Should I remove “Ransom.Troldesh”?

The Ransom.Troldesh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Ransom.Troldesh virus can do?

• Executable code extraction
• Injection (inter-process)
• Injection (Process Hollowing)
• Creates RWX memory
• Reads data out of its own binary image
• A process created a hidden window
• The binary likely contains encrypted or compressed data.
• Executed a process and injected code into it, probably while unpacking
• Installs itself for autorun at Windows startup
• Collects information about installed applications
• Creates a hidden or system file
• Creates a copy of itself
• Anomalous binary characteristics

How to determine Ransom.Troldesh?

File Info:
crc32: 720746EFmd5: e99a6653e12d6b676a8984380b387a15name: 2c.jpgsha1: 3c17b6a7e1f0d3be71cfa185d8866f7caccbeb46sha256: 6556303d76c57a172c38ce49630acbceb6b5fb9f033a9ff0c3d1ad5668269c32sha512: e908819771ba6eabb61433c65763593eb941554f677784657f4409cc51c7c342542e02bc2fe54caff9e3f3044ea993d29abfef499723a68222ed37cba1227941ssdeep: 24576:zroIU88zqtrXk/VVDJAjqQDFp/a10tYXob:zrH58mtr0Z0dhpWqbtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
FileOldVersion: 1.0.4.4ProductVersion: 1.7.6Copyrighd: Copyrighd (C) 2020, odfgbivInternalNameTwo: gjtrrh.exeTranslation: 0x0841 0x04c4

Ransom.Troldesh also known as:

DrWeb	Trojan.Encoder.858
MicroWorld-eScan	Trojan.GenericKD.32727374
FireEye	Generic.mg.e99a6653e12d6b67
CAT-QuickHeal	Ransom.Troldesh
McAfee	Ransomware-GRA!E99A6653E12D
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Riskware.Win32.TorTool.1!c
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKD.32727374
K7GW	Trojan ( 0055bbd91 )
K7AntiVirus	Trojan ( 0055bbd91 )
TrendMicro	TROJ_FRS.VSNW12K19
BitDefenderTheta	Gen:NN.ZexaF.32515.@y0@a4KyS0b
Symantec	Downloader
APEX	Malicious
Avast	Win32:DropperX-gen [Drp]
ClamAV	Win.Dropper.Tofsee-7402230-0
GData	Trojan.GenericKD.32727374
Kaspersky	not-a-virus:NetTool.Win32.TorTool.abh
NANO-Antivirus	Trojan.Win32.Encoder.gixgyo
ViRobot	Trojan.Win32.Z.Wacatac.1036800.C
Rising	Trojan.Kryptik!1.BE74 (CLASSIC)
Ad-Aware	Trojan.GenericKD.32727374
Sophos	Troj/Ransom-FSI
Comodo	Malware@#25wk32zyd6437
F-Secure	Trojan.TR/AD.Troldesh.vauvq
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Generic.fc
Trapmine	malicious.moderate.ml.score
Ikarus	Trojan-Downloader.Win32.SmokeLoader
Cyren	W32/Trojan.DLBN-3946
Jiangmin	NetTool.TorTool.ax
Webroot	W32.Trojan.GenKD
Avira	TR/AD.Troldesh.vauvq
Antiy-AVL	RiskWare[NetTool]/Win32.TorTool
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.D1F3614E
ZoneAlarm	not-a-virus:NetTool.Win32.TorTool.abh
Microsoft	Trojan:Win32/GandCrypt.GB!MTB
AhnLab-V3	Trojan/Win32.MalPe.R299953
Acronis	suspicious
VBA32	BScope.Trojan.Wacatac
ALYac	Trojan.Ransom.Shade
MAX	malware (ai score=85)
Malwarebytes	Trojan.MalPack.GS
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Kryptik.GYNN
TrendMicro-HouseCall	TROJ_FRS.VSNW12K19
SentinelOne	DFI – Malicious PE
MaxSecure	Trojan.Malware.74701925.susgen
Fortinet	Malicious_Behavior.SB
AVG	Win32:DropperX-gen [Drp]
Cybereason	malicious.7e1f0d
Qihoo-360	Win32/Virus.NetTool.0be

How to remove Ransom.Troldesh?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.