Ransom:Win32/Prerans.GG!MTB malicious file

Malware Removal

The Ransom:Win32/Prerans.GG!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Ransom:Win32/Prerans.GG!MTB virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Attempts to stop active services
  • Modifies boot configuration settings
  • Exhibits possible ransomware file modification behavior
  • Likely virus infection of existing system binary
  • Clears Windows events or logs
  • Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz
a.tomx.xyz
www.sfml-dev.org

How to determine Ransom:Win32/Prerans.GG!MTB?


File Info:

crc32: E2AE967D
md5: 5425c30ebba4f84d1874a2c783932646
name: 5425C30EBBA4F84D1874A2C783932646.mlw
sha1: 80db4a06b57e61695389c354f155c26bb125bd71
sha256: 7550228f681474a038e957f86b84f182df3a1748aacf6cc7d60638f8b2784319
sha512: 457b1539296379bd93adfbc8c3a172405f9c341d9d8aa1c6a8c1dbb0ff52ae564911b1a1218ec5613a5e9e2bcca0c00001d118fb36868391ee93f8155b304f1f
ssdeep: 24576:SjWlQ6Wmay5yAT4Mu9jR48yIPB/Vix15AlEW:Sj6acyU+Rki5Vix1yGW
type: PE32 executable (console) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Ransom:Win32/Prerans.GG!MTB also known as:

K7AntiVirusTrojan ( 00564a881 )
Elasticmalicious (high confidence)
DrWebTrojan.Siggen9.36699
CynetMalicious (score: 100)
CAT-QuickHealTrojan.CryprenRI.S12908246
ALYacTrojan.Ransom.Filecoder
CylanceUnsafe
ZillyaTrojan.Filecoder.Win32.14231
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Ouroboros.450feba8
K7GWTrojan ( 00564a881 )
Cybereasonmalicious.ebba4f
CyrenW32/Ransom.MQ.gen!Eldorado
SymantecDownloader
ESET-NOD32a variant of Win32/Filecoder.Ouroboros.E
APEXMalicious
AvastWin32:RansomX-gen [Ransom]
KasperskyHEUR:Trojan-Ransom.Win32.Limbozar.vho
BitDefenderDeepScan:Generic.Ransom.AmnesiaE.23B6CA13
NANO-AntivirusTrojan.Win32.Filecoder.hjnase
MicroWorld-eScanDeepScan:Generic.Ransom.AmnesiaE.23B6CA13
TencentWin32.Trojan.Filecoder.Staj
Ad-AwareDeepScan:Generic.Ransom.AmnesiaE.23B6CA13
SophosMal/Generic-S + Mal/Oboros-B
BitDefenderThetaGen:NN.ZexaF.34738.!uW@aSGF8rji
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom.Win32.OUROBOROS.SMJK
McAfee-GW-EditionBehavesLike.Win32.Ransomware.dh
FireEyeGeneric.mg.5425c30ebba4f84d
EmsisoftDeepScan:Generic.Ransom.AmnesiaE.23B6CA13 (B)
JiangminTrojan.Crypren.sc
AviraTR/FileCoder.wbndv
eGambitUnsafe.AI_Score_100%
Antiy-AVLTrojan/Generic.ASCommon.1B2
MicrosoftRansom:Win32/Prerans.GG!MTB
AegisLabTrojan.Win32.Gen.trhA
ZoneAlarmHEUR:Trojan-Ransom.Win32.Generic
GDataDeepScan:Generic.Ransom.AmnesiaE.23B6CA13
TACHYONRansom/W32.VoidCrypt.1021440
AhnLab-V3Trojan/Win32.FileCoder.R333162
McAfeeRansomware-GYP!5425C30EBBA4
MAXmalware (ai score=100)
VBA32BScope.Trojan.DelShad
MalwarebytesRansom.Ouroboros
PandaTrj/Genetic.gen
TrendMicro-HouseCallRansom.Win32.OUROBOROS.SMJK
RisingRansom.Agent!1.C4E7 (CLASSIC)
YandexTrojan.Filecoder!SwP73mKfASU
IkarusTrojan-Ransom.Ouroboros
MaxSecureTrojan.Malware.7164915.susgen
FortinetW32/Ouroboros.E!tr.ransom
AVGWin32:RansomX-gen [Ransom]
Paloaltogeneric.ml

How to remove Ransom:Win32/Prerans.GG!MTB?

Ransom:Win32/Prerans.GG!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment