Generic.Ransom.Buhtrap.33C23552 removal guide

The Generic.Ransom.Buhtrap.33C23552 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic.Ransom.Buhtrap.33C23552 virus can do?

Injection with CreateRemoteThread in a remote process
Attempts to connect to a dead IP:Port (3 unique times)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
A process created a hidden window
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Code injection with CreateRemoteThread in a remote process
Deletes its original binary from disk
Installs itself for autorun at Windows startup
Attempts to modify proxy settings
Creates a copy of itself

Related domains:

geoiptool.com

www.geodatatool.com

ocsp.comodoca.com

ocsp.usertrust.com

crl.usertrust.com

How to determine Generic.Ransom.Buhtrap.33C23552?


File Info:
crc32: 79180E58
md5: fedc405738bf6cf4f3e0d75fa550b974
name: FEDC405738BF6CF4F3E0D75FA550B974.mlw
sha1: 4c745fad4ca74a3ac4988b7e816bfd0105f8e5b5
sha256: 70f2ccce9ea578a0cf3101a6e5f1f87c34aad14e77513c70904aaed1424ca16f
sha512: 0cc3553c4a3f7d11363ddeb860c682820c37295c9a8174e10afc93926daf05494fad12863a32b13f9b9b204b2ec8faa4128e48cacb6dd5872058cd32e217fe94
ssdeep: 6144:myJE1yd7WKJmcyf8yGw44DQFu/U3buRKlemZ9DnGAeKMTxfg7+:mU/d7Wvv0yGP4DQFu/U3buRKlemZ9Dn
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Generic.Ransom.Buhtrap.33C23552 also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 0055c8001 )
Elastic	malicious (high confidence)
DrWeb	DLOADER.Trojan
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.AgentIH.S18008568
ALYac	Generic.Ransom.Buhtrap.33C23552
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
K7GW	Trojan ( 0055c8001 )
Cybereason	malicious.738bf6
Cyren	W32/Ransom.LV.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Filecoder.Buran.J
APEX	Malicious
Avast	Win32:Dh-A [Heur]
Kaspersky	HEUR:Trojan.Win32.Agent.gen
BitDefender	Generic.Ransom.Buhtrap.33C23552
MicroWorld-eScan	Generic.Ransom.Buhtrap.33C23552
Ad-Aware	Generic.Ransom.Buhtrap.33C23552
Sophos	ML/PE-A + Mal/Behav-010
BitDefenderTheta	AI:Packer.95B28CD11E
TrendMicro	Ransom.Win32.ZEPPELIN.SMTH
McAfee-GW-Edition	BehavesLike.Win32.ExploitMydoom.dh
FireEye	Generic.mg.fedc405738bf6cf4
Emsisoft	Generic.Ransom.Buhtrap.33C23552 (B)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/Malware
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASCommon.195
Microsoft	Ransom:Win32/Zeppelin.A!MSR
GData	Generic.Ransom.Buhtrap.33C23552
AhnLab-V3	Trojan/Win32.BuhTrap.R338445
McAfee	GenericRXPF-LP!FEDC405738BF
MAX	malware (ai score=89)
VBA32	BScope.TrojanRansom.Crypmod
Malwarebytes	Ransom.Zeppelin
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Ransom.Win32.ZEPPELIN.SMTH
Rising	Ransom.Zeppelin!1.D4C1 (CLASSIC)
Yandex	Trojan.GenAsa!CxfKQU+AivY
Ikarus	Trojan-Ransom.Buran
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Buran.H!tr.ransom
AVG	Win32:Dh-A [Heur]
Qihoo-360	HEUR/QVM05.1.8C0F.Malware.Gen

How to remove Generic.Ransom.Buhtrap.33C23552?

Generic.Ransom.Buhtrap.33C23552 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Generic.Ransom.Buhtrap.33C23552 removal guide