Ransom

What is “Ransom.OnyxLocker”?

Malware Removal

The Ransom.OnyxLocker is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom.OnyxLocker virus can do?

  • Network activity detected but not expressed in API logs

How to determine Ransom.OnyxLocker?


File Info:

crc32: 4E3AD072
md5: c4342cf1a1d89cf93a3ef1248e0339aa
name: C4342CF1A1D89CF93A3EF1248E0339AA.mlw
sha1: 13bc26c09782c8f9b95e860bfae9c1245650b659
sha256: d29f39f546d246786c2f3a9b75ec47a3238dc74c45d623c798242d244665711c
sha512: 9bb722290c77455b142d676f2ee781431e3c9d33bf792efb749c3e6fcd55217cba5b5dabd7c4c0fd39edbaaee53c65234bca43c80776e6502a599a3a61c1563a
ssdeep: 768:HXKesMwmZEgEmHlnILsAtmTxz4z6O2HORhgW8Q+KPCJ8:39wmZE/YusAtoEeO2IwQ+4R
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Com xa9 2019
Assembly Version: 1.0.0.0
InternalName: Onyx.exe
FileVersion: 1.0.0.0
CompanyName:
LegalTrademarks:
Comments:
ProductName: Com
ProductVersion: 1.0.0.0
FileDescription: Com
OriginalFilename: Onyx.exe

Ransom.OnyxLocker also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ser.MSILPerseus.3799
Qihoo-360Generic/Trojan.Ransom.d23
McAfeeArtemis!C4342CF1A1D8
CylanceUnsafe
ZillyaTrojan.Filecoder.Win32.11804
AegisLabTrojan.MSIL.Encoder.j!c
SangforMalware
K7AntiVirusTrojan ( 0055d1f01 )
BitDefenderGen:Variant.Ser.MSILPerseus.3799
K7GWTrojan ( 0055d1f01 )
CrowdStrikewin/malicious_confidence_90% (W)
ArcabitTrojan.Ser.MSILPerseus.DED7
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Trojan-gen
KasperskyHEUR:Trojan-Ransom.MSIL.Encoder.gen
AlibabaRansom:Win32/Genasom.505970bd
NANO-AntivirusTrojan.Win32.Encoder.hahywz
Ad-AwareGen:Variant.Ser.MSILPerseus.3799
EmsisoftGen:Variant.Ser.MSILPerseus.3799 (B)
ComodoMalware@#3cwcr7ttfrqvd
DrWebTrojan.Encoder.30951
InvinceaMal/Generic-S
McAfee-GW-EditionArtemis!Trojan
FireEyeGeneric.mg.c4342cf1a1d89cf9
SophosMal/Generic-S
IkarusTrojan-Ransom.FileCrypter
JiangminTrojan.MSIL.nvlh
WebrootW32.Ransom.Gen
MAXmalware (ai score=82)
Antiy-AVLTrojan[Ransom]/MSIL.Encoder
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftRansom:Win32/Genasom
ZoneAlarmHEUR:Trojan-Ransom.MSIL.Encoder.gen
GDataGen:Variant.Ser.MSILPerseus.3799
BitDefenderThetaGen:NN.ZemsilF.34634.cm0@a8r@WSd
ALYacGen:Variant.Ser.MSILPerseus.3799
MalwarebytesRansom.OnyxLocker
PandaTrj/GdSda.A
ESET-NOD32a variant of MSIL/Filecoder.WH
TencentMsil.Trojan.Encoder.Swam
YandexTrojan.Filecoder!4uWuFDQt/VM
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetMSIL/Filecoder.WH!tr.ransom
AVGWin32:Trojan-gen
Paloaltogeneric.ml
MaxSecureTrojan.Malware.73702460.susgen

How to remove Ransom.OnyxLocker?

Ransom.OnyxLocker removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment