Ransom:MSIL/Genasom!MSR removal tips

The Ransom:MSIL/Genasom!MSR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ransom:MSIL/Genasom!MSR virus can do?

Executable code extraction
Creates RWX memory
Anomalous binary characteristics

How to determine Ransom:MSIL/Genasom!MSR?


File Info:
crc32: 7FA4CC2B
md5: 59a063ea31d657a74675946d5ff64614
name: 59A063EA31D657A74675946D5FF64614.mlw
sha1: 24dc220461761f0ff4c409fa42b44cccb3b70c37
sha256: fb621d2c94b980d87a8aa3239ebeda857a2fcb29f5aac08facacdc879f9ce784
sha512: da7dbe5189f9175c8051224993e1ec99a07f1aa19ce4979ab2909856ef0daf9dc82cb1090a04326f52649aff7912550f31a8d1a2f69f903d2471febda6328b89
ssdeep: 3072:fq20pUggwIRLRw03Sbjl+vYtaO0ebLoD8tiInnq/FfrFdSe2y4lVu/C9Mq/A1Nh:CWggwIRLRwXPeYEnjomQmmPm6D0cU
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright: Microsoft
Assembly Version: 1.0.7483.5350
InternalName: EncryptFile.exe
FileVersion: 1.0.7483.5350
CompanyName: Microsoft
LegalTrademarks: Microsoft
Comments: Microsoft
ProductName: Microsoft
ProductVersion: 1.0.7483.5350
FileDescription: Microsoft
OriginalFilename: EncryptFile.exe

Ransom:MSIL/Genasom!MSR also known as:

K7AntiVirus	Trojan ( 00569d7c1 )
DrWeb	Trojan.Encoder.32074
Cynet	Malicious (score: 100)
ALYac	Trojan.Ransom.Filecoder
Cylance	Unsafe
Zillya	Trojan.Filecoder.Win32.15088
Sangfor	Ransom.MSIL.Genasom.MSR
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Ransom:MSIL/Genasom.486ecc05
K7GW	Trojan ( 00569d7c1 )
Cybereason	malicious.a31d65
Symantec	Trojan Horse
ESET-NOD32	a variant of MSIL/Filecoder.AAS
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Malware.Agent-9378662-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Ursu.923880
NANO-Antivirus	Trojan.Win32.Encoder.hmfkue
ViRobot	Trojan.Win32.S.Ransom.276480.A
SUPERAntiSpyware	Trojan.Agent/Gen-MSFake[Less]
MicroWorld-eScan	Gen:Variant.Ursu.923880
Tencent	Win32.Trojan.Generic.Sxye
Ad-Aware	Gen:Variant.Ursu.923880
Sophos	Mal/Generic-R + Troj/Ransom-GAN
Comodo	Malware@#1f5dpjijjuc5n
F-Secure	Trojan.TR/Ransom.rxqee
BitDefenderTheta	Gen:NN.ZemsilCO.34628.qm0@aKaXKEc
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom.MSIL.TRYTOCRY.AA
McAfee-GW-Edition	GenericRXLK-WO!59A063EA31D6
FireEye	Gen:Variant.Ursu.923880
Emsisoft	Gen:Variant.Ursu.923880 (B)
Jiangmin	Trojan.Generic.fpktg
Webroot	W32.Email.Worm.Silly
Avira	TR/Ransom.rxqee
eGambit	Unsafe.AI_Score_92%
Antiy-AVL	Trojan/Win32.AGeneric
Microsoft	Ransom:MSIL/Genasom!MSR
Arcabit	Trojan.Ursu.DE18E8
AegisLab	Trojan.Win32.Generic.4!c
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Ursu.923880
TACHYON	Ransom/W32.DN-Try2Cry.276480
AhnLab-V3	Unwanted/Win32.Agent.C4155503
McAfee	GenericRXLK-WO!59A063EA31D6
MAX	malware (ai score=100)
VBA32	TScope.Trojan.MSIL
Malwarebytes	Ransom.Try2Cry
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Ransom.MSIL.TRYTOCRY.AA
Rising	Ransom.Genasom!8.293 (CLOUD)
Yandex	Trojan.Filecoder!mCR+f4qKpfs
Ikarus	Trojan-Ransom.Try2Cry
MaxSecure	Trojan.Malware.7164915.susgen
Fortinet	W32/Generic.AAS!tr.ransom
AVG	Win32:Malware-gen
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.Generic.HwMAsZsA

How to remove Ransom:MSIL/Genasom!MSR?

Ransom:MSIL/Genasom!MSR removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X