Ransom.Prometheus.2 removal guide

The Ransom.Prometheus.2 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ransom.Prometheus.2 virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Ransom.Prometheus.2?


File Info:
name: C5371698EF69DA9A1B7D.mlw
path: /opt/CAPEv2/storage/binaries/5c5d4c844384517264f431ec4e04b00600d108b3a195e276c47b53a5c2fe6f03
crc32: F9F738B4
md5: c5371698ef69da9a1b7d2e925bd473a7
sha1: 0afa0cbe668917a1933e108ed14ed95936c725ed
sha256: 5c5d4c844384517264f431ec4e04b00600d108b3a195e276c47b53a5c2fe6f03
sha512: 463b45f12c88641bcb6981504afe0fda6e675317c2bf29aecbb7146d51d29dc64810dc8154861cc0b45918288b63820e8f6b24ead400a7d4ffdc9516eceb8893
ssdeep: 24576:+k5M77tjJciNArhB7EzFiWoiJauvcW/XRww1+1Y9saxDLu:+kWPtjNItCwWVL9s+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14B557D01BE44CE11F0191633C2FF454847B0A95166EAEB2B7DBA37AD59123AB3D0D9CB
sha3_384: 890d0c10fa3deccea7e035e7690578ef1f163890ff0c5c7c4884b1a28fe95b60f23f3fe7aa90595ba00edcea8f54a068
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-05-04 16:03:35

Version Info:
FileVersion: 5.15.2.0
OriginalFilename: libGLESv2.dll
ProductName: libGLESv2
ProductVersion: 5.15.2.0
Translation: 0x0409 0x04b0

Ransom.Prometheus.2 also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.DCRat.m!c
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.StealerNET.124
MicroWorld-eScan	Gen:Variant.Ransom.Prometheus.2
ClamAV	Win.Packed.Msilmamut-9950860-0
FireEye	Generic.mg.c5371698ef69da9a
CAT-QuickHeal	Trojan.DCRat.S29707587
Skyhigh	BehavesLike.Win32.Generic.tc
McAfee	Trojan-FUJL!C5371698EF69
Malwarebytes	Generic.Spyware.Stealer.DDS
Zillya	Trojan.BasicGen.Win32.4
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Backdoor:MSIL/DCRat.d3b5f164
K7GW	Spyware ( 0058ebd51 )
K7AntiVirus	Spyware ( 0058ebd51 )
BitDefenderTheta	Gen:NN.ZemsilF.36744.sr0@a4BS6jhi
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of MSIL/Spy.Agent.DTP
APEX	Malicious
Kaspersky	HEUR:Backdoor.MSIL.DCRat.gen
BitDefender	Gen:Variant.Ransom.Prometheus.2
Avast	Win32:RATX-gen [Trj]
Tencent	Trojan.Msil.Dcrat.xa
Emsisoft	Gen:Variant.Ransom.Prometheus.2 (B)
F-Secure	Heuristic.HEUR/AGEN.1323984
VIPRE	Gen:Variant.Ransom.Prometheus.2
Sophos	Troj/DCRat-N
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.Ransom.Prometheus.2
Google	Detected
Avira	HEUR/AGEN.1323984
Kingsoft	malware.kb.c.994
Arcabit	Trojan.Ransom.Prometheus.2
ZoneAlarm	HEUR:Backdoor.MSIL.DCRat.gen
Microsoft	Backdoor:MSIL/DCRat!MTB
Varist	W32/MSIL_Agent.LQ.gen!Eldorado
AhnLab-V3	Trojan/Win.FUJL.C5119684
Acronis	suspicious
ALYac	Gen:Variant.Ransom.Prometheus.2
MAX	malware (ai score=84)
Cylance	unsafe
Panda	Trj/GdSda.A
Rising	Backdoor.DcRat!8.129D9 (CLOUD)
Ikarus	Trojan.MSIL.Injector
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	MSIL/Agent.DVA!tr
AVG	Win32:RATX-gen [Trj]
Cybereason	malicious.e66891
DeepInstinct	MALICIOUS

How to remove Ransom.Prometheus.2?

Ransom.Prometheus.2 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X