Trojan

How to remove “Trojan:Win32/RedLineStealer!MSR”?

Malware Removal

The Trojan:Win32/RedLineStealer!MSR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/RedLineStealer!MSR virus can do?

  • Executable code extraction
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Expresses interest in specific running processes
  • The binary likely contains encrypted or compressed data.
  • Checks for the presence of known windows from debuggers and forensic tools
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • The following process appear to have been packed with Themida: F209EBA907A51025F1E60E14DAC912B9.mlw
  • Network activity detected but not expressed in API logs
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Anomalous binary characteristics

How to determine Trojan:Win32/RedLineStealer!MSR?



File Info:

crc32: 89CF9344
md5: f209eba907a51025f1e60e14dac912b9
name: F209EBA907A51025F1E60E14DAC912B9.mlw
sha1: dd893b9807623a3ec3c74f921f1003e0853ab8ce
sha256: 12505bb6e3c63202f22db1d60afd4a0a386ddff8807bf0d1f8583ba57f6413ba
sha512: 7048c2710f8a28a6222469a684a7061f47f956eb5208776161c0ff36467b14eddea45520ba4dc0478f0dd5d0470914a843735b81a703e97de59d78bf1fb2d15e
ssdeep: 49152:MrQjrFqvDtFTlUkYlhI/FSNpv7/d6gqtaujFwaEsM0KuVXiiku9dw:OrtFTlohIYv7F6gqtNjF1PRVv9dw
type: PE32 executable (console) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright 2021 Google LLC. All rights reserved.
InternalName: chrome_exe
CompanyShortName: Google
FileVersion: 92.0.4515.131
CompanyName: Google LLC
ProductShortName: Chrome
ProductName: Google Chrome
LastChange: 6b8d6c56ce21e38a72f7c4becb5abc1fa5134f29-refs/branch-heads/4515@#1933
ProductVersion: 92.0.4515.131
FileDescription: Google Chrome
OriginalFilename: chrome.exe
Official Build: 1
Translation: 0x0409 0x04b0

Trojan:Win32/RedLineStealer!MSR also known as:

LionicTrojan.MSIL.Reline.i!c
Elasticmalicious (high confidence)
ClamAVWin.Packed.Razy-9883428-0
ALYacGen:Variant.Razy.897488
CylanceUnsafe
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaPacked:Win32/Themida.b2a6da33
K7GWTrojan ( 005800cc1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Themida.HKZ
APEXMalicious
AvastWin32:Trojan-gen
CynetMalicious (score: 100)
KasperskyHEUR:Trojan-PSW.MSIL.Reline.pef
BitDefenderGen:Variant.Razy.897488
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
MicroWorld-eScanGen:Variant.Razy.897488
TencentMsil.Trojan-qqpass.Qqrob.Dyzh
Ad-AwareGen:Variant.Razy.897488
SophosMal/Generic-S
F-SecureTrojan.TR/Crypt.XPACK.Gen
McAfee-GW-EditionArtemis!Trojan
FireEyeGeneric.mg.f209eba907a51025
EmsisoftGen:Variant.Razy.897488 (B)
JiangminTrojan.PSW.MSIL.cdzb
AviraTR/Crypt.XPACK.Gen
eGambitPE.Heur.InvalidSig
KingsoftWin32.PSWTroj.Undef.(kcloud)
MicrosoftTrojan:Win32/RedLineStealer!MSR
GridinsoftTrojan.Heur!.012120B1
GDataGen:Variant.Razy.897488
AhnLab-V3Trojan/Win.Generic.R436734
Acronissuspicious
McAfeeArtemis!F209EBA907A5
MAXmalware (ai score=80)
VBA32BScope.Trojan.Wacatac
MalwarebytesMalware.AI.4025688955
TrendMicro-HouseCallTROJ_GEN.R002H0CHC21
RisingTrojan.Generic@ML.97 (RDML:hwk/CbQeJ+DHY2lN/oDYmw)
IkarusWin32.Outbreak
FortinetW32/PackedThemida.HXI!tr
AVGWin32:Trojan-gen
Paloaltogeneric.ml
Qihoo-360Win32/TrojanPSW.Generic.HxMBOm8A

How to remove Trojan:Win32/RedLineStealer!MSR?

Trojan:Win32/RedLineStealer!MSR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment