Ransom.Troldesh.190 removal instruction

The Ransom.Troldesh.190 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom.Troldesh.190 virus can do?

Executable code extraction
Creates RWX memory
Starts servers listening on :0
Reads data out of its own binary image
The binary likely contains encrypted or compressed data.
Installs itself for autorun at Windows startup
Collects information about installed applications
Creates a hidden or system file
Creates a copy of itself

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Ransom.Troldesh.190?


File Info:
crc32: 110D75F7
md5: a21b16fd33bb5df045a5322558b496e3
name: A21B16FD33BB5DF045A5322558B496E3.mlw
sha1: 21d40882816ad8cb64c395aa297ad396fd77e81b
sha256: 37fb0a21054101fee94190b461239406126161833f24e7ae46470c1936db12e2
sha512: 3433d0dbd506bc30231e1ad2fd8ba55d247b21262225b9f9efef33708b35dd67cb04d31335ee0ed30cdc0ae5058afb2974a36cb0a1d387887bd0bc415a58cf14
ssdeep: 49152:5MRFMIq7DYZsf7Ddh8gCYCx+jfsYWjzx1uwwJC8:inMIS0a/r8gtpozLunL
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: (C)Nattyware 2007-2015 
CompanyName: Nattyware
PrivateBuild: 3.5.1.2
Comments: Msexchuseoab Verlag Unsuccessful Cmos Late
ProductName: Maximum
ProductVersion: 3.5.1.2
FileDescription: Msexchuseoab Verlag Unsuccessful Cmos Late
OriginalFilename: Maximum
Translation: 0x0409 0x04b0

Ransom.Troldesh.190 also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 0053e76b1 )
Lionic	Trojan.Win32.Shade.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.858
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Ransom.Troldesh.190
Cylance	Unsafe
Zillya	Trojan.Shade.Win32.817
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_60% (D)
Alibaba	Ransom:Win32/Shade.755e50dd
K7GW	Trojan ( 0053e76b1 )
Cybereason	malicious.d33bb5
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.GLLA
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Trojan-Ransom.Win32.Shade.owm
BitDefender	Gen:Variant.Ransom.Troldesh.190
NANO-Antivirus	Trojan.Win32.Shade.fistii
MicroWorld-eScan	Gen:Variant.Ransom.Troldesh.190
Tencent	Win32.Trojan.Shade.Liqd
Ad-Aware	Gen:Variant.Ransom.Troldesh.190
Sophos	Mal/Generic-S
BitDefenderTheta	Gen:NN.ZexaE.34058.Wr0@aKJNVcci
TrendMicro	Possible_HPGen-38
McAfee-GW-Edition	BehavesLike.Win32.Dropper.tc
FireEye	Generic.mg.a21b16fd33bb5df0
Emsisoft	Gen:Variant.Ransom.Troldesh.190 (B)
Jiangmin	Trojan.Shade.nq
Avira	HEUR/AGEN.1120840
Microsoft	Trojan:Win32/Skeeyah.A!rfn
Arcabit	Trojan.Ransom.Troldesh.190
GData	Gen:Variant.Ransom.Troldesh.190
AhnLab-V3	Malware/Win32.Possible_hpgen.C2741855
McAfee	Artemis!A21B16FD33BB
VBA32	TrojanRansom.Shade
Malwarebytes	MachineLearning/Anomalous.97%
Panda	Trj/CI.A
TrendMicro-HouseCall	Possible_HPGen-38
Yandex	Trojan.Shade!asSZjH76IUU
Ikarus	Trojan.Win32.Krypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/GenKryptik.CNCB!tr.ransom
AVG	Win32:Malware-gen
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.Shade.HgAASQwA

How to remove Ransom.Troldesh.190?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Ransom.Troldesh.190 removal instruction