Ransom:Win32/LaposadaCrypt.PAA!MTB removal

The Ransom:Win32/LaposadaCrypt.PAA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ransom:Win32/LaposadaCrypt.PAA!MTB virus can do?

Authenticode signature is invalid
Exhibits possible ransomware file modification behavior
CAPE detected the Sfile malware family

How to determine Ransom:Win32/LaposadaCrypt.PAA!MTB?


File Info:
name: 760EA87BD570C2EA938D.mlw
path: /opt/CAPEv2/storage/binaries/c306254b44d825e008babbafbe7b07e20de638045f1089f2405bf24e7ce9c0dc
crc32: CEA40A7E
md5: 760ea87bd570c2ea938dd55ae684ff37
sha1: ae974e5c37936ac8f25cfea0225850be61666874
sha256: c306254b44d825e008babbafbe7b07e20de638045f1089f2405bf24e7ce9c0dc
sha512: be6c1689a7722bbcc3fcf0040aec83e8a6b81480822b39063a017f3997e7f5837628a9a311e78e16cbe5a47eb2ab9c307b6582341f7a23e5eb242a31efa3f215
ssdeep: 6144:8XOoT7iJMq/4YW3jmvC07+Gz6FuR8/TvgZJcJukm+uyA1znh:8zTgWKv5+8rR8yJcJe+qlh
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T162543A00B1918675F9F304B5B7AB2AA7896D6A312399E3D707D32C881D217D2BF30B57
sha3_384: ace282e141395b62266ca9b983e35a1f550c9474b5ec82e001585b23bae06c69ce4b9a5a1b019b1cbba3c34c2480b823
ep_bytes: 6690558bec6a03ff1524c043006affff
timestamp: 2022-01-30 21:28:15

Version Info:
0: [No Data]

Ransom:Win32/LaposadaCrypt.PAA!MTB also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Agent.j!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	TrojanPWS.Zbot.Y
ALYac	Trojan.Ransom.Filecoder
Cylance	Unsafe
Zillya	Trojan.Sfile.Win32.1
Sangfor	Ransom.Win32.Sfile.s
K7AntiVirus	Trojan ( 0058c24c1 )
Alibaba	Ransom:Win32/generic.ali2000010
K7GW	Trojan ( 0058c24c1 )
CrowdStrike	win/malicious_confidence_100% (W)
Cyren	W32/Trojan.WUXT-0896
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Filecoder.SFile.A
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan-Ransom.Win32.Sfile.s
BitDefender	Gen:Variant.Razy.647127
MicroWorld-eScan	Gen:Variant.Razy.647127
Avast	Win32:RansomX-gen [Ransom]
Tencent	Win32.Trojan.Filecoder.Aexy
Ad-Aware	Gen:Variant.Razy.647127
Sophos	Harmony Loader (PUA)
F-Secure	Heuristic.HEUR/AGEN.1221199
VIPRE	LooksLike.Win32.Uruasy.b!ag (v)
TrendMicro	Ransom.Win32.SFILE.THBOBBB
McAfee-GW-Edition	BehavesLike.Win32.Generic.dh
FireEye	Generic.mg.760ea87bd570c2ea
Emsisoft	Gen:Variant.Razy.647127 (B)
Ikarus	Trojan.Agent
Avira	HEUR/AGEN.1221199
MAX	malware (ai score=88)
Microsoft	Ransom:Win32/LaposadaCrypt.PAA!MTB
Gridinsoft	Ransom.Win32.Zbot.sa
Arcabit	Trojan.Razy.D9DFD7
ZoneAlarm	Trojan-Ransom.Win32.Sfile.s
GData	Gen:Variant.Razy.647127
AhnLab-V3	Malware/Win.Ransom.R447846
McAfee	GenericRXLS-WT!760EA87BD570
TACHYON	Ransom/W32.SFile.303616
VBA32	BScope.TrojanRansom.Crypmodng
Malwarebytes	Ransom.FileCryptor
TrendMicro-HouseCall	Ransom.Win32.SFILE.THBOBBB
Rising	Ransom.Sfile!1.CA6C (CLOUD)
Yandex	Trojan.Filecoder!M4Sq3GT3toA
SentinelOne	Static AI – Malicious PE
eGambit	Trojan.Generic
Fortinet	W32/Filecoder.OBU!tr.ransom
BitDefenderTheta	AI:Packer.C9E00C371E
AVG	Win32:RansomX-gen [Ransom]
Cybereason	malicious.bd570c
Panda	Generic Suspicious
MaxSecure	Trojan.Malware.300983.susgen

How to remove Ransom:Win32/LaposadaCrypt.PAA!MTB?

Ransom:Win32/LaposadaCrypt.PAA!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X