Ransom

Ransom:MSIL/NoCry.AS!MTB removal instruction

Malware Removal

The Ransom:MSIL/NoCry.AS!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:MSIL/NoCry.AS!MTB virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • The binary likely contains encrypted or compressed data.
  • Detects Sandboxie through the presence of a library
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Creates a copy of itself
  • Collects information to fingerprint the system

How to determine Ransom:MSIL/NoCry.AS!MTB?



File Info:

crc32: 91A74617
md5: fd0af1df3fd8b238b0e1feb1d09ff91c
name: FD0AF1DF3FD8B238B0E1FEB1D09FF91C.mlw
sha1: 0bbcf9f3e30368780a5a9f5512c25917fa483395
sha256: 884b84a487e59317c63707980177e1b3f8ff69aa5b158a9ce1751656f088cf4e
sha512: c7f3414c081b18b29b1841446c16f4cfa222927636ec4679356078f2604b8d27cf22041300df546a0d0e25967e1b147b19f65e0bf5bf551e43a1ad749a4365cb
ssdeep: 3072:zwTZFiR9QKkA8pEESZjRY1/DsstgRo2o41q8lh8Fuz+WSMzbrsfyb50E3QBSfUq:0EJjR+D4RJq8wFu1Cyd0E3QMfhqK3c
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9  2020
Assembly Version: 1.0.0.0
InternalName: NoCry.exe
FileVersion: 1.0.0.0
CompanyName: 
LegalTrademarks: 
Comments: 
ProductName: NoCry
ProductVersion: 1.0.0.0
FileDescription: NoCry
OriginalFilename: NoCry.exe

Ransom:MSIL/NoCry.AS!MTB also known as:

MicroWorld-eScanGeneric.Ransom.29E95717
FireEyeGeneric.mg.fd0af1df3fd8b238
ALYacGeneric.Ransom.29E95717
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Generic.j!c
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005777981 )
BitDefenderGeneric.Ransom.29E95717
K7GWTrojan ( 005777981 )
Cybereasonmalicious.f3fd8b
BitDefenderThetaGen:NN.ZemsilF.34590.nm0@auK6lhl
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Filecoder.AFL
TrendMicro-HouseCallRansom_NoCry.R002C0DB721
AvastWin32:MalwareX-gen [Trj]
KasperskyHEUR:Trojan-Ransom.Win32.Generic
AlibabaRansom:MSIL/NoCry.e13eac33
NANO-AntivirusTrojan.Win32.Filecoder.ilpgsb
RisingRansom.Generic!8.E315 (TFE:C:FZ9d1YHHeCH)
Ad-AwareGeneric.Ransom.29E95717
EmsisoftGeneric.Ransom.29E95717 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.MulDrop16.10418
TrendMicroRansom_NoCry.R002C0DB721
McAfee-GW-EditionRansom-Cry!FD0AF1DF3FD8
SophosMal/Generic-R + Mal/Genasom-A
IkarusTrojan-Ransom.FileCrypter
AviraTR/Dropper.Gen
MAXmalware (ai score=85)
Antiy-AVLTrojan/MSIL.Filecoder
MicrosoftRansom:MSIL/NoCry.AS!MTB
ArcabitGeneric.Ransom.29E95717
AhnLab-V3Malware/Win32.RL_Generic.C4316954
ZoneAlarmHEUR:Trojan-Ransom.Win32.Generic
GDataGeneric.Ransom.29E95717
CynetMalicious (score: 100)
McAfeeRansom-Cry!FD0AF1DF3FD8
VBA32TScope.Trojan.MSIL
MalwarebytesRansom.FileCryptor
PandaTrj/GdSda.A
APEXMalicious
TencentWin32.Trojan.Generic.Eddq
YandexTrojan.Filecoder!M/hVK5aykqc
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Filecoder.TA!tr
AVGWin32:MalwareX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_90% (W)
Qihoo-360Win32/Ransom.Generic.HgIASOoA

How to remove Ransom:MSIL/NoCry.AS!MTB?

Ransom:MSIL/NoCry.AS!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment