Generic.Ransom.Buhtrap.16EB2069 removal instruction

Malware Removal

The Generic.Ransom.Buhtrap.16EB2069 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Generic.Ransom.Buhtrap.16EB2069 virus can do?

  • Injection with CreateRemoteThread in a remote process
  • Attempts to connect to a dead IP:Port (3 unique times)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • A process created a hidden window
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Code injection with CreateRemoteThread in a remote process
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Creates a copy of itself

Related domains:

geoiptool.com
www.geodatatool.com
ocsp.comodoca.com
ocsp.usertrust.com
crl.usertrust.com

How to determine Generic.Ransom.Buhtrap.16EB2069?


File Info:

crc32: 89A18737
md5: c0e88cbb811aa4a59f79c392120c559a
name: C0E88CBB811AA4A59F79C392120C559A.mlw
sha1: 03dc1dc627fa8f7488bb7043ec38adbeb0bf69f3
sha256: 1f94d1824783e8edac62942e13185ffd02edb129970ca04e0dd5b245dd3002bc
sha512: 1d4d58a8d7507a484856d6fd99ebedad0846ec9b2a3084cac93c5ea0f8ad99bb89c19827891e6b69021043ae9205d77a94676816ec6788d9211bf2a6e0c7ad31
ssdeep: 6144:vyJEFP89J5YclVIIKgU9o4DQFu/U3buRKlemZ9DnGAesNgX1HDcT0+:vUa89/67gUm4DQFu/U3buRKlemZ9DnG
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Generic.Ransom.Buhtrap.16EB2069 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Agent.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.25574
ClamAVWin.Ransomware.Buhtrap-7497074-0
CAT-QuickHealTrojan.AgentIH.S18008568
ALYacTrojan.Ransom.VegaLocker
CylanceUnsafe
ZillyaTrojan.Filecoder.Win32.11249
SangforWorm.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Zeppelin.36877b1c
K7GWTrojan ( 0055c8001 )
K7AntiVirusTrojan ( 0055c8001 )
CyrenW32/Ransom.LV.gen!Eldorado
SymantecRansom.Buran
ESET-NOD32a variant of Win32/Filecoder.Buran.J
APEXMalicious
AvastFileRepMalware
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Agent.gen
BitDefenderGeneric.Ransom.Buhtrap.16EB2069
NANO-AntivirusTrojan.Win32.Filecoder.gjptbn
ViRobotTrojan.Win32.S.Zeppelin.221696
MicroWorld-eScanGeneric.Ransom.Buhtrap.16EB2069
TencentMalware.Win32.Gencirc.114de8d0
Ad-AwareGeneric.Ransom.Buhtrap.16EB2069
SophosMal/Generic-R + Mal/Behav-010
ComodoMalware@#14sncvnefxior
BitDefenderThetaAI:Packer.BEFCCC591E
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom.Win32.BURAN.B
McAfee-GW-EditionBehavesLike.Win32.Picsys.dh
FireEyeGeneric.mg.c0e88cbb811aa4a5
EmsisoftGeneric.Ransom.Buhtrap.16EB2069 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Agent.cpgm
WebrootW32.Ransom.Zeppelin
AviraHEUR/Malware
Antiy-AVLTrojan/Generic.ASCommon.195
MicrosoftRansom:Win32/Zeppelin.A!MSR
ArcabitGeneric.Ransom.Buhtrap.16EB2069
ZoneAlarmHEUR:Trojan.Win32.Agent.gen
GDataGeneric.Ransom.Buhtrap.16EB2069
AhnLab-V3Trojan/Win32.BuhTrap.R338445
McAfeeGenericRXJE-WA!C0E88CBB811A
MAXmalware (ai score=100)
VBA32BScope.TrojanRansom.Crypmod
MalwarebytesRansom.Jamper.brn
PandaTrj/Genetic.gen
TrendMicro-HouseCallRansom.Win32.BURAN.B
RisingRansom.Zeppelin!1.D4C1 (CLASSIC)
YandexTrojan.GenAsa!CxfKQU+AivY
IkarusTrojan-Ransom.Buran
MaxSecureTrojan.Malware.771626.susgen
FortinetW32/Buran.H!tr.ransom
AVGFileRepMalware
Paloaltogeneric.ml

How to remove Generic.Ransom.Buhtrap.16EB2069?

Generic.Ransom.Buhtrap.16EB2069 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment