TrojanSpy:MSIL/AgentTesla.R!MTB removal guide

The TrojanSpy:MSIL/AgentTesla.R!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What TrojanSpy:MSIL/AgentTesla.R!MTB virus can do?

Presents an Authenticode digital signature
Network activity detected but not expressed in API logs
Anomalous binary characteristics

How to determine TrojanSpy:MSIL/AgentTesla.R!MTB?


File Info:
crc32: 9AA9D47A
md5: 13385e551c73b3e85f227ded0a8b5bf7
name: 13385E551C73B3E85F227DED0A8B5BF7.mlw
sha1: 191896a4b9b0ab04affb0a99817d5a840f91f71a
sha256: 4d7785dcd99beca572613788bc8b0713ddda6da0c8df321b1402bc38e6880f88
sha512: 6c82458631b3852ec8ffc8a33efa28ec5f7690f6bf5fa7f09fca0ce6427e60c71e5949cb7f516e1d2b434ba37caa9838e3fac1ec96a4d9a45263734421a82b2e
ssdeep: 384:Vhi9COxO7C6gFWWax1dpXp/qo5p91ewfmzuZGmpALBFBCpCheQp:P6Fb6+WWax1dpXpxp9lpAdLheW
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
LegalCopyright: Copyright 2022 xa9 YdtZoSxD. All rights reserved.
Assembly Version: 1.2.3.1
InternalName: PhYLxcEV.exe
FileVersion: 8.1.6.6
CompanyName: HAEbhExE
LegalTrademarks: XUfopSkl
Comments: ClpsFnjb
ProductName: PhYLxcEV
ProductVersion: 1.2.3.1
FileDescription: YBAIuSrK
OriginalFilename: PhYLxcEV.exe
Translation: 0x0409 0x0514

TrojanSpy:MSIL/AgentTesla.R!MTB also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.MSILHeracles.13795
FireEye	Gen:Variant.MSILHeracles.13795
McAfee	RDN/Formbook
Cylance	Unsafe
AegisLab	Trojan.MSIL.Noon.l!c
Sangfor	Trojan.DOC.Obfuse.TB!MTB
K7AntiVirus	Trojan ( 005784391 )
BitDefender	Gen:Variant.MSILHeracles.13795
BitDefenderTheta	Gen:NN.ZemsilCO.34590.bm1@aWIYnYii
Cyren	W32/MSIL_Kryptik.DGL.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:DangerousSig [Trj]
Kaspersky	HEUR:Trojan-Spy.MSIL.Noon.gen
Alibaba	TrojanSpy:MSIL/AgentTesla.a45afd84
Ad-Aware	Gen:Variant.MSILHeracles.13795
Emsisoft	Gen:Variant.MSILHeracles.13795 (B)
F-Secure	Trojan.TR/Dldr.Agent.ojmiy
DrWeb	Trojan.Siggen12.3176
TrendMicro	TrojanSpy.MSIL.NOON.THBBCBA
McAfee-GW-Edition	Artemis!Trojan
Sophos	Mal/Generic-S
Avira	TR/Dldr.Agent.ojmiy
Kingsoft	Win32.Heur.KVM019.a.(kcloud)
Microsoft	TrojanSpy:MSIL/AgentTesla.R!MTB
Arcabit	Trojan.Bulz.D5A08F
ZoneAlarm	HEUR:Trojan-Spy.MSIL.Noon.gen
GData	Gen:Variant.MSILHeracles.13795
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.RL_Generic.C4345149
ALYac	Gen:Variant.Bulz.368783
MAX	malware (ai score=83)
Malwarebytes	Trojan.FakeSig.Generic
Panda	Trj/CI.A
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.HLE
TrendMicro-HouseCall	TrojanSpy.MSIL.NOON.THBBCBA
Rising	Downloader.Agent!1.D296 (CLOUD)
Ikarus	Trojan.MSIL.Crypt
Fortinet	MSIL/Kryptik.ZTE!tr
AVG	Win32:DangerousSig [Trj]
Paloalto	generic.ml
Qihoo-360	Win32/TrojanSpy.Noon.HgIASPkA

How to remove TrojanSpy:MSIL/AgentTesla.R!MTB?

TrojanSpy:MSIL/AgentTesla.R!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X