Ransom

About “Ransom:MSIL/Encruby” infection

Malware Removal

The Ransom:MSIL/Encruby is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom:MSIL/Encruby virus can do?

  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Unusual version info supplied for binary

Related domains:

freegeoip.net
github.com

How to determine Ransom:MSIL/Encruby?


File Info:

crc32: FDBC0ACA
md5: c05551a80ee6e784ce999516203e8455
name: C05551A80EE6E784CE999516203E8455.mlw
sha1: 60e837d76efc1c3f2026124a6f3b9b9c763d93fd
sha256: 444aa6c3c16a5a5f03c9bea365e408dd20bf449194327f2db1d999477b6c921d
sha512: aed5dcde777cefb63d2fb79f4d50b5d39163f74c668f804a12cf08592c0d23cb1642f6e583c68703732681f9eb8f29c10c65aa0dc5ead269ea3bd319ab10c340
ssdeep: 768:3xY/iuWfjwe1iMnJdYYMxCETnstuNlXlfWZJhYzuoE50:3fu4EIlJMxnN30vYzzE0
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 Microsoft all right reserved
Assembly Version: 4.10.19.120
InternalName: Windows Defender.exe
FileVersion: 4.10.19.120
CompanyName:
LegalTrademarks:
Comments: Microsoft Windows Defender Service
ProductName: Microsoft Windows Defender
ProductVersion: 4.10.19.120
FileDescription: Microsoft Windows Defender
OriginalFilename: Windows Defender.exe

Ransom:MSIL/Encruby also known as:

K7AntiVirusTrojan ( 004b4ab01 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.24700
CynetMalicious (score: 99)
ALYacTrojan.Ransom.GenericKD.30357202
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 004b4ab01 )
Cybereasonmalicious.80ee6e
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Filecoder.InfiniteTear.C
APEXMalicious
AvastWin32:Malware-gen
KasperskyUDS:Trojan.Win32.Generic
BitDefenderTrojan.Ransom.GenericKD.30357202
NANO-AntivirusTrojan.Win32.Encoder.eygzvn
MicroWorld-eScanTrojan.Ransom.GenericKD.30357202
TencentWin32.Trojan.Raas.Auto
Ad-AwareTrojan.Ransom.GenericKD.30357202
SophosMal/Infitear-A
BitDefenderThetaGen:NN.ZemsilF.34758.cm0@amton@e
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.pc
FireEyeGeneric.mg.c05551a80ee6e784
EmsisoftTrojan.Ransom.GenericKD.30357202 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.chkim
WebrootW32.Trojan.Gen
AviraTR/Dropper.Gen
eGambitUnsafe.AI_Score_99%
MicrosoftRansom:MSIL/Encruby
GDataTrojan.Ransom.GenericKD.30357202
McAfeeArtemis!C05551A80EE6
MAXmalware (ai score=96)
VBA32TrojanRansom.MSIL.Encruby
MalwarebytesMachineLearning/Anomalous.95%
PandaTrj/GdSda.A
YandexTrojan.Agent!mryehuNkU1M
IkarusPUA.MSIL.Confuser
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Generic!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Ransom:MSIL/Encruby?

Ransom:MSIL/Encruby removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment