About "Ransom.GandCrab.1787" infection

The Ransom.GandCrab.1787 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom.GandCrab.1787 virus can do?

Executable code extraction
Creates RWX memory
Unconventionial binary language: Russian
Unconventionial language used in binary resources: Russian
Anomalous binary characteristics

Related domains:

lamp.troublerifle.bid

light.representativeglass.bid

How to determine Ransom.GandCrab.1787?


File Info:
crc32: 2F856B8E
md5: 02963179da77bcfd3a5d48482fd304c6
name: 02963179DA77BCFD3A5D48482FD304C6.mlw
sha1: 781f419e9c5efaa5d39b9403a08e88a0091a4aa1
sha256: 4da2631f1f321bb03aa77134f7cb6749d2ccaeb40c672e7ca34b0dd351a45893
sha512: 00a091f83cc111a31558344df163a3791cc8553ea3379668838221c571e0bbb5d384db83a0f55b6db044ec343c1a7ef8af160e51e70ddc2e7a5e5bf2f224ac60
ssdeep: 12288:EaiddeXNvXp1ulxNnlO9wghnQo908X1yBPNiHL:ZiddedvXOxNnlOugJ22
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright (C) 2018
FileVersion: 1.0.0.1
CompanyName: TODO: 
ProductName: TODO: 
ProductVersion: 1.0.0.1
FileDescription: TODO: 
Translation: 0x0419 0x04b0

Ransom.GandCrab.1787 also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Ransom.GandCrab.1787
FireEye	Generic.mg.02963179da77bcfd
CAT-QuickHeal	SWB.Prepscram.JK6
Qihoo-360	Win32/Virus.Adware.b51
McAfee	Packed-ZA!02963179DA77
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 00528e801 )
BitDefender	Gen:Variant.Ransom.GandCrab.1787
K7GW	Trojan ( 005267551 )
Cybereason	malicious.9da77b
BitDefenderTheta	Gen:NN.ZexaF.34590.pz0@aSKZhHbk
Cyren	W32/S-ec8ab2eb!Eldorado
Symantec	Adware.IstartSurf
ESET-NOD32	a variant of Win32/Kryptik.GCWT
APEX	Malicious
Avast	FileRepMetagen [Adw]
Kaspersky	not-a-virus:HEUR:AdWare.Win32.Generic
NANO-Antivirus	Riskware.Win32.Vittalia.eyyqfr
Tencent	Win32.Adware.Generic.Eeo
Ad-Aware	Gen:Variant.Ransom.GandCrab.1787
Emsisoft	Gen:Variant.Ransom.GandCrab.1787 (B)
Comodo	Application.Win32.IStartSurf.BS@7lng48
F-Secure	Heuristic.HEUR/AGEN.1103309
DrWeb	Trojan.Vittalia.14640
McAfee-GW-Edition	BehavesLike.Win32.Generic.tt
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
Jiangmin	AdWare.Generic.mdax
Avira	HEUR/AGEN.1103309
Antiy-AVL	GrayWare[AdWare]/Win32.AGeneric
Microsoft	SoftwareBundler:Win32/Prepscram
Arcabit	Trojan.Ransom.GandCrab.D6FB
SUPERAntiSpyware	Ransom.GandCrab/Variant
AhnLab-V3	PUP/Win32.IStartSurf.R220101
ZoneAlarm	not-a-virus:HEUR:AdWare.Win32.Generic
GData	Gen:Variant.Ransom.GandCrab.1787
Cynet	Malicious (score: 100)
Acronis	suspicious
VBA32	Trojan.Vittalia
ALYac	Gen:Variant.Ransom.GandCrab.1787
MAX	malware (ai score=100)
Malwarebytes	Adware.IStartSurf
Panda	Trj/Genetic.gen
Rising	Trojan.Kryptik!1.B032 (CLOUD)
Yandex	Trojan.GenAsa!FWPhcEJUJ/g
Ikarus	Trojan.Kryptik
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Kryptik.FXGV!tr
AVG	FileRepMetagen [Adw]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Ransom.GandCrab.1787?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About “Ransom.GandCrab.1787” infection