Trojan:Win32/RedLine.RDDL!MTB removal tips

The Trojan:Win32/RedLine.RDDL!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/RedLine.RDDL!MTB virus can do?

Authenticode signature is invalid

How to determine Trojan:Win32/RedLine.RDDL!MTB?


File Info:
name: 31CB298BB953DC7E0AEC.mlw
path: /opt/CAPEv2/storage/binaries/a035430ff95e67be1d2bd55faf47b51ee2a9dee274c601236ae0bfa4d83134aa
crc32: 8AABD6B2
md5: 31cb298bb953dc7e0aec6dde8d6eec5e
sha1: ec7fe8929257ee17f56dd4451aa413108503ab76
sha256: a035430ff95e67be1d2bd55faf47b51ee2a9dee274c601236ae0bfa4d83134aa
sha512: 8b59ae14cf83a33e10cddd183a198f19106f94fc547c43eb2e7ef9018d8a8d28aba2fa9780ef3c0b5772f53e4854416bbfd2d1f280d16201866a37b8c9b496ec
ssdeep: 6144:WhaoKajWpVP06TPGW/JtmfuR0hRfZ7Lyvl42Q/hNFJvrj:W9KajW/nJ9R0h1Il7Q/X3jj
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T13254BF3236DCD43DCC21BD3645A55B767E7AFA24AE818D8F23A0457DEAA0090F510FB6
sha3_384: 8490c5e59c207062fbcc332f69c64f4a7b65cfce4d100127c2dce42163f6c8c70a6f1c6299c092da2a5fc7665fecc573
ep_bytes: e874040000e974feffff8b4df464890d
timestamp: 2023-10-01 03:11:36

Version Info:
0: [No Data]

Trojan:Win32/RedLine.RDDL!MTB also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Stealer.12!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Lazy.403061
FireEye	Generic.mg.31cb298bb953dc7e
Skyhigh	BehavesLike.Win32.Generic.dh
ALYac	Gen:Variant.Lazy.403061
Malwarebytes	Neshta.Virus.FileInfector.DDS
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 005abe3f1 )
BitDefender	Gen:Variant.Lazy.403061
K7GW	Trojan ( 005abe3f1 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZexaF.36792.rqW@aC9tC8o
VirIT	Trojan.Win32.GenusT.DSGR
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HUUG
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Trojan.Lazy-10009515-0
Kaspersky	HEUR:Trojan-PSW.Win32.Stealerc.pef
Alibaba	TrojanPSW:Win32/RedLine.4b65c81f
NANO-Antivirus	Trojan.Win32.Stealer.kbpeoa
Rising	Backdoor.Convagent!8.123DC (TFE:5:HZynUVuMqBU)
Sophos	Troj/Krypt-ACG
F-Secure	Trojan.TR/AD.Nekark.qqnvc
DrWeb	Trojan.Inject4.61852
VIPRE	Gen:Variant.Lazy.403061
TrendMicro	TROJ_GEN.R03BC0DJ623
Trapmine	malicious.moderate.ml.score
Emsisoft	Gen:Variant.Lazy.403061 (B)
Ikarus	Trojan.Win32.Crypt
Jiangmin	Trojan.PSW.Stealerc.is
Varist	W32/Kryptik.KTF.gen!Eldorado
Avira	TR/AD.Nekark.qqnvc
Antiy-AVL	Trojan/Win32.SmokeLoader.f
Microsoft	Trojan:Win32/RedLine.RDDL!MTB
Arcabit	Trojan.Lazy.D62675
ZoneAlarm	HEUR:Trojan-PSW.Win32.Stealerc.pef
GData	Win32.Trojan.PSE.9TK98O
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5302376
McAfee	GenericRXWJ-QF!31CB298BB953
MAX	malware (ai score=88)
DeepInstinct	MALICIOUS
VBA32	TrojanSpy.Stealer
Cylance	unsafe
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_GEN.R03BC0DJ623
Tencent	Trojan.Win32.Kryptik.kbf
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.HUTD!tr
AVG	Win32:PWSX-gen [Trj]
Cybereason	malicious.29257e
Avast	Win32:PWSX-gen [Trj]

How to remove Trojan:Win32/RedLine.RDDL!MTB?

Trojan:Win32/RedLine.RDDL!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X