Ransom

Ransom:MSIL/WanaCryptor.PAA!MTB removal

Malware Removal

The Ransom:MSIL/WanaCryptor.PAA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:MSIL/WanaCryptor.PAA!MTB virus can do?

  • Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Ransom:MSIL/WanaCryptor.PAA!MTB?



File Info:

crc32: D134E911
md5: c3be2f9f312f60fa3bb9873b1c9589c9
name: C3BE2F9F312F60FA3BB9873B1C9589C9.mlw
sha1: c9a74063bc686a29812bad3d19c65b3899340181
sha256: 54b297ca916c13d96ed804fc0ad13e133071cf3b6455b942d56c0ad9546504d4
sha512: cf7e2215d8a3989ee5340fd1966bf1503ccb4ad7d81106b231d3b8c25dfe17cfa1663ed7104964b400200131d27714eb5c4a5f9f0f1f4460c63604dd96bbf8fc
ssdeep: 3072:kc1qfgr4d8QAONbZDU6yb3foOKjNHkoOyfFv:nqr/bqbvAjNEQ9v
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Microsoft Corp . All rights reserved.
Assembly Version: 1.0.0.0
InternalName: Wanacrytor.exe
FileVersion: 1.0.0.0
CompanyName: Microsoft
LegalTrademarks: 
Comments: NT Kernel & System
ProductName: Shareware
ProductVersion: 1.0.0.0
FileDescription: Shareware
OriginalFilename: Wanacrytor.exe

Ransom:MSIL/WanaCryptor.PAA!MTB also known as:

CynetMalicious (score: 99)
ALYacGeneric.Ransom.WCryG.EE1C5DDE
Cybereasonmalicious.f312f6
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Filecoder.ZH
APEXMalicious
AvastWin32:RansomX-gen [Ransom]
KasperskyUDS:Trojan-Ransom.MSIL.Encoder.gen
BitDefenderGeneric.Ransom.WCryG.EE1C5DDE
MicroWorld-eScanGeneric.Ransom.WCryG.EE1C5DDE
Ad-AwareGeneric.Ransom.WCryG.EE1C5DDE
SophosMal/Generic-R + Mal/Genasom-A
F-SecureTrojan.TR/Dropper.Gen
BitDefenderThetaGen:NN.ZemsilF.34058.rm0@a45RYWm
TrendMicroRansom_RAMSIL.SM
McAfee-GW-EditionRDN/Ransom
FireEyeGeneric.Ransom.WCryG.EE1C5DDE
EmsisoftGeneric.Ransom.WCryG.EE1C5DDE (B)
AviraTR/Dropper.Gen
eGambitUnsafe.AI_Score_99%
MicrosoftRansom:MSIL/WanaCryptor.PAA!MTB
ArcabitGeneric.Ransom.WCryG.EE1C5DDE
ZoneAlarmUDS:DangerousObject.Multi.Generic
GDataGeneric.Ransom.WCryG.EE1C5DDE
AhnLab-V3Ransomware/Win.Ramsil.C4562861
McAfeeRDN/Ransom
MAXmalware (ai score=89)
MalwarebytesRansom.SharewareLocker
TrendMicro-HouseCallRansom_RAMSIL.SM
IkarusTrojan-Ransom.FileCrypter
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Filecoder.ZH!tr.ransom
AVGWin32:RansomX-gen [Ransom]

How to remove Ransom:MSIL/WanaCryptor.PAA!MTB?

Ransom:MSIL/WanaCryptor.PAA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment