Ransom

Ransom.Troldesh.251 removal

Malware Removal

The Ransom.Troldesh.251 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.Troldesh.251 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Queries information on disks, possibly for anti-virtualization
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

ablegod.hopto.org

How to determine Ransom.Troldesh.251?



File Info:

crc32: 41C8DF6C
md5: e4f86ce3e8ed1427515443edb13bde27
name: E4F86CE3E8ED1427515443EDB13BDE27.mlw
sha1: 6ef0af88e92b33bf6f77a51ada02e44c7c09b9a7
sha256: 404890f96c3f442683da581a613683adbca57a09a5021cea9c01c4e23aaa7456
sha512: 60efaf0f6ebfac3b4eafec2477de89596d73cd7ff293486d35d383e0c3da7454c040781b8b5d1b8265ea2662709c3553ad9217198fee5bb50423993fe4accd26
ssdeep: 24576:tSWVOFV9HQUe6XvNQj5XWnoup5NxfOx1B//U2m:tCV9H7e6SdSaQ2m
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright Byte Technologies LLC.
FileVersion: 1.2
CompanyName: Byte Technologies LLC.
ProductName: ByteFence
ProductVersion: 1.2
FileDescription: ByteFence Real-time Protection Service
Translation: 0x0409 0x04b0

Ransom.Troldesh.251 also known as:

BkavW32.AIDetect.malware2
K7AntiVirusRiskware ( 0040eff71 )
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.18836
CynetMalicious (score: 99)
ALYacGen:Variant.Ransom.Troldesh.251
CylanceUnsafe
ZillyaDropper.Delf.Win32.28521
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaRansom:Win32/Foreign.4d1b42de
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.3e8ed1
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanDropper.Delf.OSQ
ZonerProbably Heur.ExeHeaderH
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Malware.Delf-6964478-0
KasperskyTrojan-Ransom.Win32.Foreign.ogft
BitDefenderGen:Variant.Ransom.Troldesh.251
NANO-AntivirusTrojan.Win32.Stealer.fpzdgi
MicroWorld-eScanGen:Variant.Ransom.Troldesh.251
TencentWin32.Trojan.Foreign.Amma
Ad-AwareGen:Variant.Ransom.Troldesh.251
SophosMal/Generic-S
ComodoMalware@#2sa5mtf5stm1x
BitDefenderThetaGen:NN.ZelphiF.34142.sP0aa4JLS7cO
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Trojan.tc
FireEyeGeneric.mg.e4f86ce3e8ed1427
EmsisoftGen:Variant.Ransom.Troldesh.251 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.Foreign.ggh
AviraHEUR/AGEN.1105368
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASMalwS.2B65E2C
MicrosoftExploit:Win32/ShellCode!ml
GDataGen:Variant.Ransom.Troldesh.251
AhnLab-V3Malware/Win32.Generic.C3218657
McAfeeArtemis!E4F86CE3E8ED
MalwarebytesTrojan.MalPack.SMY.Generic
PandaTrj/CI.A
RisingMalware.FakeXLS/ICON!1.9C3D (CLASSIC)
YandexTrojan.Foreign!vqDvuRZA3UY
IkarusBackdoor.Win32.Hupigon
MaxSecureTrojan.Malware.73688777.susgen
FortinetW32/GenKryptik.EKLE!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Ransom.Troldesh.251?

Ransom.Troldesh.251 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment