Ransom

Ransom:Win32/Milicry.E!bit removal guide

Malware Removal

The Ransom:Win32/Milicry.E!bit is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/Milicry.E!bit virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Detected script timer window indicative of sleep style evasion
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Ransom:Win32/Milicry.E!bit?



File Info:

crc32: 5D591C12
md5: ebcd44756392085604d134c86b84c19a
name: EBCD44756392085604D134C86B84C19A.mlw
sha1: 45af44dfc566ff5aa664fba82d615ce85a85a0a7
sha256: 391c03663c2e9b1067ab1bc84d315f31e7569f35971d93569b7211dbcac14f80
sha512: 4b89b6f50a4b9935089d24b41c9ccd9a624b27c1bee044ed2ca404b6e8494fdd2bf904560095d01b0957c02be0775d0d537584d78c8c844447191a69f53825c3
ssdeep: 6144:Koe9qTA/b8qUp9EnxTTwCRjj+OG0vGlNSNGw:Koe91IqUrEVwMjqEOWNN
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (c) 2014 - . All rights reserved.
InternalName: HomeCfgattrnosuspendunload
FileVersion: 9.6.5.5
CompanyName: Stardock Software, Inc
PrivateBuild: 9.6.5.5
LegalTrademarks: Copyright (c) 2014 - . All rights reserved.
ProductName: HomeCfgattrnosuspendunload
ProductVersion: 9.6.5.5
FileDescription: Economy Infamus Start Comparisons Mrp
OriginalFilename: HomeCfgattrnosuspendunload.exe
Translation: 0x0409 0x04b0

Ransom:Win32/Milicry.E!bit also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 004f76a01 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.10994
CynetMalicious (score: 100)
ALYacTrojan.Ransom.Sage
CylanceUnsafe
ZillyaTrojan.Generic.Win32.1218435
SangforTrojan.Win32.Generic.5
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Milicry.965d0d7a
K7GWTrojan ( 004f76a01 )
Cybereasonmalicious.563920
SymantecTrojan Horse
ESET-NOD32Win32/Filecoder.NHQ
APEXMalicious
AvastWin32:Filecoder-AN [Trj]
ClamAVWin.Ransomware.Zusy-7443602-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.234969
NANO-AntivirusTrojan.Win32.SageCrypt.eoaqtf
ViRobotTrojan.Win32.Sage.299008.A
MicroWorld-eScanGen:Variant.Zusy.234969
TencentMalware.Win32.Gencirc.10b33e19
Ad-AwareGen:Variant.Zusy.234969
ComodoMalware@#1pc7uwmlaobt4
BitDefenderThetaGen:NN.ZexaF.34608.sq0@amTZZ8bi
VIPRETrojan.Win32.Generic!BT
TrendMicroMal_MiliCry-1c
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
FireEyeGeneric.mg.ebcd447563920856
EmsisoftGen:Variant.Zusy.234969 (B)
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1120761
MicrosoftRansom:Win32/Milicry.E!bit
ArcabitTrojan.Zusy.D395D9
AegisLabTrojan.Win32.Generic.4!c
GDataGen:Variant.Zusy.234969
AhnLab-V3Win-Trojan/Sagecrypt.Gen
McAfeeGenericRXBO-OQ!EBCD44756392
MAXmalware (ai score=100)
VBA32BScope.TrojanSpy.Zbot
MalwarebytesMachineLearning/Anomalous.94%
PandaTrj/Genetic.gen
TrendMicro-HouseCallMal_MiliCry-1c
RisingRansom.Milicry!8.A2F2 (CLOUD)
YandexTrojan.GenAsa!MfB4EY2WPVk
IkarusTrojan.Win32.Filecoder
FortinetW32/Kryptik.FQUM!tr
AVGWin32:Filecoder-AN [Trj]
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Filecoder.HgIASOUA

How to remove Ransom:Win32/Milicry.E!bit?

Ransom:Win32/Milicry.E!bit removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment