Ransom.Ranzy removal instruction

The Ransom.Ranzy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom.Ranzy virus can do?

A process attempted to delay the analysis task.
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
A process created a hidden window
Uses Windows utilities for basic functionality
Attempts to delete volume shadow copies
Modifies boot configuration settings
Writes a potential ransom message to disk
Clears Windows events or logs
Generates some ICMP traffic
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Ransom.Ranzy?


File Info:
crc32: 9C7D80B2
md5: bbf6bbbd644c5f63bb6b3bc5dc9c8b8d
name: BBF6BBBD644C5F63BB6B3BC5DC9C8B8D.mlw
sha1: 35a663c2ce68e48f1a6bcb71dc92a86b36d4c497
sha256: 393fd0768b24cd76ca653af3eba9bff93c6740a2669b30cf59f8a064c46437a2
sha512: 2e6f07b398751405f5b28c523f002d96d743551925329f2df73f86a1be6b85b15ddff78f0d78f00df103d64db56cd021bd4a4ff5a0fc96ce8585b15a7df5e582
ssdeep: 3072:WNnBEPCZ788hExMfHg/50iIETyyCDRk8gE9QIluYEh0VZvcWrfF:WPEa586nHg/50/ET3CoE7uYEa1
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Ransom.Ranzy also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.Ransom.Imps.1
CAT-QuickHeal	Trojanransom.Generic
McAfee	GenericRXLW-UE!BBF6BBBD644C
Cylance	Unsafe
Zillya	Trojan.Filecoder.Win32.16457
AegisLab	Trojan.Win32.DelShad.4!c
Sangfor	Malware
K7AntiVirus	Trojan ( 005700951 )
BitDefender	Gen:Heur.Ransom.Imps.1
K7GW	Trojan ( 005700951 )
Cybereason	malicious.d644c5
Arcabit	Trojan.Ransom.Imps.1
Cyren	W32/Filecoder.AJ.gen!Eldorado
Symantec	Downloader
APEX	Malicious
Avast	Win32:RansomX-gen [Ransom]
Kaspersky	HEUR:Trojan-Ransom.Win32.Generic
Alibaba	Ransom:Win32/FileCrypter.07d8b9d9
NANO-Antivirus	Trojan.Win32.DelShad.hzjric
ViRobot	Trojan,Win32.S.Ransom.141312
Tencent	Malware.Win32.Gencirc.11b01d8b
Ad-Aware	Gen:Heur.Ransom.Imps.1
Emsisoft	Trojan.FileCoder (A)
Comodo	Malware@#3hn27xouvu0ol
F-Secure	Trojan.TR/AD.RansomHeur.oytef
DrWeb	Trojan.Encoder.32806
TrendMicro	Ransom.Win32.THUNDERX.SMTH
McAfee-GW-Edition	GenericRXLW-UE!BBF6BBBD644C
FireEye	Generic.mg.bbf6bbbd644c5f63
Sophos	Mal/Generic-S
Ikarus	Trojan-Ransom.Ranzylocker
Jiangmin	Trojan.DelShad.agq
Webroot	W32.Ransom.Gen
Avira	TR/AD.RansomHeur.oytef
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Win32.DelShad
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Ransom.Win32.Ransom.oa
Microsoft	Ransom:Win32/FileCrypter.MB!MTB
ZoneAlarm	HEUR:Trojan-Ransom.Win32.Generic
GData	Gen:Heur.Ransom.Imps.1
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Ransomlock.R353561
VBA32	BScope.Trojan.DelShad
ALYac	Trojan.Ransom.Filecoder
Malwarebytes	Ransom.Ranzy
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Filecoder.RanzyLocker.A
TrendMicro-HouseCall	Ransom.Win32.THUNDERX.SMTH
Rising	Ransom.FileCrypter!8.11F42 (TFE:5:QDsKbiaRKNJ)
Yandex	Trojan.Filecoder!Grc/9E6H/XQ
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.74279478.susgen
Fortinet	W32/Filecoder.ODD!tr.ransom
BitDefenderTheta	Gen:NN.ZexaF.34634.iqW@aSoNd8ci
AVG	Win32:RansomX-gen [Ransom]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/Trojan.cc9

How to remove Ransom.Ranzy?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Ransom.Ranzy removal instruction