Ransom

What is “Ransom:Win32/LockedFile.G!MSR”?

Malware Removal

The Ransom:Win32/LockedFile.G!MSR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/LockedFile.G!MSR virus can do?

  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • Drops a binary and executes it
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom:Win32/LockedFile.G!MSR?



File Info:

crc32: 6D2B6107
md5: 88c66ce45f812349387271e05235d656
name: 88C66CE45F812349387271E05235D656.mlw
sha1: b9f2139683d06fcf06db30686e617fcfacfa04d5
sha256: 690c50ba25d962f9a984c5e62418677890612bb947259cf83e042e0c1770c103
sha512: 437577b42b1ed20150dceb9ef209387b2beb37a1e815a59b3c235c4aa106c00d6b3c39ade36436f7a76ac559280a9152cd4a64c4bfb17b54bdb11414c8a73783
ssdeep: 12288:yVvSVgdwIIWRtc1Ef6jvsr+1GnovArJR5e3nR0cMPB2OqaqSmczO2:emyIWRtgUq1GCArJR5e3n6cMPBnqaBV
type: PE32 executable (console) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Ransom:Win32/LockedFile.G!MSR also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 00520f0e1 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.15084
CynetMalicious (score: 100)
ALYacTrojan.Ransom.Matrix
CylanceUnsafe
ZillyaTrojan.Generic.Win32.357647
SangforRansom.Win32.LockedFile.G!MSR
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/LockedFile.6507948d
K7GWTrojan ( 00520f0e1 )
Cybereasonmalicious.45f812
BaiduWin32.Trojan.Ransom.d
SymantecRansom.Matrix!g1
ESET-NOD32a variant of Win32/Filecoder.LockedFile.D
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Ransomware.Matrix-6502602-0
KasperskyHEUR:Trojan-Ransom.Win32.Generic
BitDefenderGeneric.Ransom.Matrix.B40AED06
NANO-AntivirusTrojan.Win32.Matrix.eyzien
ViRobotTrojan.Win32.Metrix.932864
MicroWorld-eScanGeneric.Ransom.Matrix.B40AED06
TencentMalware.Win32.Gencirc.11492862
Ad-AwareGeneric.Ransom.Matrix.B40AED06
SophosMal/Generic-R + Troj/Matrix-I
ComodoMalware@#1308bro8aov82
BitDefenderThetaAI:Packer.D678EC7521
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_MATRIX.THEAEAH
McAfee-GW-EditionBehavesLike.Win32.Infected.dh
FireEyeGeneric.mg.88c66ce45f812349
EmsisoftGeneric.Ransom.Matrix.B40AED06 (B)
JiangminTrojan.Generic.chave
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1115040
eGambitUnsafe.AI_Score_100%
MicrosoftRansom:Win32/LockedFile.G!MSR
ArcabitGeneric.Ransom.Matrix.B40AED06
AegisLabTrojan.Win32.Generic.4!c
GDataWin32.Trojan-Ransom.Matrix.A
AhnLab-V3Trojan/Win32.Matrixran.R234829
McAfeeRansom-Matrix.a
MAXmalware (ai score=98)
VBA32TrojanRansom.Matrix
MalwarebytesMalware.AI.326768017
PandaTrj/GdSda.A
TrendMicro-HouseCallRansom_MATRIX.THEAEAH
RisingRansom.Generic!8.E315 (CLOUD)
YandexTrojan.GenAsa!ZMxpGOCUEoI
IkarusTrojan-Ransom.Matrix
MaxSecureTrojan.Malware.10307848.susgen
FortinetW32/Matrix.2FFD!tr.ransom
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Ransom.793

How to remove Ransom:Win32/LockedFile.G!MSR?

Ransom:Win32/LockedFile.G!MSR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment