Ransom

How to remove “Ransom.Shinolock.6”?

Malware Removal

The Ransom.Shinolock.6 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.Shinolock.6 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Attempts to delete volume shadow copies
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

Related domains:

shinolocker.com

How to determine Ransom.Shinolock.6?



File Info:

crc32: 7F61C4BA
md5: 8d855c6677f3be815b18fead4d44cc0b
name: 8D855C6677F3BE815B18FEAD4D44CC0B.mlw
sha1: 8108d2182aa7bc7f4eaa9d6c30ec68f963d9a31e
sha256: 4a7c65317cad63431147585da414c586ab17f24e9eb246ab8c46d7d044345219
sha512: afa8128be0db1eadbe4d082805ac72043415560235a1d52838f60e4f29d4a60e9cb912a3df22a468ebc8f320b4cccae9e37fa5ed0d4d16e249bb21148472e335
ssdeep: 12288:bzt4KEAEm+X/wTR7EqKTB3benFgiHrgp6:nt4KvEpX/wdfcB3beFgiL
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: ShinoSec Inc.
Assembly Version: 1.0.0.1
InternalName: ShinoLockerMain.exe
FileVersion: 1.0.0.1
CompanyName: ShinoSec Inc.
LegalTrademarks: ShinoLocker
Comments: Ransomeware Simulator
ProductName: ShinoLocker
ProductVersion: 1.0.0.1
FileDescription: ShinoLocker
OriginalFilename: ShinoLockerMain.exe

Ransom.Shinolock.6 also known as:

Elasticmalicious (high confidence)
CynetMalicious (score: 100)
ALYacGen:Variant.Ransom.Shinolock.6
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_70% (D)
Cybereasonmalicious.677f3b
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Packed.VMProtect.B
APEXMalicious
AvastWin32:RansomX-gen [Ransom]
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Ransom.Shinolock.6
MicroWorld-eScanGen:Variant.Ransom.Shinolock.6
Ad-AwareGen:Variant.Ransom.Shinolock.6
SophosML/PE-A + Mal/Shinolock-A
BitDefenderThetaGen:NN.ZemsilF.34050.Eu0@aauLrRe
FireEyeGeneric.mg.8d855c6677f3be81
EmsisoftGen:Variant.Ransom.Shinolock.6 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1134528
eGambitUnsafe.AI_Score_99%
MicrosoftRansom:MSIL/ShinoLock.A
ArcabitTrojan.Ransom.Shinolock.6
GDataGen:Variant.Ransom.Shinolock.6
MAXmalware (ai score=83)
VBA32TScope.Trojan.MSIL
IkarusTrojan.MSIL.Vmprotect
MaxSecureTrojan.Malware.300983.susgen
AVGWin32:RansomX-gen [Ransom]

How to remove Ransom.Shinolock.6?

Ransom.Shinolock.6 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment