Ransom

Ransom:Win32/Genasom.JJ malicious file

Malware Removal

The Ransom:Win32/Genasom.JJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/Genasom.JJ virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • Executed a process and injected code into it, probably while unpacking
  • Likely installs a bootkit via raw harddisk modifications
  • Deletes its original binary from disk
  • Attempts to restart the guest VM
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Ransom:Win32/Genasom.JJ?



File Info:

crc32: 9473FDA7
md5: 4070710354e4d61ec9d3f9701b154add
name: 4070710354E4D61EC9D3F9701B154ADD.mlw
sha1: b90b6c9e252b3d1c7637d99eb710737391715e82
sha256: 4e75cfe1839ff96b34dfc4b5904116d54c3e9a05e678a9852e708a4377af49d9
sha512: bc8b4663ff76f8c0972309c86d154365138ff03afcf1de063912f295f51b5be023deb3d28dc3ce18db6dfc223ba093c075c4b0cb644b7de282a44ac3c571a6d9
ssdeep: 3072:V85REmeMa1RAYPo3PrnNTxbAT3Cxec1o62beaO7P09sch4d:V8cmOR5g3P5Tbja+PRm
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Visual Studios
InternalName: prisma-TV
FileVersion: 2.0
CompanyName: Search RU Video
LegalTrademarks: 
ProductName: Extrime Videos
ProductVersion: 2.0
FileDescription: Pornoticoon 2013
Translation: 0x0409 0x04e4

Ransom:Win32/Genasom.JJ also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanTrojan.Generic.KDZ.8017
McAfeeGenericRXNN-WE!4070710354E4
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 7000000f1 )
BitDefenderTrojan.Generic.KDZ.8017
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.354e4d
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:MBRlock-EU [Trj]
KasperskyHEUR:Trojan.Win32.Generic
AlibabaRansom:Win32/Genasom.8f37bbe0
NANO-AntivirusTrojan.Win32.MBRlock.bfqhgz
AegisLabTrojan.Win32.Generic.ltGy
RisingRansom.Genasom!8.293 (CLOUD)
Ad-AwareTrojan.Generic.KDZ.8017
EmsisoftTrojan.Generic.KDZ.8017 (B)
ComodoMalware@#1qi4d5u6f08st
F-SecureHeuristic.HEUR/AGEN.1119778
DrWebTrojan.MBRlock.6
ZillyaTrojan.MBRlock.Win32.416
McAfee-GW-EditionGenericRXNN-WE!4070710354E4
FireEyeGeneric.mg.4070710354e4d61e
SophosMal/Generic-S
IkarusVirus.Win32.DelfInject
JiangminTrojan/MBro.ecq
eGambitGeneric.Malware
AviraHEUR/AGEN.1119778
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.Unknown
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftRansom:Win32/Genasom.JJ
ArcabitTrojan.Generic.KDZ.D1F51
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataTrojan.Generic.KDZ.8017
CynetMalicious (score: 85)
BitDefenderThetaAI:Packer.8A6A07A621
ALYacTrojan.Generic.KDZ.8017
VBA32BScope.Trojan.MBRlock
MalwarebytesMalware.AI.3085187245
PandaGeneric Malware
ZonerTrojan.Win32.13441
ESET-NOD32Win32/MBRlock.D
TencentWin32.Trojan.Inject.Auto
YandexTrojan.GenAsa!r541yDDJInI
FortinetW32/BUZUS.JA!tr
AVGWin32:MBRlock-EU [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Win32/Ransom.Genasom.HgIASOUA

How to remove Ransom:Win32/Genasom.JJ?

Ransom:Win32/Genasom.JJ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment