TrojanSpy:MSIL/Stelega.VA!MTB removal

The TrojanSpy:MSIL/Stelega.VA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What TrojanSpy:MSIL/Stelega.VA!MTB virus can do?

Network activity detected but not expressed in API logs

How to determine TrojanSpy:MSIL/Stelega.VA!MTB?


File Info:
crc32: D0196F98
md5: e885fdd6a38169bd6a79f19abfc9bad8
name: E885FDD6A38169BD6A79F19ABFC9BAD8.mlw
sha1: 34474b0f4eba14a874abc04c8dc9caac59bc1727
sha256: 582a749365f8fc378595f3a837d0f2056d71701a1aa84b6523381f8cefbbe6da
sha512: 0af6339e3de1b6fcd45691bc5721b1024c0011a24bcde42976bc11cc0b3cedf9607fa4698ad8c3cb17847a764eb16393da1f99abdab80384bb716645ad9e1546
ssdeep: 12288:4g2Cdsi6E7kxWfnUpcWcyCiT0vp9RS/kVYd1w:4Odd61wPUOWy9vp9RhYdq
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 2014 A:JECE9A=;?6JE
Assembly Version: 1.0.0.0
InternalName: akazx.exe
FileVersion: 8.12.16.20
CompanyName: A:JECE9A=;?6JE
Comments: 8=?H5F4JA;HE86E;
ProductName: E;33;98:@BF9@F<E44J
ProductVersion: 8.12.16.20
FileDescription: E;33;98:@BF9@F<E44J
OriginalFilename: akazx.exe

TrojanSpy:MSIL/Stelega.VA!MTB also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.45146828
McAfee	PWS-FCQR!E885FDD6A381
Cylance	Unsafe
AegisLab	Trojan.Win32.Generic.4!c
K7AntiVirus	Spyware ( 004bf53c1 )
BitDefender	Trojan.GenericKD.45146828
K7GW	Spyware ( 004bf53c1 )
Cybereason	malicious.f4eba1
Cyren	W32/MSIL_Kryptik.ANE.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Trojan-gen
Alibaba	TrojanSpy:MSIL/Stelega.c927b05e
ViRobot	Trojan.Win32.Z.Agent.783872.CY
Ad-Aware	Trojan.GenericKD.45146828
Emsisoft	Trojan.GenericKD.45146828 (B)
Comodo	.UnclassifiedMalware@0
DrWeb	BackDoor.SpyBotNET.25
McAfee-GW-Edition	PWS-FCQR!E885FDD6A381
FireEye	Generic.mg.e885fdd6a38169bd
Sophos	Mal/Generic-S
Ikarus	Trojan.Inject
MAX	malware (ai score=100)
Microsoft	TrojanSpy:MSIL/Stelega.VA!MTB
Arcabit	Trojan.Generic.D2B0E2CC
GData	Trojan.GenericKD.45146828
BitDefenderTheta	Gen:NN.ZemsilF.34700.Vm0@aGgVAqj
Malwarebytes	Trojan.Crypt.MSIL.Generic
Panda	Trj/GdSda.A
ESET-NOD32	MSIL/Spy.Agent.AES
TrendMicro-HouseCall	TROJ_GEN.R06CH0CLO20
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.ZCO!tr
AVG	Win32:Trojan-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_80% (D)
Qihoo-360	Generic/HEUR/QVM03.0.25A7.Malware.Gen

How to remove TrojanSpy:MSIL/Stelega.VA!MTB?

TrojanSpy:MSIL/Stelega.VA!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X