Ransom:MSIL/Gorf information

Malware Removal

The Ransom:MSIL/Gorf is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Ransom:MSIL/Gorf virus can do?

  • Creates RWX memory
  • Unconventionial binary language: Portuguese (Brazil)
  • Unconventionial language used in binary resources: Portuguese (Brazilian)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Ransom:MSIL/Gorf?


File Info:

crc32: 28F590C0
md5: a064611ef4ad43f14a17b9fdc1876774
name: A064611EF4AD43F14A17B9FDC1876774.mlw
sha1: 7547b0870cb65d5c198425f50aba1b928491ca04
sha256: 8a9c53ae1c13a7efce9a0ec7bef3b6b5d7a9b8150266560b4420dcacdca83d70
sha512: c3e2ce56f6e7f2d020be03edad21bc30c1ec6e8d3984a3636c6b0ed0fe627cc178a29ab986d7f109801542c0c073af7f317c9deddc196f5f38709a588c9372bd
ssdeep: 24576:Hs8KxTvveCu+vlUdVOGULqJ73n5ok79rmTl0r8LHD:CTvZua6d4GULC5okEaILj
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

LegalCopyright: xa9 Microsoft Corporation. Todos os direitos reservados.
InternalName: SVCHOST
FileVersion: 1.0.1.1
CompanyName: Microsoft Corporation
LegalTrademarks:
Comments:
ProductName: Sistema operacional Microsoftxae Windowsxae
ProductVersion: 1.0.0.0
FileDescription:
OriginalFilename: SVCHOST.EXE
Translation: 0x0416 0x04e4

Ransom:MSIL/Gorf also known as:

K7AntiVirusTrojan ( 005376ae1 )
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Banker.based
CynetMalicious (score: 100)
CMCGeneric.Win32.a064611ef4!MD
ALYacGeneric.Banker.Delf.F97138B0
CylanceUnsafe
ZillyaTrojan.Banker.Win32.27281
SangforTrojan.Win32.Save.a
AlibabaTrojanSpy:Win32/Delfsnif.42891670
K7GWTrojan ( 005376ae1 )
Cybereasonmalicious.ef4ad4
CyrenW32/Banker.D.gen!Eldorado
SymantecInfostealer.Banpaes
ESET-NOD32a variant of Win32/Spy.Banpaes.O
APEXMalicious
TotalDefenseWin32/Bancos.G!generic
AvastWin32:Dh-A [Heur]
ClamAVWin.Trojan.Bancos-830
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGeneric.Banker.Delf.F97138B0
NANO-AntivirusTrojan.Win32.Banker.wcrw
MicroWorld-eScanGeneric.Banker.Delf.F97138B0
TencentWin32.Trojan.Spy.Ljtk
Ad-AwareGeneric.Banker.Delf.F97138B0
SophosMal/Generic-R + Troj/Bnkmr-Fam
ComodoTrojWare.Win32.Spy.Banker.Gen@1qlojk
BitDefenderThetaAI:Packer.44C85EE51C
VIPRETrojan-Spy.Win32.Bancos.a (v)
TrendMicroMal_Banker4
McAfee-GW-EditionBehavesLike.Win32.Fake.cc
FireEyeGeneric.mg.a064611ef4ad43f1
EmsisoftGeneric.Banker.Delf.F97138B0 (B)
WebrootW32.InfoStealer.Bancos
AviraTR/Spy.Banker.Gen
eGambitUnsafe.AI_Score_88%
MicrosoftRansom:MSIL/Gorf
ArcabitGeneric.Banker.Delf.F97138B0
AegisLabTrojan.Win32.Generic.4!c
GDataGeneric.Banker.Delf.F97138B0
AhnLab-V3Trojan/Win32.Banker.R6001
McAfeeArtemis!A064611EF4AD
MAXmalware (ai score=100)
VBA32TScope.Trojan.Delf
MalwarebytesMalware.Heuristic.1003
PandaTrj/Banker.ITS
TrendMicro-HouseCallMal_Banker4
RisingRansom.Gorf!8.F26C (CLOUD)
YandexTrojan.GenAsa!WZTrcN9x3Zk
IkarusBackdoor.Win32.Zegost
MaxSecureTrojan.Malware.7164915.susgen
FortinetMalware_fam.gw
AVGWin32:Dh-A [Heur]
Paloaltogeneric.ml
Qihoo-360Win32/TrojanPSW.Generic.HwsBtPEA

How to remove Ransom:MSIL/Gorf?

Ransom:MSIL/Gorf removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment