Ransom

Ransom:Win32/Babuk.MAK!MTB removal guide

Malware Removal

The Ransom:Win32/Babuk.MAK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom:Win32/Babuk.MAK!MTB virus can do?

  • A process created a hidden window
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Exhibits possible ransomware file modification behavior
  • Network activity detected but not expressed in API logs
  • Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Ransom:Win32/Babuk.MAK!MTB?


File Info:

crc32: C8D76F42
md5: e2b234b90f2a5ef35206099607dd0b35
name: E2B234B90F2A5EF35206099607DD0B35.mlw
sha1: 57397bfca352840f345b94bda665dd8336f4bbb5
sha256: 500af764edad42128cc2e1fa92e2130daead5de03162bf345366ceaca57fd2ad
sha512: 1f967a5154a3ab454dd50411d9ccef26ab5a3ee56dcfed8a490fef4c55cae2c57574a7f5c4808a0e2ca2ed84e9f512fb4979ff90a9a1ea4306852b53dafa8c25
ssdeep: 1536:26UhZM4hubesrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2zs4:QhZ5YesrQLOJgY8Zp8LHD4XWaNH71dL
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Ransom:Win32/Babuk.MAK!MTB also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 005782fe1 )
Elasticmalicious (high confidence)
DrWebTrojan.Siggen12.62665
CynetMalicious (score: 100)
ALYacTrojan.Ransom.Babuk.A
CylanceUnsafe
CrowdStrikewin/malicious_confidence_70% (D)
K7GWTrojan ( 005782fe1 )
Cybereasonmalicious.90f2a5
CyrenW32/Babyk.A.gen!Eldorado
SymantecRansom.Babuk
ESET-NOD32a variant of Win32/Filecoder.Babyk.A
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Ransomware.Maze-7473772-0
KasperskyTrojan-Ransom.Win32.Babuk.a
BitDefenderTrojan.Ransom.Babuk.A
NANO-AntivirusTrojan.Win32.Ransom.iuaipi
ViRobotTrojan.Win32.Ransom.80896.E
MicroWorld-eScanTrojan.Ransom.Babuk.A
TencentMalware.Win32.Gencirc.10ce690d
Ad-AwareTrojan.Ransom.Babuk.A
SophosML/PE-A + Troj/Ransom-GGD
BitDefenderThetaGen:NN.ZexaF.34796.euW@aWBl0ug
TrendMicroRansom.Win32.BABUK.SMRD1
McAfee-GW-EditionBehavesLike.Win32.Generic.lm
FireEyeGeneric.mg.e2b234b90f2a5ef3
EmsisoftTrojan.FileCoder (A)
SentinelOneStatic AI – Malicious PE
AviraTR/Crypt.EPACK.Gen2
MicrosoftRansom:Win32/Babuk.MAK!MTB
ArcabitTrojan.Ransom.Babuk.A
GDataTrojan.Ransom.Babuk.A
TACHYONRansom/W32.BabukLocker.80896.B
AhnLab-V3Ransomware/Win.Babuk.R428564
Acronissuspicious
McAfeeGenericRXNS-AS!E2B234B90F2A
MAXmalware (ai score=82)
VBA32BScope.TrojanRansom.Gen
MalwarebytesRansom.Babuk
PandaTrj/GdSda.A
TrendMicro-HouseCallRansom.Win32.BABUK.SMRD1
RisingRansom.Babuk!1.D7A0 (CLASSIC)
IkarusTrojan-Ransom.Babyk
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/FilecoderProt.F183!tr.ransom
AVGWin32:Malware-gen
Qihoo-360HEUR/QVM20.1.AB77.Malware.Gen

How to remove Ransom:Win32/Babuk.MAK!MTB?

Ransom:Win32/Babuk.MAK!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment