About "Ransom:Win32/Genasom.CT" infection

The Ransom:Win32/Genasom.CT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom:Win32/Genasom.CT virus can do?

A process created a hidden window
Performs some HTTP requests
Unconventionial language used in binary resources: Russian
Executed a very long command line or script command which may be indicative of chained commands or obfuscation
Uses Windows utilities for basic functionality
Attempts to restart the guest VM
Installs itself for autorun at Windows startup
Network activity detected but not expressed in API logs
Anomalous binary characteristics

Related domains:

redirector.gvt1.com

r8—sn-bpb5oxu-3c2r.gvt1.com

update.googleapis.com

How to determine Ransom:Win32/Genasom.CT?


File Info:
crc32: 71CD7C2F
md5: 2fba223fed8f75fbb4179a2fb45a5113
name: 2FBA223FED8F75FBB4179A2FB45A5113.mlw
sha1: c5eac5d098a98e78ea177565492a6ecdef04bb96
sha256: 9854edbbd32e800c0a6010d631d8cd06bb956b6a1b682b9758aafe6c8b01a2b2
sha512: cbca4879e050c12f18fbbd421350948c5927fa929db8c32c86c6a6938f8c31ef16ce392732977c6ad8b9063cc7850816b3faec697d74b1778d19e8f8e2b25e44
ssdeep: 1536:dUXtEjtC4v1H6OjrBu1mjkLVJkdKkEdv8r5sjVV:IWf9Hlj9u8jkLEodv8r5
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Ransom:Win32/Genasom.CT also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 0055e4091 )
Elastic	malicious (high confidence)
DrWeb	Trojan.MulDrop.65359
Cynet	Malicious (score: 100)
CAT-QuickHeal	TrojanDropper.Wlock.AA6
ALYac	Gen:Variant.Ser.Mikey.2065
Cylance	Unsafe
Zillya	Trojan.LockScreen.Win32.1853
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Ransom:Win32/HmBlocker.cd6794c5
K7GW	Trojan ( 0055e4091 )
Cybereason	malicious.fed8f7
Symantec	Trojan.Ransomlock.F
ESET-NOD32	a variant of Win32/LockScreen.AEW
APEX	Malicious
Avast	Win32:LockScreen-DE [Trj]
Kaspersky	Trojan-Ransom.Win32.HmBlocker.cqb
BitDefender	Gen:Variant.Ser.Mikey.2065
NANO-Antivirus	Trojan.Win32.HmBlocker.ihgww
ViRobot	Trojan.Win32.A.HmBlocker.99840
MicroWorld-eScan	Gen:Variant.Ser.Mikey.2065
Tencent	Malware.Win32.Gencirc.10b88df2
Ad-Aware	Gen:Variant.Ser.Mikey.2065
Sophos	Mal/Generic-S
Comodo	TrojWare.Win32.Trojan.Ransom.~J@465pje
BitDefenderTheta	AI:Packer.6E19A0151F
VIPRE	Trojan.Win32.Generic.pak!cobra
McAfee-GW-Edition	BehavesLike.Win32.Generic.nh
FireEye	Generic.mg.2fba223fed8f75fb
Emsisoft	Gen:Variant.Ser.Mikey.2065 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan/HmBlocker.acp
Avira	TR/Fraud.Gen2
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASMalwS.8F03B8
Microsoft	Ransom:Win32/Genasom.CT
AegisLab	Trojan.Win32.Generic.4!c
GData	Gen:Variant.Ser.Mikey.2065
AhnLab-V3	Trojan/Win32.HmBlocker.C128537
Acronis	suspicious
McAfee	GenericR-HFG!2FBA223FED8F
MAX	malware (ai score=100)
VBA32	BScope.Trojan.MulDrop
Malwarebytes	Malware.AI.4118367162
Panda	Trj/CI.A
Rising	Trojan.Win32.Winlock.a (CLASSIC)
Yandex	Trojan.GenAsa!PvFNmOPROus
Ikarus	Trojan-Ransom.HmBlocker
MaxSecure	Trojan.Malware.1896097.susgen
Fortinet	W32/LockScreen.AFA!tr
AVG	Win32:LockScreen-DE [Trj]
Paloalto	generic.ml

How to remove Ransom:Win32/Genasom.CT?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About “Ransom:Win32/Genasom.CT” infection