Ransom

Generic.Ransom.GandCrab.AD8A6194 removal guide

Malware Removal

The Generic.Ransom.GandCrab.AD8A6194 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Ransom.GandCrab.AD8A6194 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Performs some HTTP requests
  • The executable is compressed using UPX
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings

Related domains:

a.tomx.xyz
ipv4bot.whatismyipaddress.com
dns1.soprodns.ru
nomoreransom.coin
nomoreransom.bit
dns2.soprodns.ru
gandcrab.bit

How to determine Generic.Ransom.GandCrab.AD8A6194?



File Info:

crc32: D2941CC0
md5: 462991f0ace7fa0f8f590018c0c620cc
name: 462991F0ACE7FA0F8F590018C0C620CC.mlw
sha1: cab8e86bf79250123d1bcb5f932a913e0290cc8f
sha256: f5e779e3f1060bc1623c75ade9bcceb4cba9adcbd6515393365460c73b31b6aa
sha512: a233e55b0a49daebc53b35925ace657b3badab0aa25875076e24c500134f10973b1daf06e35d3bb7495a777986cf986fb1ac0f0733722788a4814d9e41ec7528
ssdeep: 1536:yZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAEMqqU+2bbbAV2/S2LNmHk:UBounVyFHFMqqDL2/LgHkc2
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed


Version Info:

0: [No Data]

Generic.Ransom.GandCrab.AD8A6194 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.24384
MicroWorld-eScanGeneric.Ransom.GandCrab.AD8A6194
FireEyeGeneric.mg.462991f0ace7fa0f
Qihoo-360Win32/Trojan.Ransom.GandCrab.AF
ALYacGeneric.Ransom.GandCrab.AD8A6194
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforWin.Ransomware.Gandcrab-6667060-0
K7AntiVirusTrojan ( 0053d33d1 )
BitDefenderGeneric.Ransom.GandCrab.AD8A6194
K7GWTrojan ( 0053d33d1 )
Cybereasonmalicious.0ace7f
BitDefenderThetaAI:Packer.433266BC1C
CyrenW32/S-69916e6d!Eldorado
SymantecRansom.GandCrab!g4
APEXMalicious
AvastWin32:RansomX-gen [Ransom]
ClamAVWin.Ransomware.Gandcrab-6502432-0
KasperskyHEUR:Trojan.Win32.Generic
AlibabaRansom:Win32/GandCrab.c896962b
NANO-AntivirusTrojan.Win32.Inject.eyyizx
TencentTrojan.Win32.Gandcrab.e
Ad-AwareGeneric.Ransom.GandCrab.AD8A6194
EmsisoftGeneric.Ransom.GandCrab.AD8A6194 (B)
ComodoPacked.Win32.MUPX.Gen@24tbus
F-SecureTrojan.TR/Crypt.XPACK.Gen3
ZillyaTrojan.Filecoder.Win32.7540
TrendMicroRansom.Win32.GANDCRAB.SMILB
McAfee-GW-EditionBehavesLike.Win32.RansomGandcrab.nm
SophosML/PE-A + Mal/Palevo-B
IkarusTrojan-Ransom.GandCrab
JiangminTrojan.Generic.bzhzc
AviraTR/Crypt.XPACK.Gen3
MAXmalware (ai score=100)
Antiy-AVLHackTool/Win32.Inject
MicrosoftRansom:Win32/GandCrab.E
GridinsoftRansom.Win32.Filecoder.bot!s1
ArcabitGeneric.Ransom.GandCrab.AD8A6194
SUPERAntiSpywareRansom.GandCrab/Variant
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGeneric.Ransom.GandCrab.AD8A6194
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Gandcrab.R255229
Acronissuspicious
McAfeeRansom-Gandcrab!462991F0ACE7
TACHYONRansom/W32.GandCrab.99840.B
VBA32BScope.Trojan.Chapak
MalwarebytesRansom.GandCrab
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/Filecoder.GandCrab.H
TrendMicro-HouseCallRansom.Win32.GANDCRAB.SMILB
RisingRansom.GandCrab!1.B8D6 (CLASSIC)
YandexTrojan.GenAsa!N5wkFSylebY
SentinelOneStatic AI – Malicious PE
eGambitTrojan.Generic
FortinetW32/GandCrab.B!tr.ransom
AVGWin32:RansomX-gen [Ransom]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan.Malware.7164915.susgen

How to remove Generic.Ransom.GandCrab.AD8A6194?

Generic.Ransom.GandCrab.AD8A6194 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment