Generic.Ransom.Buhtrap.D00A61BC removal

The Generic.Ransom.Buhtrap.D00A61BC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic.Ransom.Buhtrap.D00A61BC virus can do?

Injection with CreateRemoteThread in a remote process
Attempts to connect to a dead IP:Port (3 unique times)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
A process created a hidden window
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Code injection with CreateRemoteThread in a remote process
Deletes its original binary from disk
Installs itself for autorun at Windows startup
Attempts to modify proxy settings
Creates a copy of itself

Related domains:

z.whorecord.xyz

a.tomx.xyz

geoiptool.com

www.geodatatool.com

ocsp.comodoca.com

ocsp.usertrust.com

crl.usertrust.com

How to determine Generic.Ransom.Buhtrap.D00A61BC?


File Info:
crc32: 56FE3BB8
md5: 9d7a05ed6e4569cac26f926abda68026
name: 9D7A05ED6E4569CAC26F926ABDA68026.mlw
sha1: fa6fe284382f6f87ddf78a8505d1233fee8d17d8
sha256: 6d2f09a8a70e9c47fd681cf7efaf90c5804476ddc9770601fa94d941fdd8ed55
sha512: fc4caa8c4b2c21f94c34ac5061500d1e0cfba258e55be9ab2ec818a02c0dc227b8d442563fbe8d2b3cb83eebf3a36f525db43fd8d0addca8477465e18db7df59
ssdeep: 6144:ayJE1yd7WTJmcyfZmPWna4DQFu/U3buRKlemZ9DnGAevI4WeA6+:aU/d7WwvUPWa4DQFu/U3buRKlemZ9Dn
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Generic.Ransom.Buhtrap.D00A61BC also known as:

K7AntiVirus	Trojan ( 0055c8001 )
Elastic	malicious (high confidence)
DrWeb	DLOADER.Trojan
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.AgentIH.S18008568
ALYac	Generic.Ransom.Buhtrap.D00A61BC
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_80% (D)
K7GW	Trojan ( 0055c8001 )
Cybereason	malicious.d6e456
Cyren	W32/Ransom.LV.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Filecoder.Buran.J
APEX	Malicious
Avast	Win32:Dh-A [Heur]
ClamAV	Win.Ransomware.Buhtrap-9865977-0
Kaspersky	HEUR:Trojan.Win32.Agent.gen
BitDefender	Generic.Ransom.Buhtrap.D00A61BC
NANO-Antivirus	Trojan.Win32.Encoder.itzlzz
MicroWorld-eScan	Generic.Ransom.Buhtrap.D00A61BC
Tencent	Malware.Win32.Gencirc.11bc2253
Ad-Aware	Generic.Ransom.Buhtrap.D00A61BC
Sophos	ML/PE-A + Mal/Behav-010
BitDefenderTheta	AI:Packer.B65A351C1E
TrendMicro	Ransom.Win32.ZEPPELIN.SMTH
McAfee-GW-Edition	BehavesLike.Win32.Generic.dh
FireEye	Generic.mg.9d7a05ed6e4569ca
Emsisoft	Generic.Ransom.Buhtrap.D00A61BC (B)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/Malware
Antiy-AVL	Trojan/Generic.ASCommon.195
Microsoft	Ransom:Win32/Zeppelin.A!MSR
GData	Generic.Ransom.Buhtrap.D00A61BC
AhnLab-V3	Trojan/Win32.BuhTrap.R338445
McAfee	GenericRXKB-RP!9D7A05ED6E45
MAX	malware (ai score=82)
VBA32	BScope.TrojanRansom.Crypmod
Malwarebytes	Ransom.Zeppelin
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Ransom.Win32.ZEPPELIN.SMTH
Rising	Ransom.Zeppelin!1.D4C1 (CLASSIC)
Yandex	Trojan.GenAsa!CxfKQU+AivY
Ikarus	Trojan-Ransom.Buran
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Buran.H!tr.ransom
AVG	Win32:Dh-A [Heur]

How to remove Generic.Ransom.Buhtrap.D00A61BC?

Generic.Ransom.Buhtrap.D00A61BC removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Generic.Ransom.Buhtrap.D00A61BC removal