Ransom

Ransom:Win32/Makop.PA!MTB removal instruction

Malware Removal

The Ransom:Win32/Makop.PA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom:Win32/Makop.PA!MTB virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A named pipe was used for inter-process communication
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Norwegian (Bokmal)
  • The binary likely contains encrypted or compressed data.
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Ransom:Win32/Makop.PA!MTB?


File Info:

crc32: 60643DD0
md5: cd3f17c058a625e4cf2883d886e87cdb
name: climitk.exe
sha1: 7131b554daea1c8c0f7c5bba70e1d5ff0e010cf1
sha256: e0531e7f6f0e0cb87c74bdb369156091d4b262019de4a867f66ce9978a6d3313
sha512: a351a226f2f0ea8b8638dbaf615c27951133fe3a1675e0a7622206aa0b7120ea452fbcfafedae41b35d805f2c8572976135e5eae2994335fc414fe82f7417457
ssdeep: 6144:Bgw8Zo724D1sJJ/IylYKbmhxNHDOjufYU:Bh8SbD1snIyzihDEufz
type: PE32 executable (GUI) Intel 80386 system file, for MS Windows

Version Info:

0: [No Data]

Ransom:Win32/Makop.PA!MTB also known as:

BkavW32.AIDetectVM.malware
MicroWorld-eScanGen:Variant.Midie.70940
Qihoo-360Generic/Trojan.5d8
McAfeeRDN/Generic.grp
CylanceUnsafe
SangforMalware
K7AntiVirusTrojan ( 00561c201 )
BitDefenderGen:Variant.Midie.70940
K7GWTrojan ( 00561c201 )
Cybereasonmalicious.058a62
TrendMicroTrojan.Win32.BANDIT.SM
CyrenW32/S-a30546af!Eldorado
SymantecPacked.Generic.525
ESET-NOD32a variant of Win32/Kryptik.HBQN
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Midie-7610897-0
KasperskyUDS:DangerousObject.Multi.Generic
AlibabaRansom:Win32/Makop.5decb536
NANO-AntivirusTrojan.Win32.Kryptik.heamfn
AegisLabTrojan.Multi.Generic.4!c
RisingTrojan.Kryptik!1.C362 (CLOUD)
Ad-AwareGen:Variant.Midie.70940
EmsisoftTrojan.Crypt (A)
DrWebTrojan.MulDrop11.49363
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Generic.fh
FortinetW32/Kryptik.HBSU!tr
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.cd3f17c058a625e4
SophosMal/RyPack-A
IkarusTrojan.Win32.Crypt
F-ProtW32/S-a30546af!Eldorado
MAXmalware (ai score=85)
Antiy-AVLTrojan/Win32.Wacatac
Endgamemalicious (high confidence)
ArcabitTrojan.Midie.D1151C
ZoneAlarmUDS:DangerousObject.Multi.Generic
MicrosoftRansom:Win32/Makop.PA!MTB
AhnLab-V3Trojan/Win32.MalPe.R327732
Acronissuspicious
ALYacTrojan.Ransom.Makop
VBA32BScope.Trojan.AET.281105
MalwarebytesTrojan.MalPack.GS
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002H0CC420
YandexTrojan.Kryptik!JT5+X3J/B48
SentinelOneDFI – Malicious PE
eGambitUnsafe.AI_Score_94%
GDataGen:Variant.Midie.70940
BitDefenderThetaGen:NN.ZexaE.34100.uCW@aqCREdjG
AVGWin32:DropperX-gen [Drp]
AvastWin32:DropperX-gen [Drp]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ransom:Win32/Makop.PA!MTB?

Ransom:Win32/Makop.PA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment