Categories: Ransom

Ransom:Win32/Kitoles.A removal instruction

The Ransom:Win32/Kitoles.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/Kitoles.A virus can do?

  • Attempts to connect to a dead IP:Port (3 unique times)
  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Deletes its original binary from disk
  • Modifies boot configuration settings
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • Writes a potential ransom message to disk
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Clears Windows events or logs
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz
a.tomx.xyz
iplogger.com
iplogger.org
ocsp.comodoca.com

How to determine Ransom:Win32/Kitoles.A?



File Info:

crc32: 3B7FF1DCmd5: 7ba57e8e2a5b4e708fcd2055daaee31aname: 7BA57E8E2A5B4E708FCD2055DAAEE31A.mlwsha1: f7731960b4e34f3c476fdd01b1e9e5652de4b6c8sha256: 17b15d86274d28470067a245d5d9be91590dff58e61ca0aa00c6348b915fc207sha512: 37308ddd3a7bb7c105acf889e4be04cb6f55378fd1d63f881cc7873b935ec3cdd6b5dda5e26ebd9a14d5b229a747380446bccbc9dca5e6da758b838248343847ssdeep: 1536:0ZbDLwqmhnZF7vB94vkX8sJarpR+eAsVc4BkPMYsrv2I:0ZXLcXF1D3ar77VcnUYS2type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

Version Info:

0: [No Data]

Ransom:Win32/Kitoles.A also known as:

Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
DrWeb Trojan.Encoder.26375
MicroWorld-eScan DeepScan:Generic.Ransom.Amnesia.D20B665D
FireEye Generic.mg.7ba57e8e2a5b4e70
ALYac DeepScan:Generic.Ransom.Amnesia.D20B665D
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Win32.Generic.4!c
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 004f6e981 )
BitDefender DeepScan:Generic.Ransom.Amnesia.D20B665D
K7GW Trojan ( 004f6e981 )
Cybereason malicious.e2a5b4
BitDefenderTheta AI:Packer.8568EE4A16
Symantec Ransom.CryptXXX
APEX Malicious
Avast FileRepMalware
ClamAV Win.Ransomware.Scarab-6336012-1
Kaspersky HEUR:Trojan-Ransom.Win32.Generic
NANO-Antivirus Trojan.Win32.Filecoder.esjrok
Rising Ransom.FileCryptor!8.1A7 (CLOUD)
Ad-Aware DeepScan:Generic.Ransom.Amnesia.D20B665D
TACHYON Ransom/W32.DP-Scarab.190976
Sophos Mal/Generic-S
Comodo Malware@#290x938xtn86c
F-Secure Trojan.TR/Crypt.ULPM.Gen
Zillya Trojan.Filecoder.Win32.6793
TrendMicro Mal_Purge
McAfee-GW-Edition BehavesLike.Win32.Generic.mc
Emsisoft DeepScan:Generic.Ransom.Amnesia.D20B665D (B)
SentinelOne Static AI – Malicious PE
Jiangmin Trojan.Generic.bvqvi
Avira TR/Crypt.ULPM.Gen
Antiy-AVL Trojan/Win32.AGeneric
Microsoft Ransom:Win32/Kitoles.A
Arcabit DeepScan:Generic.Ransom.Amnesia.D20B665D
ZoneAlarm HEUR:Trojan-Ransom.Win32.Generic
GData DeepScan:Generic.Ransom.Amnesia.D20B665D
Cynet Malicious (score: 100)
Acronis suspicious
McAfee Artemis!7BA57E8E2A5B
MAX malware (ai score=100)
VBA32 Trojan.Encoder
Malwarebytes Malware.Heuristic.1003
Panda Trj/CI.A
ESET-NOD32 a variant of Win32/Filecoder.FS
TrendMicro-HouseCall Mal_Purge
Tencent Win32.Trojan.Filecoder.Akph
Yandex Trojan.GenAsa!8Lbdq5qQE3M
Ikarus Trojan-Ransom.FileCrypter
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Msht.GJ!tr
AVG FileRepMalware
Paloalto generic.ml
CrowdStrike win/malicious_confidence_60% (D)
Qihoo-360 Win32/Virus.b30

How to remove Ransom:Win32/Kitoles.A?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: a.tomx.xyziplogger.comiplogger.orgocsp.comodoca.comRansom:Win32/Kitoles.Az.whorecord.xyz
3 years ago

Recent Posts

Tedy.551777 (file analysis)

The Tedy.551777 is considered dangerous by lots of security experts. When this infection is active,…

22 mins ago

About “Lazy.518842” infection

The Lazy.518842 is considered dangerous by lots of security experts. When this infection is active,…

22 mins ago

HackTool:Win32/Malgent!MSR information

The HackTool:Win32/Malgent!MSR is considered dangerous by lots of security experts. When this infection is active,…

23 mins ago

Barys.27333 malicious file

The Barys.27333 is considered dangerous by lots of security experts. When this infection is active,…

28 mins ago

How to remove “Win32/Kryptik.GKHS”?

The Win32/Kryptik.GKHS is considered dangerous by lots of security experts. When this infection is active,…

28 mins ago

What is “Malware.AI.1865006162”?

The Malware.AI.1865006162 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago