Ransom

Ransom.InfoDot.1 (B) removal instruction

Malware Removal

The Ransom.InfoDot.1 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.InfoDot.1 (B) virus can do?

  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • CAPE detected the shellcode get eip malware family
  • Uses suspicious command line tools or Windows utilities
  • Uses XCOPY for copying files
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Ransom.InfoDot.1 (B)?



File Info:

name: 9FA262ED7E967B539D38.mlw
path: /opt/CAPEv2/storage/binaries/21d27cb4cd56b67a833e6aad72fd02c1e760fc300f7995f7a07cd54ccd783ef9
crc32: 20553F12
md5: 9fa262ed7e967b539d38cb4d7ce81154
sha1: 2a776cecc638f4bb1d2566422f9a66fd1f372ac8
sha256: 21d27cb4cd56b67a833e6aad72fd02c1e760fc300f7995f7a07cd54ccd783ef9
sha512: 4ee8cbf73f2898a2857ecb48a359816ac23d45c8560eba1545c3fd7499f746733d03bf671973d94ee78eb2d80025c38b981f041d5042fcc26490cd8ea8a6accf
ssdeep: 49152:RnApg5ivlY4sn/eQC4JvYKRI8pOKBci7F8VSmEmnivsqEE5iPuZAZXJ7M:Rx5nJnVJ7OKBLZUMzEE5iWZc7M
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10AB533E0A5C0D031D50B6E76DDC96776AAF8B03437D44A0BBBC11F592A20AF6CB16763
sha3_384: 5f83753303e6bfa87a6aa10a858f31e6e4186ee30b0f1ed7ac17dbcc194c181fefedfc49e4446fc11c3b907bf2162f9a
ep_bytes: e8f0570000e978feffff8bff558bec56
timestamp: 2013-08-22 13:00:50


Version Info:

0: [No Data]

Ransom.InfoDot.1 (B) also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanGen:Variant.Ransom.InfoDot.1
FireEyeGen:Variant.Ransom.InfoDot.1
SkyhighBehavesLike.Win32.Dropper.vc
McAfeeArtemis!9FA262ED7E96
Cylanceunsafe
VIPREGen:Variant.Ransom.InfoDot.1
SangforTrojan.Win32.Agent.Vv0b
APEXMalicious
BitDefenderGen:Variant.Ransom.InfoDot.1
EmsisoftGen:Variant.Ransom.InfoDot.1 (B)
Trapminemalicious.high.ml.score
ArcabitTrojan.Ransom.InfoDot.1
GDataGen:Variant.Ransom.InfoDot.1
ALYacGen:Variant.Ransom.InfoDot.1
MAXmalware (ai score=83)
FortinetMalicious_Behavior.SB
DeepInstinctMALICIOUS
alibabacloudRansomWare:Win/InfoDot

How to remove Ransom.InfoDot.1 (B)?

Ransom.InfoDot.1 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment