Ransom

Ransom:Win32/Ergop.A removal guide

Malware Removal

The Ransom:Win32/Ergop.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/Ergop.A virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Japanese
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Writes a potential ransom message to disk
  • Creates a hidden or system file
  • Network activity detected but not expressed in API logs
  • Likely virus infection of existing system binary
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Ransom:Win32/Ergop.A?



File Info:

crc32: F54D9100
md5: c27a3eb744520b5f7770bc9fc3108c47
name: C27A3EB744520B5F7770BC9FC3108C47.mlw
sha1: 6a2a12eb7eb101040d4cb7368902c990b2c7333e
sha256: dce13eef0c865cb995eeb80a727463468baf8c68245a902f8a290c77232e9a25
sha512: 728dd4a86833ec7b857c6257db475a0f235e87be836bbb8a42df9b13de6498f94e231675e3fbb511e1fa9ef83a810333961b3965c4d719c49da1e4cc2141324d
ssdeep: 3072:fUkem3XxMhrYKg/NdSk5Ee7NZXgrNMWGr:N3X6jg10JigOWG
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0409 0x04b0
LegalCopyright: Juan Antonio - 2017
InternalName: MyAddIn
FileVersion: 1.00.0590
CompanyName: Acordeon
LegalTrademarks: 117.8k Posts - See Instagram photos and videos from 'acordeon' hashtag.
ProductName: MyAddIn
ProductVersion: 1.00.0590
FileDescription: Hohner
OriginalFilename: MyAddIn.exe

Ransom:Win32/Ergop.A also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Strictor.146788
FireEyeGeneric.mg.c27a3eb744520b5f
ALYacGen:Variant.Strictor.146788
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusTrojan ( 0051691c1 )
BitDefenderGen:Variant.Strictor.146788
K7GWTrojan ( 0051691c1 )
CrowdStrikewin/malicious_confidence_80% (D)
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Malware.Razy-6979130-0
KasperskyTrojan.Win32.Pakes.avfu
NANO-AntivirusTrojan.Win32.Pakes.espqck
Ad-AwareGen:Variant.Strictor.146788
SophosMal/Generic-S
F-SecureHeuristic.HEUR/AGEN.1118797
DrWebTrojan.VbCrypt.250
ZillyaTrojan.Injector.Win32.556529
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.ch
EmsisoftGen:Variant.Strictor.146788 (B)
IkarusTrojan.Win32.Injector
JiangminTrojan.Pakes.auy
AviraHEUR/AGEN.1118797
MAXmalware (ai score=99)
Antiy-AVLTrojan/Win32.Pakes
MicrosoftRansom:Win32/Ergop.A
ArcabitTrojan.Strictor.D23D64
ZoneAlarmTrojan.Win32.Pakes.avfu
GDataGen:Variant.Strictor.146788
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.RL_Generic.R266114
McAfeeGenericRXCU-YM!C27A3EB74452
VBA32TScope.Trojan.VB
MalwarebytesGeneric.Trojan.Malicious.DDS
PandaTrj/CI.A
ESET-NOD32a variant of Win32/Injector.DRJW
TencentMalware.Win32.Gencirc.114961b1
YandexTrojan.GenAsa!ipc4OW2/P/o
SentinelOneStatic AI – Malicious PE
FortinetW32/Generic.AP.13FFB0!tr
BitDefenderThetaGen:NN.ZevbaF.34804.im3@aCMWZqeO
AVGWin32:Malware-gen
Cybereasonmalicious.744520
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Dropper.76c

How to remove Ransom:Win32/Ergop.A?

Ransom:Win32/Ergop.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment