Categories: Ransom

How to remove “Ransom:BAT/DisableDefender.A!dha”?

The Ransom:BAT/DisableDefender.A!dha is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:BAT/DisableDefender.A!dha virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A HTTP/S link was seen in a script or command line
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Created a process from a suspicious location
  • Creates a copy of itself
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom:BAT/DisableDefender.A!dha?



File Info:

name: F7B04EB83694EAB061DA.mlwpath: /opt/CAPEv2/storage/binaries/2c88a7bdc01f30db3f0dade89092e7e7c0691ce8fe65708b9f482e92185663bdcrc32: 67CA4E07md5: f7b04eb83694eab061da08ad4e492eabsha1: 89ed7b563a8e53604d59bc7f701ee62bb03572e5sha256: 2c88a7bdc01f30db3f0dade89092e7e7c0691ce8fe65708b9f482e92185663bdsha512: e61ec1a97296936ae02ef7c1c74e6503094445fb6bd2b17e6239fdc3c1bdb4cc298839eb9dabca1abd216828102aaf5e6d225841863aaaa3f86757c08bb38632ssdeep: 12288:E6RwQw7OngR7HlZM0/EprtUMLmwdaRrbukjaJ3p:EjOmF20/EHfPK67ptype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1F5B42364455931E0C7CA0C384F6F71F2C66A24A206C6B1925FEFCAC1DF3A9D2E3A144Bsha3_384: 41d73474246be9c377629572f929f627155e25f307677369cab9c96697855b03ee56fcfee2a1b982fae856383f388b63ep_bytes: 60be00f045008dbe0020faff5783cdfftimestamp: 2021-12-05 18:49:38

Version Info:

0: [No Data]

Ransom:BAT/DisableDefender.A!dha also known as:

Bkav W32.AIDetect.malware2
Lionic Trojan.Win32.Scar.lpjJ
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Fragtor.45302
FireEye Generic.mg.f7b04eb83694eab0
CAT-QuickHeal Trojan.MauvaiseRI.S5244766
McAfee RDN/Generic.cf
Cylance Unsafe
K7AntiVirus Adware ( 005070c51 )
Alibaba Exploit:Win32/BypassUAC.f9520600
K7GW Adware ( 005070c51 )
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Packed.BlackMoon.A potentially unwanted
APEX Malicious
Paloalto generic.ml
ClamAV Win.Dropper.Tiggre-9845940-0
Kaspersky Exploit.Win32.BypassUAC.acfs
BitDefender Gen:Variant.Fragtor.45302
Avast Win32:Evo-gen [Susp]
Ad-Aware Gen:Variant.Fragtor.45302
Emsisoft Gen:Variant.Fragtor.45302 (B)
DrWeb Trojan.Siggen16.422
TrendMicro TROJ_GEN.R002C0WL921
McAfee-GW-Edition BehavesLike.Win32.Trojan.hc
Sophos BlackMoon Packed (PUA)
SentinelOne Static AI – Malicious PE
eGambit Unsafe.AI_Score_100%
Avira HEUR/AGEN.1135228
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Ransom.Win32.Gen.sa
Microsoft Ransom:BAT/DisableDefender.A!dha
GData Win32.Trojan.Agent.WP
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4710252
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.34084.FmGfayoWe1dH
ALYac Gen:Variant.Fragtor.45302
MAX malware (ai score=87)
VBA32 BScope.Trojan.Blamon
TrendMicro-HouseCall TROJ_GEN.R002C0WL921
Rising Trojan.Injector!1.A1C3 (CLASSIC)
Yandex Exploit.BypassUAC!JAyjpGTBwAw
Ikarus Trojan.MSIL.Small
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/CoinMiner.ESFJ!tr
AVG Win32:Evo-gen [Susp]
Cybereason malicious.83694e
Panda Trj/GdSda.A

How to remove Ransom:BAT/DisableDefender.A!dha?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Ransom:BAT/DisableDefender.A!dha
2 years ago

Recent Posts

BScope.Trojan.Meredrop removal instruction

The BScope.Trojan.Meredrop is considered dangerous by lots of security experts. When this infection is active,…

9 mins ago

Generic.Dacic.94CCEEA9.A.A35AF582 removal tips

The Generic.Dacic.94CCEEA9.A.A35AF582 is considered dangerous by lots of security experts. When this infection is active,…

28 mins ago

How to remove “Barys.431172 (B)”?

The Barys.431172 (B) is considered dangerous by lots of security experts. When this infection is…

37 mins ago

Win32/OfferCore.F potentially unwanted (file analysis)

The Win32/OfferCore.F potentially unwanted is considered dangerous by lots of security experts. When this infection…

39 mins ago

Worm.VobfusMF.S22387541 (file analysis)

The Worm.VobfusMF.S22387541 is considered dangerous by lots of security experts. When this infection is active,…

44 mins ago

Trojan.GenericRI.S31670896 malicious file

The Trojan.GenericRI.S31670896 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago