VirTool:MSIL/Spfolz.A!MTB removal tips

The VirTool:MSIL/Spfolz.A!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What VirTool:MSIL/Spfolz.A!MTB virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine VirTool:MSIL/Spfolz.A!MTB?


File Info:
name: 3F6ED181494E0766E4B4.mlw
path: /opt/CAPEv2/storage/binaries/b65b8d48ff919e0dac682f30aa213e838597c4eddd3b9f36dd20f2bcf1ec2d62
crc32: CDDCD190
md5: 3f6ed181494e0766e4b4ae3ea1fd6d43
sha1: 41e3b2ccf58797424fe71b03942b3e288bfdba3e
sha256: b65b8d48ff919e0dac682f30aa213e838597c4eddd3b9f36dd20f2bcf1ec2d62
sha512: c485219a62b2d9de1eb82ed953023d215171d5cbd3d2b1bbadadcf6df0a11e4a14c276444ab8205aef593bfd809689349e681846e8a5ce20f48c4b51a01948fd
ssdeep: 384:BoOvdiW1r56eepTYYmz5v+QZ3ENfK1SVqxd4WVCW5:jse5GdhtYX
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T15B822A86B7FC8625F8FE8B75ADB347014772B9625D34DB2E0189228F0D36741C912BA2
sha3_384: b096fa36d1b5c5e0ae6ff01b4135c451a838ce21d57c3f2a03809c7968a21b61e3ce0e1152441b3b813d44f02871a327
ep_bytes: ff250020400000000000000000000000
timestamp: 2097-11-22 11:48:51

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: Microsoft
FileDescription: SpoolFool
FileVersion: 1.0.0.0
InternalName: SpoolFool.exe
LegalCopyright: Copyright © Microsoft 2021
LegalTrademarks: 
OriginalFilename: SpoolFool.exe
ProductName: SpoolFool
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

VirTool:MSIL/Spfolz.A!MTB also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.ExploitX.3!c
AVG	Win32:ExploitX-gen [Expl]
Elastic	malicious (high confidence)
MicroWorld-eScan	Generic.Exploit.CVE-2022-22718.A.A9846285
FireEye	Generic.Exploit.CVE-2022-22718.A.A9846285
CAT-QuickHeal	Trojan.YakbeexMSIL.ZZ4
Skyhigh	CVE-2021-40450!3F6ED181494E
McAfee	CVE-2021-40450!3F6ED181494E
Cylance	unsafe
VIPRE	Generic.Exploit.CVE-2022-22718.A.A9846285
K7AntiVirus	Trojan ( 0058e3711 )
Alibaba	Exploit:MSIL/CVE-2022-22718.41e518c3
K7GW	Trojan ( 0058e3711 )
Cybereason	malicious.1494e0
Symantec	Exp.CVE-2022-21999
ESET-NOD32	a variant of MSIL/Exploit.CVE-2022-22718.A
ClamAV	Win.Exploit.Exploitx-9942911-0
Kaspersky	HEUR:Exploit.MSIL.CVE-2022-22718.gen
BitDefender	Generic.Exploit.CVE-2022-22718.A.A9846285
Avast	Win32:ExploitX-gen [Expl]
Rising	Exploit.CVE-2022-22718!1.DBB2 (CLASSIC)
Emsisoft	Generic.Exploit.CVE-2022-22718.A.A9846285 (B)
F-Secure	Heuristic.HEUR/AGEN.1309378
DrWeb	Exploit.CVE-2022-22718.1
Zillya	Exploit.CVE202222718.Win32.2
TrendMicro	TROJ_GEN.R002C0DBA22
Sophos	ATK/SpoolFool-A
Ikarus	Exploit.CVE-2022-22718
GData	Generic.Exploit.CVE-2022-22718.A.A9846285
Jiangmin	Exploit.MSIL.adf
Varist	W32/MSIL_Agent.HFO.gen!Eldorado
Avira	HEUR/AGEN.1309378
Antiy-AVL	Trojan[Exploit]/MSIL.CVE-2022-22718
Kingsoft	MSIL.Exploit.CVE-2022-227.gen
Arcabit	Generic.Exploit.CVE-2022-22718.A.A9846285
ZoneAlarm	HEUR:Exploit.MSIL.CVE-2022-22718.gen
Microsoft	VirTool:MSIL/Spfolz.A!MTB
Google	Detected
AhnLab-V3	Exploit/Win.CVE-2022-21999.C4963688
ALYac	Generic.Exploit.CVE-2022-22718.A.A9846285
MAX	malware (ai score=100)
VBA32	Exploit.MSIL.CVE-2022-22718
Malwarebytes	Malware.AI.3526869997
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R002C0DBA22
Tencent	Exp.Win32.Cve-2022-21999.16000523
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.140141475.susgen
Fortinet	MSIL/CVE_2022_22718.A!exploit
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove VirTool:MSIL/Spfolz.A!MTB?

VirTool:MSIL/Spfolz.A!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X