Ransom

Ransom:Win32/Reveton.A removal instruction

Malware Removal

The Ransom:Win32/Reveton.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/Reveton.A virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • The PE file contains a PDB path
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the shellcode get eip malware family
  • Attempts to modify browser security settings
  • Attempts to disable browser security warnings
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Ransom:Win32/Reveton.A?



File Info:

name: A5E33B9E6FF893B6A554.mlw
path: /opt/CAPEv2/storage/binaries/be9087aa648512e79a7b2344a4f5523a45aa39f0d5f54288c648969896948ea3
crc32: A50CF2B6
md5: a5e33b9e6ff893b6a5541c34a082a706
sha1: bde9d783397d05efe497b9fd6f8ceb81d7500a28
sha256: be9087aa648512e79a7b2344a4f5523a45aa39f0d5f54288c648969896948ea3
sha512: 06f2da8ce6fa60460c5a0668ff35d2c3f1bb882a00d932c9f6422d532306fff82a14e4bc4cca592149805c37fc2408cda6c91401fae2a0e551dad1f0509d4c19
ssdeep: 3072:5O1K2Uzjlellu/ic2OX3JCopzNWX38lVfoUK8YXfOJx3a:gcfvaA3W2zNxWwJx3
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1FE3601D3591A6E9BC0DD4EBB10B97BBD61BB6C501F3288412BC387E7E396305E644B18
sha3_384: bc0eaa266a02820cc6c1adb302ead0372ee8352f43259676f0d94048498210443fc86630c14aea10de55809976b52911
ep_bytes: 558bec83c4c0baa1bb0000b85ec70000
timestamp: 2012-02-05 03:49:49


Version Info:

CompanyName: Uqtxmach pniloom
OriginalFilename: Opnaogtpts
FileVersion: 1.752
ProductVersion: 1.752
FileDescription: Bywubmb lkwumei muay
ProductName: Buuvzll lgmt uzgmtcxp
InternalName: Opnaogtpts
LegalCopyright: Copyright © aemy suwjjbh alo yj nhkszkfs
Translation: 0x0409 0x04b0

Ransom:Win32/Reveton.A also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.689278
FireEyeGeneric.mg.a5e33b9e6ff893b6
SkyhighBehavesLike.Win32.Rootkit.rz
McAfeeGenDownloader.ps
VIPREGen:Variant.Razy.689278
SangforTrojan.Win32.Kryptik.CJXZ
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Reveton.5117b432
K7GWTrojan ( 0055dd191 )
K7AntiVirusTrojan ( 0055dd191 )
VirITTrojan.Win32.FakeSens.A
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.CJXZ
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.689278
NANO-AntivirusTrojan.Win32.Kryptik.fiwqsk
AvastWin32:TrojanX-gen [Trj]
TencentMalware.Win32.Gencirc.114ad957
EmsisoftGen:Variant.Razy.689278 (B)
F-SecureHeuristic.HEUR/AGEN.1340579
DrWebBackDoor.Siggen.44248
ZillyaTrojan.Inject.Win32.32258
SophosMal/EncPk-ABF
IkarusTrojan.Win32.Reveton
JiangminTrojan/Inject.vgv
VaristW32/Reveton.D.gen!Eldorado
AviraHEUR/AGEN.1340579
Antiy-AVLTrojan/Win32.Inject
MicrosoftRansom:Win32/Reveton.A
ArcabitTrojan.Razy.DA847E
ViRobotTrojan.Win32.A.Inject.3460679
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Razy.689278
GoogleDetected
BitDefenderThetaGen:NN.ZedlaF.36744.@x@@aCr0vioi
ALYacGen:Variant.Razy.689278
MAXmalware (ai score=100)
Cylanceunsafe
PandaGeneric Malware
RisingRansom.Reveton!8.F2 (TFE:2:0wol8JVhxEK)
YandexTrojan.Inject!w4Ru94lsbuA
SentinelOneStatic AI – Suspicious PE
FortinetW32/Kryptik.SSS!tr
AVGWin32:TrojanX-gen [Trj]
DeepInstinctMALICIOUS

How to remove Ransom:Win32/Reveton.A?

Ransom:Win32/Reveton.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment