How to remove "Ransom.BrowserModifier"?

The Ransom.BrowserModifier is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom.BrowserModifier virus can do?

Executable code extraction
Creates RWX memory
A process created a hidden window
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Uses Windows utilities for basic functionality
Attempts to restart the guest VM
Modifies boot configuration settings
Installs itself for autorun at Windows startup
Creates a copy of itself
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

goanonym.se

edgedl.me.gvt1.com

update.googleapis.com

How to determine Ransom.BrowserModifier?


File Info:
crc32: 15EC2E06
md5: d6087721bd0e2ab9ac2a1e2bff522fdc
name: D6087721BD0E2AB9AC2A1E2BFF522FDC.mlw
sha1: ed8d81ed78b833bf4053ee8e5ad72aab7ff62aea
sha256: 68206b7d1b284df53cfc4e6cd98573ed5f5a2051f9573e7ff67e612837a08fe6
sha512: a719fce451c04dc4e7d496e2b357acc613e548f3f9f5af142b04e3af1a9ed3886f260c7dff64cfedcaa95bb5563ec916b96ab988ce71e509d8183c2e5166b7fe
ssdeep: 768:5RbWf7TeOzW9awMac8FnCAN/rk35k23TbfOEu9R2sVqtpC:ifHlIkSFnCAN/yGSTbmEu9R2sVqtg
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 JavaTM 2015
Assembly Version: 3.0.1.0
InternalName: JavaTM.exe
FileVersion: 3.0.1.0
CompanyName: 
LegalTrademarks: 
Comments: 
ProductName: JavaTM
ProductVersion: 3.0.1.0
FileDescription: JavaTM
OriginalFilename: JavaTM.exe

Ransom.BrowserModifier also known as:

K7AntiVirus	Trojan ( 004e2c3e1 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Winlock.13518
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.LockScreen.A3
ALYac	Gen:Variant.Zusy.192616
Cylance	Unsafe
Zillya	Trojan.Blocker.Win32.34459
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_80% (D)
K7GW	Trojan ( 004e2c3e1 )
Cybereason	malicious.1bd0e2
Cyren	W32/S-b2497844!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/LockScreen.PG
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Trojan.MSIL.Agent.fpai
BitDefender	Gen:Variant.Zusy.192616
NANO-Antivirus	Trojan.Win32.KillProc.efitdp
MicroWorld-eScan	Gen:Variant.Zusy.192616
Tencent	Win32.Trojan.Generic.Wopk
Ad-Aware	Gen:Variant.Zusy.192616
Sophos	Mal/Generic-R + Mal/BrLock-A
BitDefenderTheta	Gen:NN.ZemsilF.34110.gm0@aW9x9sj
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_BRLOCK.SM
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.d6087721bd0e2ab9
Emsisoft	Gen:Variant.Zusy.192616 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Generic.ahlns
Avira	HEUR/AGEN.1127555
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASMalwS.1A3870F
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:MSIL/Lockscreen.C!bit
GData	Gen:Variant.Zusy.192616
AhnLab-V3	Trojan/Win32.Dynamer.R181171
McAfee	Artemis!D6087721BD0E
MAX	malware (ai score=81)
Malwarebytes	Ransom.BrowserModifier
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Ransom_BRLOCK.SM
Ikarus	Trojan.MSIL.LockScreen
Fortinet	W32/LockScreen.FD03!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml

How to remove Ransom.BrowserModifier?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

How to remove “Ransom.BrowserModifier”?