How to remove "Ransom.Onion.A"?

The Ransom.Onion.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom.Onion.A virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Reads data out of its own binary image
Performs some HTTP requests
Executed a process and injected code into it, probably while unpacking
Mimics the file times of a Windows system file
Installs itself for autorun at Windows startup
Exhibits possible ransomware file modification behavior
Writes a potential ransom message to disk
Contacts C&C server HTTP check-in (Banking Trojan)
Creates a copy of itself
Appends a known Cerber ransomware file extension to files that have been encrypted
Anomalous binary characteristics

Related domains:

crazyloading.cc

ww17.crazyloading.cc

How to determine Ransom.Onion.A?


File Info:
crc32: B12F4DC4
md5: 3c93f5734de703d7ad198d2dad3b7ca4
name: 3C93F5734DE703D7AD198D2DAD3B7CA4.mlw
sha1: e9e4531a8aa8275fbf9b0e480eaeacd4f5a932b3
sha256: c71384686c8caa0a72dcc7e0a4e93f56b8c66f9523fa1498ec9cf1794144ad70
sha512: eb12c08e4dbca51410c9cd52abe113f01b1951dbe1f13918f927d8c9545de423a27c4377f2ff919f901d5a91ba3f527c0d8e531514b5220f9bbb8bc4b374b35d
ssdeep: 3072:m8Dsp+FNX1dFOvDlXJulnN9loRPJUiupi2UoJlYlv:m8dNXSEdKRxV7KJlYlv
type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

Version Info:
0: [No Data]

Ransom.Onion.A also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 001f8f911 )
Lionic	Trojan.Win32.Sysn.b!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.5054
Cynet	Malicious (score: 99)
CAT-QuickHeal	Ransom.Onion.A
ALYac	Trojan.Ransom.Filecoder
Cylance	Unsafe
Sangfor	Ransom.Win32.Enestedel.B!rsm
CrowdStrike	win/malicious_confidence_80% (D)
Alibaba	Ransom:Win32/Enestedel.abcaa78b
K7GW	Trojan ( 001f8f911 )
Cybereason	malicious.34de70
Symantec	Packed.NSISPacker!g6
ESET-NOD32	Win32/Filecoder.Q
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.GenericKD.34057633
NANO-Antivirus	Trojan.Win32.Inject.eeuokp
ViRobot	Trojan.Win32.S.Cerber.127353
MicroWorld-eScan	Trojan.GenericKD.34057633
Tencent	Win32.Trojan.Filecoder.Lmut
Ad-Aware	Trojan.GenericKD.34057633
Sophos	Mal/Generic-R + Mal/Miuref-L
Comodo	Malware@#2mf1lj1871xu2
BitDefenderTheta	Gen:NN.ZedlaF.34058.dq4@a0vYjtn
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_CERBERENC.SMNS1
McAfee-GW-Edition	BehavesLike.Win32.ObfusRansom.cc
FireEye	Generic.mg.3c93f5734de703d7
Emsisoft	Trojan.GenericKD.34057633 (B)
SentinelOne	Static AI – Suspicious PE
Webroot	Trojan.Dropper.Gen
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan/Generic.ASMalwS.1F853D3
Kingsoft	Win32.Troj.GenericKD.v.(kcloud)
Microsoft	Ransom:Win32/Sorikrypt.A
SUPERAntiSpyware	Ransom.Cerber/Variant
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Trojan.GenericKD.34057633
AhnLab-V3	Trojan/Win32.Cerber.C1502717
McAfee	Artemis!3C93F5734DE7
MAX	malware (ai score=100)
Malwarebytes	Malware.AI.210415151
Panda	Trj/CI.A
TrendMicro-HouseCall	Ransom_CERBERENC.SMNS1
Rising	Trojan.Generic@ML.100 (RDML:fWMWX41SYFv4vstcV4PEQQ)
Yandex	Trojan.Injector!FRIBotEAFuo
Fortinet	W32/Injector.DCKN!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.Generic.HyoD8DcA

How to remove Ransom.Onion.A?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

How to remove “Ransom.Onion.A”?