Ransom

Ransom.129 removal guide

Malware Removal

The Ransom.129 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom.129 virus can do?

  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Ransom.129?


File Info:

crc32: 0C2363F5
md5: cabcc8509e5313ad3089916a39a054d5
name: CABCC8509E5313AD3089916A39A054D5.mlw
sha1: 68a3d8b93b7ab55506e492b8127f11cfe37ad2c9
sha256: 09caaf04f4482ed74eb5046c4050de2342134ff512d73fec6d1ce9006bfe2039
sha512: f2154650bea399e8c1bb4d22ace59103577fc11da381e2f660a0521cd2f9446013f93f3a22c0bf8687e77c61ccc8a74a622e5d801ac63a686bb2750b746af3d6
ssdeep: 1536:XNSLPrXmJNvB7bLjkpaBll23t35oWxC2t61ki+CguuE:iPrXmJNp7bk4Bll2393mkiiuH
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Phone 2003-2009
InternalName: Tush Lower Scale Wears Con Pork
FileVersion: 10, 6
CompanyName: Tomasz Pawlak
ProductName: Muzak Usher Eddie Loaf Heady Canto
ProductVersion: 10.6
FileDescription: Spoon Unix
OriginalFilename: Lace.exe
Translation: 0x0409 0x04b0

Ransom.129 also known as:

BkavW32.AIDetect.malware1
K7AntiVirusP2PWorm ( 003101f51 )
Elasticmalicious (high confidence)
DrWebTrojan.Click3.18062
CynetMalicious (score: 100)
ALYacGen:Variant.Ransom.129
CylanceUnsafe
ZillyaWorm.AutoRun.Win32.122042
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaTrojanSpy:Win32/AutoRun.c7c16705
K7GWP2PWorm ( 003101f51 )
Cybereasonmalicious.09e531
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/AutoRun.Spy.Banker.M
APEXMalicious
AvastFileRepMalware
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Variant.Ransom.129
NANO-AntivirusTrojan.Win32.AutoRun.kfpoz
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik[tp]
MicroWorld-eScanGen:Variant.Ransom.129
TencentWin32.Worm.Autorun.Tbiq
Ad-AwareGen:Variant.Ransom.129
SophosMal/Generic-S
ComodoMalware@#p7w9xvl29y9i
BitDefenderThetaGen:NN.ZexaF.34722.fq0@aukFuYki
VIPRETrojan.Win32.Bredo.rh (v)
McAfee-GW-EditionArtemis!Trojan
FireEyeGeneric.mg.cabcc8509e5313ad
EmsisoftGen:Variant.Ransom.129 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1123149
eGambitGeneric.Malware
Antiy-AVLTrojan/Generic.ASMalwS.183ABBE
AegisLabRiskware.Win32.Generic.1!c
GDataGen:Variant.Ransom.129
Acronissuspicious
McAfeeArtemis!CABCC8509E53
MAXmalware (ai score=98)
VBA32BScope.Backdoor.Androm
PandaTrj/GdSda.A
RisingTrojan.Generic@ML.98 (RDML:gKIDJr+VUI2HbADVsmDmqw)
YandexWorm.AutoRun!TBX+08UprFw
IkarusTrojan-Downloader.Win32.Dofoil
FortinetW32/Yakes.B!tr
AVGFileRepMalware
Paloaltogeneric.ml

How to remove Ransom.129?

Ransom.129 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment