Trojan

Trojan:MSIL/Tnega!mclg malicious file

Malware Removal

The Trojan:MSIL/Tnega!mclg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:MSIL/Tnega!mclg virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid

How to determine Trojan:MSIL/Tnega!mclg?



File Info:

name: F444C3172E0E8E2BAA30.mlw
path: /opt/CAPEv2/storage/binaries/ca4f82f0f8220ec502f28754d316e4cc75f5d4a957fee1647a9c2ab23bdfd3ee
crc32: 3A16CC5D
md5: f444c3172e0e8e2baa30af1846a35dc0
sha1: ed9b9376848852967c084236c27ae05e86bc43ce
sha256: ca4f82f0f8220ec502f28754d316e4cc75f5d4a957fee1647a9c2ab23bdfd3ee
sha512: 497d41e9acb8e300e7799f290e83a02819b8095373ac7eb39e5f4ddce6d9f2ec6fb2817865325d8ac85efbba6fe31968ebfef8afa1be454cfb992be2522db3bb
ssdeep: 1536:P4b8QU+iopiA+bHq0R4Co0s7yj7c0q1M:AbwYzCo8/c0q1M
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DB73B1A1BD84F66AC1262D32DB52DAF5C227BD27CD609A577CC83F1F7933642810172A
sha3_384: 3396ccf9a3766838bb3b487df731440cd105d916886f5613f895735c9d765093c26f4b26e95fba488a1939dc9d5706fb
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-03-25 01:46:43


Version Info:

Translation: 0x0000 0x04b0
Comments: Computer Management Snapin Launcher
CompanyName: Microsoft Corporation
FileDescription: Computer Management Snapin Launcher
FileVersion: 6.3.9600.16384
InternalName: Zdfboo.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
LegalTrademarks: 
OriginalFilename: Zdfboo.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.3.9600.16384
Assembly Version: 6.3.9600.16384

Trojan:MSIL/Tnega!mclg also known as:

LionicTrojan.MSIL.Agent.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeTrojan.GenericKD.39357195
CAT-QuickHealTrojan.TnegaFC.S27417180
McAfeeRDN/Siggennet
CylanceUnsafe
SangforTrojan.MSIL.Agent.gen
K7AntiVirusTrojan-Downloader ( 0058ff061 )
AlibabaTrojan:MSIL/Generic.5f07ddd6
K7GWTrojan-Downloader ( 0058ff061 )
CyrenW32/MSIL_Agent.CSU.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanDownloader.Agent.LAM
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.MSIL.Agent.gen
BitDefenderTrojan.GenericKD.39357195
MicroWorld-eScanTrojan.GenericKD.39357195
AvastWin32:PWSX-gen [Trj]
TencentMsil.Trojan-downloader.Agent.Ebge
Ad-AwareTrojan.GenericKD.39357195
SophosMal/Generic-S
ComodoMalware@#l7oh0pnh7rh0
F-SecureTrojan.TR/Dldr.Agent.gkrto
DrWebBackDoor.SiggenNET.35
ZillyaTrojan.Agent.Win32.2747154
TrendMicroTROJ_GEN.R04AC0PCT22
McAfee-GW-EditionRDN/Siggennet
EmsisoftTrojan.GenericKD.39357195 (B)
IkarusTrojan-Downloader.MSIL.Agent
GDataTrojan.GenericKD.39357195
JiangminTrojan.MSIL.amoel
AviraTR/Dldr.Agent.gkrto
Antiy-AVLTrojan/Generic.ASMalwS.3550D8D
MicrosoftTrojan:MSIL/Tnega!mclg
AhnLab-V3Trojan/Win.Sabsik.C5031856
BitDefenderThetaGen:NN.ZemsilF.34606.em0@aiKUHRm
ALYacTrojan.GenericKD.39357195
MAXmalware (ai score=80)
VBA32TScope.Trojan.MSIL
MalwarebytesBackdoor.NanoCore
TrendMicro-HouseCallTROJ_GEN.R04AC0PCT22
YandexTrojan.DL.Agent!2EOkoM2dceI
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.8703358.susgen
FortinetMSIL/Agent.LAM!tr.dldr
AVGWin32:PWSX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:MSIL/Tnega!mclg?

Trojan:MSIL/Tnega!mclg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment