Categories: Ransom

How to remove “Ransom:Win32/Pulobe.RB!MSR”?

The Ransom:Win32/Pulobe.RB!MSR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom:Win32/Pulobe.RB!MSR virus can do?

Possible date expiration check, exits too soon after checking local time
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
A process created a hidden window
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Executed a very long command line or script command which may be indicative of chained commands or obfuscation
A scripting utility was executed
Uses Windows utilities for basic functionality
Deletes its original binary from disk
Installs itself for autorun at Windows startup
Exhibits possible ransomware file modification behavior
Writes a potential ransom message to disk
Likely virus infection of existing system binary
Detects Joe or Anubis Sandboxes through the presence of a file
Checks the presence of disk drives in the registry, possibly for anti-virtualization
Attempts to modify proxy settings
Creates a copy of itself

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Ransom:Win32/Pulobe.RB!MSR?


File Info:
crc32: DFA3E6F0md5: e15044eb922fc034727bdfef14871ca3name: 3.exesha1: a3065be8cbfdd05cd2dfb83b4392b86f05893a19sha256: c9f8f3e6ffe6cde5daecfa4d34515c888b816356ed4d1d534da1ee4e3fad7837sha512: 4304a30ca0f14f049b9a9641c1a08dbd118cd27bfd524138ea01c251fb16f5d84015cda1dd34341b8286156f572afc2dfae52ea691bd76debb3b2b260dfd67acssdeep: 12288:aAygI6JZWuKARsLcePfkfMhVIhCgNGpKnK1DdpJ+9O:fIIWuY5hOhyKnK1DdpY9Otype: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Version Info:
0: [No Data]

Ransom:Win32/Pulobe.RB!MSR also known as:

Bkav	W32.AIDetectVM.malware
MicroWorld-eScan	DeepScan:Generic.Ransom.Amnesia.443D3E8E
McAfee	Artemis!E15044EB922F
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Generic.lArK
Sangfor	Malware
BitDefender	DeepScan:Generic.Ransom.Amnesia.443D3E8E
K7GW	Trojan ( 004f6e981 )
Cybereason	malicious.b922fc
Arcabit	DeepScan:Generic.Ransom.Amnesia.443D3E8E
Invincea	heuristic
Cyren	W32/Ransom.ZRRW-8715
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Filecoder.FS
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Ransomware.Deepscan-6975721-0
Kaspersky	HEUR:Trojan-Ransom.Win32.Generic
Alibaba	Ransom:Win32/Pulobe.c4a91fff
Rising	Ransom.Kitoles!1.BACD (CLOUD)
Ad-Aware	DeepScan:Generic.Ransom.Amnesia.443D3E8E
Emsisoft	DeepScan:Generic.Ransom.Amnesia.443D3E8E (B)
Comodo	TrojWare.Win32.TrojanDownloader.Delf.gen@1xqow5
F-Secure	Trojan.TR/Dropper.Gen
DrWeb	Trojan.Encoder.26375
TrendMicro	Mal_Purge
McAfee-GW-Edition	BehavesLike.Win32.Generic.hc
Fortinet	W32/Msht.GJ!tr
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.e15044eb922fc034
Sophos	Mal/Generic-S
SentinelOne	DFI – Malicious PE
Avira	TR/Dropper.Gen
MAX	malware (ai score=100)
Endgame	malicious (high confidence)
Microsoft	Ransom:Win32/Pulobe.RB!MSR
ZoneAlarm	HEUR:Trojan-Ransom.Win32.Generic
AhnLab-V3	Malware/Win32.Generic.C2247493
Acronis	suspicious
ALYac	Trojan.Ransom.Scarab
VBA32	BScope.Trojan.Encoder
Malwarebytes	Ransom.Scarab
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Mal_Purge
Tencent	Win32.Trojan.Filecoder.Ahns
Yandex	Trojan.Filecoder!iPGbI1ITpNU
Ikarus	Trojan-Ransom.FileCrypter
eGambit	Unsafe.AI_Score_99%
GData	DeepScan:Generic.Ransom.Amnesia.443D3E8E
BitDefenderTheta	AI:Packer.9EC947A81B
AVG	Win32:Trojan-gen
Avast	Win32:Trojan-gen
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/Trojan.Ransom.793