How to remove “Ransom:Win32/Bartcrypt.A”?

The Ransom:Win32/Bartcrypt.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ransom:Win32/Bartcrypt.A virus can do?

Network activity detected but not expressed in API logs
Anomalous binary characteristics

How to determine Ransom:Win32/Bartcrypt.A?


File Info:
crc32: AA04BECA
md5: d9fe38122bb08d96ef0de61076aa4945
name: D9FE38122BB08D96EF0DE61076AA4945.mlw
sha1: 6f27e8e1253829ac6c2819a16d01fc5acd3796ee
sha256: c285e376201e2941154ec1a9acd8658cd5e0ea975c694a3fe3e9a9897efc2680
sha512: 8597dc034abe3ca89050c5c5d12bd3aec1a195a3d4656aa453f87f328f4e3c4bbbafcb26556a9d9d3adf3f47fea0af6e4cafe99fdc7bd03e33facf4b5f0c2f32
ssdeep: 3072:+G9fV7I6P02uiH3v3T0XBNAQc5d4AU8buatjmXd:+GrP0piXv3Qc5dDJtjmt
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Ransom:Win32/Bartcrypt.A also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 0055e3ef1 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.4943
Cynet	Malicious (score: 100)
ALYac	Trojan.Ransom.Bart
Cylance	Unsafe
Zillya	Trojan.Bart.Win32.2
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
Alibaba	Ransom:Win32/Bartcrypt.7564241f
K7GW	Trojan ( 0055e3ef1 )
Cybereason	malicious.22bb08
Symantec	Ransom.BART
ESET-NOD32	a variant of Win32/Filecoder.Bart.A
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Trojan-Ransom.Win32.Bart.a
BitDefender	Gen:Heur.Ransom.REntS.Gen.1
NANO-Antivirus	Trojan.Win32.Encoder.eeftgm
MicroWorld-eScan	Gen:Heur.Ransom.REntS.Gen.1
Tencent	Win32.Trojan.Raas.Auto
Ad-Aware	Gen:Heur.Ransom.REntS.Gen.1
Comodo	Malware@#27u12xitz22jl
BitDefenderTheta	AI:Packer.8B2E5D061F
VIPRE	Trojan.FakeAlert
TrendMicro	Ransom_BARTZ.B
McAfee-GW-Edition	BehavesLike.Win32.RansomGandcrab.ch
FireEye	Generic.mg.d9fe38122bb08d96
Emsisoft	Gen:Heur.Ransom.REntS.Gen.1 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Bart.a
Webroot	W32.Trojan.Gen
Avira	TR/Crypt.XPACK.Gen7
Antiy-AVL	Trojan/Generic.ASMalwS.199A0CD
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Ransom:Win32/Bartcrypt.A
Arcabit	Trojan.Ransom.REntS.Gen.1
AegisLab	Trojan.Win32.Bart.j!c
GData	Gen:Heur.Ransom.REntS.Gen.1
AhnLab-V3	Trojan/Win32.Bart.C1490583
McAfee	GenericRXCX-XM!D9FE38122BB0
MAX	malware (ai score=100)
VBA32	Trojan-Ransom.Bart
Malwarebytes	Ransom.Bart
Panda	Trj/CI.A
TrendMicro-HouseCall	Ransom_BARTZ.B
Rising	Trojan.Generic@ML.80 (RDML:zMzVuZKif+TyWaKSLvKRlw)
Yandex	Trojan.Bart!rQjp6ake2bk
Ikarus	Trojan-Ransom.Bart
Fortinet	W32/SimpleEncoder.A!tr.ransom
AVG	Win32:Malware-gen
Paloalto	generic.ml

How to remove Ransom:Win32/Bartcrypt.A?

Ransom:Win32/Bartcrypt.A removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X