Trojan

Trojan:Win32/Redline.PZE!MTB removal instruction

Malware Removal

The Trojan:Win32/Redline.PZE!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Redline.PZE!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Redline.PZE!MTB?



File Info:

name: 9104B0E6A6F70FAE8793.mlw
path: /opt/CAPEv2/storage/binaries/fa596cd7e9c29e7410a9f55af0eff883b7ba6ee4dd624d8a643938adc53bf2c4
crc32: 4F031A06
md5: 9104b0e6a6f70fae8793a90683a70cf2
sha1: fb2cfbb946216679b8c32f38d8255a617ec4fbf5
sha256: fa596cd7e9c29e7410a9f55af0eff883b7ba6ee4dd624d8a643938adc53bf2c4
sha512: c57f2a72dcdbee37a86052d8081739bfa5960a0960fca8834f884ef60a72b0472472529fdca1203556019edc27c1fba4a64be12af680195d62d35a024c8f8cab
ssdeep: 3072:SS6m0SrzOsVcwrjKUHV5BeyUavy70ZEgwXgtKDOZsDpaHMojC7Gz/fx:S+xOCr9HV5NEr6eODjC7G
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T153445B00D18FFD36C80B507D1F8ADAB6F2CBBFE463C441A96C93875E2329191592B979
sha3_384: 74877325bc328b13480ef8ae9990c86149426d5820438e5b14cf907e794acfec292bbc3c3f9e81b5972de268095877ad
ep_bytes: e8173c0000e9a4feffff3b0d3ce14300
timestamp: 2023-06-10 23:28:17


Version Info:

Comments: Il s'agit d'une application légitime.
CompanyName: Renault S.A.
FileDescription: Renault S.A. Produit
FileVersion: 231
InternalName: ApplicationInterne
LegalCopyright: Droit d'auteur © Renault S.A. Tous droits réservés.
LegalTrademarks: Marques déposées © Renault S.A.
OriginalFilename: app.exe
ProductName: Application
ProductVersion: 231
Translation: 0x0407 0x04b0

Trojan:Win32/Redline.PZE!MTB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.lvqc
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.472141
ClamAVWin.Malware.Zusy-10004205-0
FireEyeGeneric.mg.9104b0e6a6f70fae
CAT-QuickHealBackdoor.Convagent
McAfeeGenericRXAA-FA!9104B0E6A6F7
Cylanceunsafe
SangforTrojan.Win32.Save.a
AlibabaBackdoor:Win32/Convagent.bc1253c6
VirITTrojan.Win32.GenusT.DMUR
CyrenW32/Kryptik.JZT.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HSYN
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Backdoor.Win32.Convagent.gen
BitDefenderGen:Variant.Zusy.472141
AvastWin32:CrypterX-gen [Trj]
TencentMalware.Win32.Gencirc.11a9c0bc
EmsisoftGen:Variant.Zusy.472141 (B)
F-SecureTrojan.TR/AD.RedLineSteal.igror
VIPREGen:Variant.Zusy.472141
McAfee-GW-EditionBehavesLike.Win32.Generic.dh
Trapminemalicious.high.ml.score
SophosMal/Generic-S
IkarusTrojan-Spy.Agent
GDataWin32.Trojan.PSE.9TWQS2
AviraTR/AD.RedLineSteal.igror
Antiy-AVLTrojan/Win32.Kryptik
ArcabitTrojan.Zusy.D7344D
ZoneAlarmHEUR:Backdoor.Win32.Convagent.gen
MicrosoftTrojan:Win32/Redline.PZE!MTB
GoogleDetected
AhnLab-V3Trojan/Win.Generic.R586164
BitDefenderThetaGen:NN.ZexaF.36250.qq2@a8J2Sdai
ALYacGen:Variant.Zusy.472141
MAXmalware (ai score=88)
MalwarebytesTrojan.FakeSig
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002H0CFB23
RisingBackdoor.Convagent!8.123DC (TFE:5:2ufaFoy3QMH)
SentinelOneStatic AI – Suspicious PE
MaxSecurePSW.W32.Coins.gen_265938
FortinetW32/Kryptik.HSYN!tr
AVGWin32:CrypterX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Redline.PZE!MTB?

Trojan:Win32/Redline.PZE!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment