Ransom

Ransom:Win32/Phobos.PC!MTB removal guide

Malware Removal

The Ransom:Win32/Phobos.PC!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/Phobos.PC!MTB virus can do?

  • Possible date expiration check, exits too soon after checking local time
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • A process created a hidden window
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Attempts to stop active services
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Modifies boot configuration settings
  • Installs itself for autorun at Windows startup
  • Clears Windows events or logs
  • Creates a copy of itself
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom:Win32/Phobos.PC!MTB?



File Info:

crc32: 779601C4
md5: a500866f1d6e57c6da8ce9cb7a18580e
name: tmp7wy1ifsb
sha1: 974a017040038dbf9a09cb6332a9735838322261
sha256: b1971d1ed928593f7cb899962b90a0683682085953ac0b8ff599161e0415d208
sha512: 178eec48a6daedfa23420c4577bed919492eb95607615862478be09cdd9e6f12aa38e95866f2ea039b0be317949145dd5fa699b54b1b289287fc5ec2549e4917
ssdeep: 1536:nNeRBl5PT/rx1mzwRMSTdLpJBabTrC1K:nQRrmzwR5JSy1K
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Ransom:Win32/Phobos.PC!MTB also known as:

MicroWorld-eScanGen:Variant.Ransom.Phobos.62
CAT-QuickHealRansom.Phobos.S11618290
McAfeeGenericRXJO-ZZ!A500866F1D6E
CylanceUnsafe
K7AntiVirusTrojan ( 00564fee1 )
BitDefenderGen:Variant.Ransom.Phobos.62
K7GWTrojan ( 00564fee1 )
CrowdStrikewin/malicious_confidence_100% (W)
Invinceaheuristic
F-ProtW32/Ransom.NA.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Trojan-gen
ClamAVWin.Ransomware.Ulise-7594403-0
GDataGen:Variant.Ransom.Phobos.62
KasperskyHEUR:Trojan.Win32.Generic
AlibabaRansom:Win32/Phobos.13ae558b
NANO-AntivirusTrojan.Win32.Filecoder.himsij
AegisLabTrojan.Win32.Generic.4!c
RisingRansom.Phobos!1.C277 (CLOUD)
Ad-AwareGen:Variant.Ransom.Phobos.62
EmsisoftGen:Variant.Ransom.Phobos.62 (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.Encoder.31543
TrendMicroRansom.Win32.CRYSIS.SMA
McAfee-GW-EditionBehavesLike.Win32.Backdoor.qc
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.a500866f1d6e57c6
SophosTroj/AutoG-IA
IkarusTrojan-Ransom.Phobos
CyrenW32/Ransom.NA.gen!Eldorado
JiangminTrojan.Generic.ervnl
WebrootW32.Trojan.Gen
AviraTR/Crypt.XPACK.Gen
Endgamemalicious (high confidence)
ArcabitTrojan.Ransom.Phobos.62
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftRansom:Win32/Phobos.PC!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.FileCoder.C4060711
Acronissuspicious
VBA32BScope.Trojan.MulDrop
ALYacGen:Variant.Ransom.Phobos.62
MAXmalware (ai score=86)
MalwarebytesRansom.Phobos
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/Filecoder.Phobos.C
TrendMicro-HouseCallRansom.Win32.CRYSIS.SMA
TencentWin32.Trojan.Filecoder.Ljjk
SentinelOneDFI – Malicious PE
FortinetW32/Generic.AP.34AB98!tr
BitDefenderThetaGen:NN.ZexaF.34128.duW@aKJMAkl
AVGWin32:Trojan-gen
Cybereasonmalicious.040038
Paloaltogeneric.ml
Qihoo-360HEUR/QVM20.1.D7DB.Malware.Gen

How to remove Ransom:Win32/Phobos.PC!MTB?

Ransom:Win32/Phobos.PC!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment