Ransom

Generic.Ransom.MBRLock.066C8660 removal instruction

Malware Removal

The Generic.Ransom.MBRLock.066C8660 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Generic.Ransom.MBRLock.066C8660 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Enumerates running processes
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Likely installs a bootkit via raw harddisk modifications
  • Attempts to restart the guest VM
  • Wrote 512 bytes to physical drive potentially indicative of overwriting the Master Boot Record (MBR)
  • CAPE detected the XiaoBa malware family
  • Adds a new user to the Administrators group
  • Overwites local Administrator password
  • Attempted to write directly to a physical drive
  • Attempts to disable or modify Explorer Folder Options
  • Disables host Power options (shutdown, logoff, lock, change password)
  • Attempts to disable or modify the Run command from the Start menu and the New Task (Run) command from Task Manager
  • Uses suspicious command line tools or Windows utilities

How to determine Generic.Ransom.MBRLock.066C8660?


File Info:

name: BCCECCE87BA4DD28F1F6.mlw
path: /opt/CAPEv2/storage/binaries/6f6d8dba095e5d1409182e7f6b60c910039095721b35e2fb51ef12a29facb971
crc32: FFF0614C
md5: bccecce87ba4dd28f1f6f4821aed27ac
sha1: c6d3eabc3e60ffebde64a5e8941cb82facbad904
sha256: 6f6d8dba095e5d1409182e7f6b60c910039095721b35e2fb51ef12a29facb971
sha512: 3b58d002fabeab06ee6603c3c787bfa2f174b06397b8371b7865afe0594e359b3014a440f00e0976a1407663d10f63ba245e8aaf2460eb44edb9455b364577b2
ssdeep: 6144:W0o6jRiHVftL84iilcWyBVy/YPmgyZHHul0MMNz8Mcys6a0rAFyK74RDbWzMvrSg:W0e1L84iiSrOMlpMJLi+K74R+zMvrnL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F1F4AF11B5C280FAC624193054AA7736DA37A6160B15CFC3A398DE6D6D33D50E93737B
sha3_384: ad3506cbf121bbb242368bb60e75efc866b1586a4d4d043ca9c70b6f19c07187265a0f8bddbd26e9bd3ef7f13dd63414
ep_bytes: 558bec6aff6868f14800688468460064
timestamp: 2022-05-03 15:02:18

Version Info:

0: [No Data]

Generic.Ransom.MBRLock.066C8660 also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
MicroWorld-eScanDeepScan:Generic.Ransom.MBRLock.066C8660
FireEyeGeneric.mg.bccecce87ba4dd28
McAfeeGenericRXAA-FA!BCCECCE87BA4
CylanceUnsafe
Sangfor[ARMADILLO V1.71]
K7AntiVirusTrojan ( 005246d51 )
BitDefenderDeepScan:Generic.Ransom.MBRLock.066C8660
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.87ba4d
BitDefenderThetaAI:Packer.CD769DB421
CyrenW32/S-480dd005!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Disabler.NPR
BaiduWin32.Trojan.KillAV.f
ClamAVWin.Trojan.Generic-9779041-0
KasperskyUDS:Trojan.Win32.KillMBR.gen
APEXMalicious
Ad-AwareDeepScan:Generic.Ransom.MBRLock.066C8660
ComodoWorm.Win32.Dropper.RA@1qraug
McAfee-GW-EditionBehavesLike.Win32.Generic.bh
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
JiangminHeur:Trojan/AntiAV
MAXmalware (ai score=85)
MicrosoftTrojan:Win32/Avkill.E
ZoneAlarmHEUR:Trojan.Win32.AntiAV
GDataWin32.Trojan-Ransom.Molock.A
AhnLab-V3Malware/Win32.Generic.C717856
VBA32Trojan.Hide.Heur
PandaTrj/GdSda.A
RisingTrojan.KillAV!1.9D3A (CLASSIC)
IkarusTrojan.Win32.Disabler
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/MBRlock.AQ!tr
AVGWin32:AutoRun-BRF [Wrm]
AvastWin32:AutoRun-BRF [Wrm]
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Generic.Ransom.MBRLock.066C8660?

Generic.Ransom.MBRLock.066C8660 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment