Ransom

Ransom:Win32/Cryptolocker.PAL!MTB removal tips

Malware Removal

The Ransom:Win32/Cryptolocker.PAL!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Ransom:Win32/Cryptolocker.PAL!MTB virus can do?

  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid

How to determine Ransom:Win32/Cryptolocker.PAL!MTB?


File Info:

name: 064E5E5CDA5FC0FEF06E.mlw
path: /opt/CAPEv2/storage/binaries/5ac472d841af9a1145e81da97aa5eea750bea44904319275319971c0e130cfb8
crc32: FA22B5FB
md5: 064e5e5cda5fc0fef06e527573ffb568
sha1: e0782b79d4b9b8248b5bbe9d15743456eac12c99
sha256: 5ac472d841af9a1145e81da97aa5eea750bea44904319275319971c0e130cfb8
sha512: 7518e4466015d4557f9d324073b0e12af0603c88e992e94f962c67effb9870da294b18318d94740d810a65558f5f2654f4e978aca81f064eb0ee391138fab4be
ssdeep: 384:mbEs5cCEiy/HZW2mh329V2F9191dV9t9DNUavao:mowCh9V2NUSr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12D820E24A2E44F15DABBCB7F4DB796950A73B2C3EC32831A135D610A1F237849B62F51
sha3_384: fa70b1f6db82458e86d851f6b19b286a239629272aaafef3a2a21c973eec35871ad9fb6dabb3a37608068878a3d66069
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-03-17 08:19:26

Version Info:

0: [No Data]

Ransom:Win32/Cryptolocker.PAL!MTB also known as:

BkavW32.AIDetectNet.01
LionicTrojan.MSIL.Agent.b!c
DrWebTrojan.Hosts.49863
MicroWorld-eScanTrojan.GenericKD.39491363
FireEyeGeneric.mg.064e5e5cda5fc0fe
McAfeeGenericRXSE-CS!064E5E5CDA5F
CylanceUnsafe
SangforRansom.Win32.Cryptolocker.PAL!MTB
K7AntiVirusRiskware ( 00584baa1 )
AlibabaRansom:Win32/Cryptolocker.9461d07d
K7GWRiskware ( 00584baa1 )
BitDefenderThetaGen:NN.ZemsilCO.34666.bm0@a4Jblco
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32MSIL/Filecoder.AQA
APEXMalicious
KasperskyHEUR:Trojan-Dropper.MSIL.Agent.gen
BitDefenderTrojan.GenericKD.39491363
NANO-AntivirusTrojan.Win32.Hosts.jnxbyt
AvastWin32:RansomX-gen [Ransom]
TencentMsil.Trojan-dropper.Agent.Dva
Ad-AwareTrojan.GenericKD.39491363
TACHYONTrojan-Dropper/W32.DN-Agent.18432.L
EmsisoftTrojan.GenericKD.39491363 (B)
ComodoMalware@#6ioh2wyvf0js
ZillyaTrojan.Filecoder.Win32.23372
TrendMicroRansom_Cryptolocker.R002C0DD822
McAfee-GW-EditionGenericRXSE-CS!064E5E5CDA5F
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataMSIL.Virus.ToxicBattery.A
JiangminTrojanDropper.MSIL.bkxc
AviraTR/Dropper.MSIL.Gen
MicrosoftRansom:Win32/Cryptolocker.PAL!MTB
CynetMalicious (score: 99)
AhnLab-V3Ransomware/Win.Cryptolocker.R479177
VBA32TScope.Trojan.MSIL
MAXmalware (ai score=83)
MalwarebytesMalware.AI.3018662682
TrendMicro-HouseCallRansom_Cryptolocker.R002C0DD822
IkarusTrojan-Ransom.FileCrypter
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Filecoder.AOH!tr
AVGWin32:RansomX-gen [Ransom]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ransom:Win32/Cryptolocker.PAL!MTB?

Ransom:Win32/Cryptolocker.PAL!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment