric.MSIL.Ransomware.Jigsaw.46D26714 (B)
F-SecureHeuristic.HEUR/AGEN.1109336
DrWebTrojan.MulDrop7.52218
ZillyaTrojan.Generic.Win32.122451
McAfee-GW-EditionBehavesLike.Win32.Generic.jc
SophosMal/Generic-R + Troj/Jigsaw-L
IkarusTrojan.MSIL.NanoCore
JiangminTrojan.Generic.crbsl
MaxSecureTrojan.Malware.300983.susgen
AviraHEUR/AGEN.1109336
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.AGeneric
MicrosoftTrojan:MSIL/Confuser.UI
ArcabitGeneric.MSIL.Ransomware.Jigsaw.46D26714
AhnLab-V3Trojan/Win32.Ransomlock.R217840
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGeneric.MSIL.Ransomware.Jigsaw.46D26714
CynetMalicious (score: 100)
McAfeeArtemis!B0152E7C164F
MalwarebytesMalware.AI.849276241
PandaTrj/GdSda.A
TencentMsil.Trojan-banker.Bitstealer.Pauv
YandexTrojan.Agent!m1H29rK6axc
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetMSIL/CoinStealer.AA!tr.pws
WebrootW32.Trojan.Gen
AVGWin32:PWSX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_90% (D)
Qihoo-360Win32/Ransom.Generic.HgIASOsA

How to remove Trojan:MSIL/Confuser.UI?

Trojan:MSIL/Confuser.UI removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment