Ransom

How to remove “Ransom.Lorenz”?

Malware Removal

The Ransom.Lorenz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.Lorenz virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Writes a potential ransom message to disk
  • CAPE detected the Lorenz malware family
  • Attempts to modify proxy settings

How to determine Ransom.Lorenz?



File Info:

name: CAF71D2E0DC73599419A.mlw
path: /opt/CAPEv2/storage/binaries/8ea6a6d4578029c7b2dbbfb525ec88b2cb309901ec5a987847471b6101f0de41
crc32: 2E8ADDFC
md5: caf71d2e0dc73599419ae4031c9a2f5a
sha1: a62ad51237795fc72cd594c444b67160c778cc4b
sha256: 8ea6a6d4578029c7b2dbbfb525ec88b2cb309901ec5a987847471b6101f0de41
sha512: 49ad3b9a85a81cc8810ff64a40cb4da9c1621a45128ee4208704322a2badf167d4b277ac90a46a2e8e6bad186ad01e9be51a6feb8d8b6b0385cf5dcc0d475c8f
ssdeep: 24576:FIEm8fbdxDduBTmP+cTYgucJ7LNmWe+GU:Bm8fbGqPuAYWGU
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1E3254A01E7A19038F8B746FA8EFE255DA42CBE51072590CB63C854DF1A79AE17E31723
sha3_384: d776d678ae2b632c559091445c4c8e046ce0d684938068e96b3a07ce106225c2bd12a8d47eee105c9a8b75e9a325bac8
ep_bytes: 558bece888fdffff5dc3cccccccccccc
timestamp: 2021-12-17 12:31:02


Version Info:

0: [No Data]

Ransom.Lorenz also known as:

LionicTrojan.Win32.Generic.j!c
MicroWorld-eScanGen:Variant.Ransom.Midie.13
FireEyeGeneric.mg.caf71d2e0dc73599
CAT-QuickHealTrojan.RansomCiR
ALYacTrojan.Ransom.Filecoder
CylanceUnsafe
ZillyaTrojan.Filecoder.Win32.22044
SangforRansom.Win32.Filecoder.Via3
K7AntiVirusTrojan ( 0058c8531 )
AlibabaRansom:Win32/FileCryptor.eff6b616
K7GWTrojan ( 0058c8531 )
CyrenW32/ABRisk.OVJU-7303
SymantecTrojan Horse
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Filecoder.Lorenz.E
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Ransom.Win32.Generic
BitDefenderGen:Variant.Ransom.Midie.13
AvastWin32:RansomX-gen [Ransom]
TencentWin32.Trojan.Filecoder.Tcvv
Ad-AwareGen:Variant.Ransom.Midie.13
EmsisoftGen:Variant.Ransom.Midie.13 (B)
VIPREGen:Variant.Ransom.Midie.13
TrendMicroRansom.Win32.THUNDERCRYPT.YXCD3
McAfee-GW-EditionRDN/Ransom
Trapminesuspicious.low.ml.score
GDataGen:Variant.Ransom.Midie.13
WebrootW32.AGent.a
AviraTR/Redcap.lwecm
ArcabitTrojan.Ransom.Midie.13
ZoneAlarmHEUR:Trojan-Ransom.Win32.Generic
MicrosoftRansom:Win32/FileCryptor!MTB
CynetMalicious (score: 100)
AhnLab-V3Ransomware/Win.Ransom.C4915118
McAfeeRDN/Ransom
MAXmalware (ai score=100)
VBA32suspected of Trojan.Downloader.gen
MalwarebytesRansom.Lorenz
TrendMicro-HouseCallRansom.Win32.THUNDERCRYPT.YXCD3
RisingRansom.Lorenz!8.1353C (KTSE)
YandexTrojan.Filecoder!MhXJuIepN6w
IkarusTrojan-Ransom.Lorenz
MaxSecureTrojan.Malware.10307848.susgen
FortinetW32/Filecoder_Lorenz.E!tr.ransom
BitDefenderThetaGen:NN.ZexaF.34742.@CW@auNcJvai
AVGWin32:RansomX-gen [Ransom]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ransom.Lorenz?

Ransom.Lorenz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment