Fake • Trojan

About “Trojan:Win32/FakeAV.NE!MTB” infection

The Trojan:Win32/FakeAV.NE!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/FakeAV.NE!MTB virus can do?

Sample contains Overlay data
Authenticode signature is invalid

How to determine Trojan:Win32/FakeAV.NE!MTB?


File Info:
name: D0F61B86FB0A1ECED3ED.mlw
path: /opt/CAPEv2/storage/binaries/972b88668dc37fc583ae5fe713658afafd87f650bb1135496e36f753377f3822
crc32: 688B1C88
md5: d0f61b86fb0a1eced3edbab24fee0f32
sha1: 7407caee7e32eff4547645e8fb58c916ebb9e576
sha256: 972b88668dc37fc583ae5fe713658afafd87f650bb1135496e36f753377f3822
sha512: 442d462185e0517f5b2ce0969d0b2a8a14dea4f2154afe37834a78129276f744d97225c0c6ba0b1793903c315202f6c7abf57d3a3ab9e1de80da4bacd25bbf36
ssdeep: 96:hXUeyL2BmvXWo4BApddsuROLFuxmrW/41:BUeMrPWJBEqfFuxmrD1
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1DDD2864BFD8086B5C04687FC1D3B6E91E1A98C250B6196E3334E30746B734D1AE3974E
sha3_384: 633cbfe87a5bf35dc7085cc8f802d47c40cbb3b45d7e90fb98ae1b46652d6bce305c999eb1ab55894954ced9fc768170
ep_bytes: e906000000ccccccccccccb908000000
timestamp: 2005-11-30 05:34:42

Version Info:
0: [No Data]

Trojan:Win32/FakeAV.NE!MTB also known as:

CAT-QuickHeal	Trojan.Generic.14692
Malwarebytes	Malware.AI.2393214354
CrowdStrike	win/malicious_confidence_90% (W)
Baidu	Win32.Trojan.Agent.gx
Cyren	W32/FakeSec.Q.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
NANO-Antivirus	Trojan.Win32.Fakealert.fmcanx
SUPERAntiSpyware	Trojan.Agent/Gen-FakeAV
Avast	Win32:Malware-gen
F-Secure	Trojan.TR/Kazy.7884215
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.d0f61b86fb0a1ece
Sophos	Generic ML PUA (PUA)
Ikarus	Trojan.Win32.FakeAV
Avira	TR/Kazy.7884215
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Trojan:Win32/FakeAV.NE!MTB
Google	Detected
McAfee	Artemis!D0F61B86FB0A
VBA32	Trojan.FakeAlert
Cylance	unsafe
Panda	Trj/CI.A
Rising	Trojan.Generic@AI.100 (RDML:SOU8GhjPYH6VsP0ReYo58A)
Yandex	Trojan.GenAsa!awdd4Qm3Pr0
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kazy.7884215!tr
AVG	Win32:Malware-gen
Cybereason	malicious.e7e32e
DeepInstinct	MALICIOUS

How to remove Trojan:Win32/FakeAV.NE!MTB?

Trojan:Win32/FakeAV.NE!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X