Trojan:MSIL/RedLine.MC!MTB removal instruction

The Trojan:MSIL/RedLine.MC!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/RedLine.MC!MTB virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Trojan:MSIL/RedLine.MC!MTB?


File Info:
name: 6AACFF8BA39D69F6E307.mlw
path: /opt/CAPEv2/storage/binaries/123b6659d8bf1700fc865018032331d50a214d7148f547615183d3899d1da835
crc32: 7893F8D7
md5: 6aacff8ba39d69f6e307621c684064a2
sha1: fc1090407e6a1fd702c5a563ade540e09f619ec0
sha256: 123b6659d8bf1700fc865018032331d50a214d7148f547615183d3899d1da835
sha512: ad55e100825dc4673f99659cc539fcf99bf4238019f83bb2b38d310608b906ff060c93d29f9e0acaf02e23e5586d683cf11ad241718d6017a850e45ce605e223
ssdeep: 196608:0f78gVSzwGBBx7c1n5OVQ/1+GqaSUptwdIbMqbMd:w7IjY1cGcaSUD+I5q
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T159A6336D094A426CDF218374ACADEF97B8BC4F957D826442B012CE466DFB870BE059C9
sha3_384: b87e668b07bca7e51a70535987610d408a81036eeabe3dae1f2a4b7872eb243c18ff91c43167f2ef071505e6c33d9783
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-08-30 03:51:17

Version Info:
Translation: 0x0000 0x04b0
Comments: UnamBinder
FileDescription: UnamBinder.exe
FileVersion: 1,0,0,0
InternalName: Binder.exe
LegalCopyright: Copyright ©  2021
OriginalFilename: Binder.exe
ProductName: UnamBinder
ProductVersion: 1,0,0,0
Assembly Version: 0.0.0.0

Trojan:MSIL/RedLine.MC!MTB also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	IL:Trojan.MSILZilla.20338
FireEye	Generic.mg.6aacff8ba39d69f6
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (D)
BitDefenderTheta	Gen:NN.ZemsilF.34606.@p0@aGQZh8h
Cyren	W32/Azorult.D.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/GenKryptik.FVDD
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	IL:Trojan.MSILZilla.20338
Ad-Aware	IL:Trojan.MSILZilla.20338
Sophos	Generic ML PUA (PUA)
F-Secure	Trojan.TR/Dropper.Gen
VIPRE	IL:Trojan.MSILZilla.20338
Trapmine	malicious.high.ml.score
Emsisoft	IL:Trojan.MSILZilla.20338 (B)
Ikarus	Trojan.MSIL.CoinMiner
GData	IL:Trojan.MSILZilla.20338
Google	Detected
Avira	TR/Dropper.Gen
Arcabit	IL:Trojan.MSILZilla.D4F72
Microsoft	Trojan:MSIL/RedLine.MC!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C5194113
Acronis	suspicious
ALYac	IL:Trojan.MSILZilla.20338
MAX	malware (ai score=82)
Rising	Trojan.Generic/MSIL@AI.91 (RDM.MSIL:eWMLbqTonHBHqfKL6WuHBQ)
SentinelOne	Static AI – Malicious PE
AVG	Win32:CrypterX-gen [Trj]
Cybereason	malicious.ba39d6
Avast	Win32:CrypterX-gen [Trj]

How to remove Trojan:MSIL/RedLine.MC!MTB?

Trojan:MSIL/RedLine.MC!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X