Categories: Ransom

How to remove “Mal/Ransom-EG”?

The Mal/Ransom-EG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Ransom-EG virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Attempts to identify installed AV products by registry key
  • Creates a copy of itself
  • Attempts to disable System Restore
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Mal/Ransom-EG?



File Info:

name: C4B99514B0B32C845ACD.mlwpath: /opt/CAPEv2/storage/binaries/eca5dc69c1f7592558525effdd1f18027d0375f68ff452b2e441de3b7642b31acrc32: 0CBC8415md5: c4b99514b0b32c845acdc9603b7f3bdesha1: 9bc43064ea5a75ef4c6bfaa5d05efe12348932b8sha256: eca5dc69c1f7592558525effdd1f18027d0375f68ff452b2e441de3b7642b31asha512: b9102461bbf00b05373b97e23f63775e532dd29d3157753ffa12039c83580e64a985b1122654d9ab73faa37c62a2b2d09e6812c331de8be67fe649e304032eaessdeep: 6144:BHQHyKpJLQXz+PAOmSwPQ6YpRSxdwJpu2WPGDc:JXKp1PAqx6YedwJJctype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T11124D0185AC35F73F392C4BA51AC55338BEB1F2B68998173D2908BCABC44C37D899356sha3_384: e2b502f75a593df36acd07e5c3abdba922203f7f672efe2a46bf03ecd6945f54143dba3df396e754eda7143a02429e1eep_bytes: 558bec6aff6838c4400068e0bb400064timestamp: 2008-07-29 07:03:18

Version Info:

CompanyName: IAC Search & MediaFileDescription: BushesFileVersion: 0,222,25,30LegalCopyright: Contemporary © 2017 IncOriginalFilename: Cellars.exeProductName: Balanced Blemishes

Mal/Ransom-EG also known as:

Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Yakes.mDOo
MicroWorld-eScan Trojan.Cripack.Gen.1
ClamAV Win.Malware.Crowti-7555742-0
FireEye Generic.mg.c4b99514b0b32c84
CAT-QuickHeal Ransome.Teerac.PS4
McAfee GenericR-EYU!C4B99514B0B3
Malwarebytes Generic.Malware/Suspicious
Zillya Adware.BrowseFox.Win32.178681
Sangfor Suspicious.Win32.Save.ins
K7AntiVirus Trojan ( 005626ea1 )
Alibaba Ransom:Win32/Crowti.1861479a
K7GW Trojan ( 005626ea1 )
CrowdStrike win/malicious_confidence_100% (W)
Baidu Win32.Trojan.Kryptik.qb
VirIT Trojan.Win32.Zbot.AJDT
Cyren W32/Crowti.C.gen!Eldorado
Symantec Ransom.CryptoWall!gm
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Kryptik.EDAS
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Trojan.Cripack.Gen.1
NANO-Antivirus Trojan.Win32.AD.dykkur
Avast Win32:Evo-gen [Trj]
Tencent Malware.Win32.Gencirc.1159bb2e
Emsisoft Trojan.Cripack.Gen.1 (B)
F-Secure Trojan.TR/Crypt.ZPACK.Gen7
DrWeb Trojan.Encoder.514
VIPRE Trojan.Cripack.Gen.1
TrendMicro Ransom_HPCRYPTESLA.SM2
McAfee-GW-Edition BehavesLike.Win32.Generic.dm
Trapmine malicious.moderate.ml.score
Sophos Mal/Ransom-EG
Ikarus Trojan.Crypt
GData Trojan.Cripack.Gen.1
Jiangmin Trojan.Generic.fivl
Webroot W32.Trojan.Gen
Avira TR/Crypt.ZPACK.Gen7
Antiy-AVL Trojan/Win32.SGeneric
Xcitium Malware@#12rsnkc6xdbi2
Arcabit Trojan.Cripack.Gen.1
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Ransom:Win32/Crowti.A
Google Detected
AhnLab-V3 Win-Trojan/Lockycrypt.Gen
BitDefenderTheta Gen:NN.ZexaF.36196.nq1@aOE0s7ei
MAX malware (ai score=83)
VBA32 SScope.Malware-Cryptor.Drixed
Cylance unsafe
Panda Trj/Genetic.gen
TrendMicro-HouseCall Ransom_HPCRYPTESLA.SM2
Rising Malware.Undefined!8.C (TFE:5:Xo9ztKjKFIP)
Yandex Trojan.Kryptik!dVMROqYEnVE
SentinelOne Static AI – Suspicious PE
MaxSecure Trojan.Malware.1728101.susgen
Fortinet W32/Tinba.Q!tr
AVG Win32:Evo-gen [Trj]
Cybereason malicious.4b0b32
DeepInstinct MALICIOUS

How to remove Mal/Ransom-EG?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Cellars.exeMal/Ransom-EG
11 months ago

Recent Posts

About “TrojanDownloader:Win32/Seimon.D” infection

The TrojanDownloader:Win32/Seimon.D is considered dangerous by lots of security experts. When this infection is active,…

10 mins ago

VHO:Trojan.Win32.Copak.cpulx removal tips

The VHO:Trojan.Win32.Copak.cpulx is considered dangerous by lots of security experts. When this infection is active,…

10 mins ago

Virus:Win32/Jadtre.B information

The Virus:Win32/Jadtre.B is considered dangerous by lots of security experts. When this infection is active,…

15 mins ago

Generic.Dialer.067D8B6E (file analysis)

The Generic.Dialer.067D8B6E is considered dangerous by lots of security experts. When this infection is active,…

20 mins ago

How to remove “Trojan:Win32/Vbclone.RPX!MTB”?

The Trojan:Win32/Vbclone.RPX!MTB is considered dangerous by lots of security experts. When this infection is active,…

24 mins ago

Malware.AI.2511406519 removal tips

The Malware.AI.2511406519 is considered dangerous by lots of security experts. When this infection is active,…

26 mins ago