Ransom:Win32/ContiCrypt.PL!MTB removal guide

The Ransom:Win32/ContiCrypt.PL!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ransom:Win32/ContiCrypt.PL!MTB virus can do?

Presents an Authenticode digital signature
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Ransom:Win32/ContiCrypt.PL!MTB?


File Info:
name: 978F1D41E19785CD8456.mlw
path: /opt/CAPEv2/storage/binaries/1dff32b41bc1bbad741bd0d48f468b5cac362f45cb0eccb07b36cda1c1499aeb
crc32: 59F29F46
md5: 978f1d41e19785cd84562f80a837f82f
sha1: bdd1b26357416797fdd5b616373629b1b7c1f489
sha256: 1dff32b41bc1bbad741bd0d48f468b5cac362f45cb0eccb07b36cda1c1499aeb
sha512: 3d510964982e36460119088d73bdb77f08fa307f33e74adb07f5cf206129fb6fc0b773fbc6580bfefec6d8198f54dd7b4ecdfd519171280c2bbfd1a29ddcf805
ssdeep: 24576:kfLDdS9r3NS/f99uav96bfLDdS9r3NS/f99uav96bfLDdS9r3NS/f99uav964zPB:kf9GIXGywbf9GIXGywbf9GIXGywQhf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BD55F0BAF955E8D1D4598530CCE3C9F51959BC6AC8A0082336E97F0FF9322E5B42385E
sha3_384: 5f6f82297042d5a1b7fb44fb17da8582388cf3d2275a850a53acf24aab7fd02827e6b40c170e2d74126dce45613fe549
ep_bytes: 8bc68bca8bd8ff151d4d40008bf0ff15
timestamp: 1970-01-01 00:00:00

Version Info:
FileVersion: 9, 4, 5, 3
CompanyName: Star Force
FileDescription: Skeeg
InternalName: Promptuary
OriginalFilename: Paraphrasian
PrivateBuild: Archcriminal
Translation: 0x0409 0x04e4

Ransom:Win32/ContiCrypt.PL!MTB also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Malicious.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.38801056
FireEye	Generic.mg.978f1d41e19785cd
CAT-QuickHeal	Trojan.IGENERIC
ALYac	Trojan.GenericKD.38801056
Malwarebytes	Malware.AI.849362132
Sangfor	Suspicious.Win32.Attribute.HighConfidence
K7AntiVirus	Trojan ( 0058ca041 )
BitDefender	Trojan.GenericKD.38801056
K7GW	Trojan ( 0058ca041 )
Cybereason	malicious.357416
BitDefenderTheta	Gen:NN.ZexaF.34232.vn1@aORt5doi
Cyren	W32/Kryptik.FSK.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.FMWP
TrendMicro-HouseCall	Trojan.Win32.KRYPT.USASHB322
Alibaba	Trojan:Win32/GenKryptik.51fe6ad4
Avast	Win32:Trojan-gen
Rising	Trojan.Woreflint!8.F5EA (CLOUD)
Ad-Aware	Trojan.GenericKD.38801056
Sophos	Mal/Generic-S
Comodo	Malware@#1rxmb0c7td1ci
Zillya	Trojan.GenKryptik.Win32.128947
TrendMicro	Trojan.Win32.KRYPT.USASHB322
McAfee-GW-Edition	Artemis!Trojan
SentinelOne	Static AI – Malicious PE
Emsisoft	Trojan.GenericKD.38801056 (B)
APEX	Malicious
Avira	TR/AD.GenSteal.jbpym
Microsoft	Ransom:Win32/ContiCrypt.PL!MTB
Gridinsoft	Ransom.Win32.Sabsik.sa
Arcabit	Trojan.Generic.D2500EA0
GData	Trojan.GenericKD.38801056
Cynet	Malicious (score: 100)
Acronis	suspicious
McAfee	Artemis!978F1D41E197
Cylance	Unsafe
MAX	malware (ai score=84)
Fortinet	W32/Kryptik.HODI!tr
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (W)
MaxSecure	Trojan.Malware.139108139.susgen

How to remove Ransom:Win32/ContiCrypt.PL!MTB?

Ransom:Win32/ContiCrypt.PL!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X