Ransom

Ransom.Agent.UPX removal

Malware Removal

The Ransom.Agent.UPX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.Agent.UPX virus can do?

  • Creates RWX memory
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Ransom.Agent.UPX?



File Info:

crc32: 6D48071C
md5: f18876bbbc4fe1a2875749e35ce19daf
name: F18876BBBC4FE1A2875749E35CE19DAF.mlw
sha1: c945e443b73471a1a382e54f03f136fee1e97ce7
sha256: 77649dc887810a4e32251997b336349303f44f2797692b1880b5a584e44690a9
sha512: 5d384db83475687139c6947917d2facc1d1f5d3adbcbc9cbfce885e6b274704aa0f78837abc06226fea5d1a4eaa9e9e5239a90a3f38fdbd48ed2fdb67fea9f4a
ssdeep: 6144:PG7u6jrkwvKaXR0cyYLF6lcBapBdd2Md:+7u6jvnXRsLiATzd
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

0: [No Data]

Ransom.Agent.UPX also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Generic.5848174
CAT-QuickHealRansom.Weenloc.A8
ALYacTrojan.Generic.5848174
CylanceUnsafe
ZillyaTrojan.Fullscreen.Win32.36
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_60% (D)
BitDefenderTrojan.Generic.5848174
K7GWTrojan ( 0039911e1 )
K7AntiVirusTrojan ( 0039911e1 )
BaiduWin32.Trojan.LockScreen.b
CyrenW32/Trojan.GDVD-7096
SymantecTrojan.Ransomlock
TotalDefenseWin32/Ransom.BAM
APEXMalicious
AvastWin32:Trojan-gen
ClamAVWin.Ransomware.Fullscreen-7347612-0
KasperskyTrojan-Ransom.Win32.Blocker.jzec
AlibabaRansom:Win32/Blocker.487a3415
NANO-AntivirusTrojan.Win32.Fullscreen.crnep
TencentTrojan-Ransom.Win32.Blocker.jzec
Ad-AwareTrojan.Generic.5848174
EmsisoftTrojan.Generic.5848174 (B)
ComodoTrojWare.Win32.Ransom.Fullscreen.fgt@4t6ar8
F-SecureDropper.DR/Delphi.Gen4
DrWebTrojan.Winlock.3333
VIPRETrojan.Win32.Birele.mby (v)
TrendMicroRansom_WINLOCK.SM
McAfee-GW-EditionBehavesLike.Win32.Dropper.dc
FireEyeGeneric.mg.f18876bbbc4fe1a2
SophosMal/Generic-R + Mal/Ransom-AI
IkarusTrojan-Ransom.Birele
JiangminTrojan/Fullscreen.ak
WebrootW32.Malware.Gen
AviraDR/Delphi.Gen4
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan[Ransom]/Win32.PornoAsset.cioy
KingsoftHeur.SSC.5536.1216.(kcloud)
MicrosoftRansom:Win32/Weenloc.A
ArcabitTrojan.Generic.D593C6E
SUPERAntiSpywareTrojan.Agent/Gen-Ransom
ZoneAlarmTrojan-Ransom.Win32.Blocker.jzec
GDataTrojan.Generic.5848174
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Winlock.C134008
McAfeeGenericRXAA-AA!F18876BBBC4F
MAXmalware (ai score=100)
VBA32TScope.Trojan.Delf
MalwarebytesRansom.Agent.UPX
PandaTrj/Genetic.gen
ESET-NOD32Win32/LockScreen.AGU
TrendMicro-HouseCallRansom_WINLOCK.SM
RisingTrojan.Win32.Weenloc.a (CLOUD)
YandexTrojan.GenAsa!EkA5wRxKoJY
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/LockScreen.AGU!tr
BitDefenderThetaGen:NN.ZelphiF.34590.mmGfaKCWx9kI
AVGWin32:Trojan-gen
Cybereasonmalicious.bbc4fe
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Ransom.eea

How to remove Ransom.Agent.UPX?

Ransom.Agent.UPX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment