Ransom

Ransom:Win32/Sodinokibi.S!MSR removal instruction

Malware Removal

The Ransom:Win32/Sodinokibi.S!MSR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/Sodinokibi.S!MSR virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • A process created a hidden window
  • The binary likely contains encrypted or compressed data.
  • A scripting utility was executed
  • Attempts to stop active services
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Ransom:Win32/Sodinokibi.S!MSR?



File Info:

crc32: 350A47D5
md5: 4eb845741ce5fd9df425cb4fc2da9d2f
name: ded.exe
sha1: f2ba5183cec3c9aa51d781262f3189830d4652d7
sha256: 888970747450d26e4f73b75f247e2d0355adc581a549ab655082e5e2b62bddbf
sha512: 5fd7d7b4c53d248f24774dc12ba6914cea7e31ea9555cdf73b860a88d04ab35ddc2741c6d07b4d1786869bc103e07f4c86bbdf6d5b0da5d22a148aca8fd5c004
ssdeep: 3072:1LFrb30BRtBZZg+i2ayy2RjLTuVyu7CJDgoMT3QGScHpACuX:ZJ0BXScFy2RsQJ8zgGScJnq
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Ransom:Win32/Sodinokibi.S!MSR also known as:

BkavW32.AIDetectVM.malware2
MicroWorld-eScanDeepScan:Generic.Ransom.Sodinokibi.B9A407C6
FireEyeGeneric.mg.4eb845741ce5fd9d
ALYacDeepScan:Generic.Ransom.Sodinokibi.B9A407C6
MalwarebytesRansom.Sodinokibi
K7AntiVirusTrojan ( 0054d99c1 )
BitDefenderDeepScan:Generic.Ransom.Sodinokibi.B9A407C6
K7GWTrojan ( 0054d99c1 )
Cybereasonmalicious.41ce5f
TrendMicroRansom.Win32.SODINOKIB.SMTH
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Ransomware.Sodinokibi-7013612-0
GDataDeepScan:Generic.Ransom.Sodinokibi.B9A407C6
KasperskyHEUR:Trojan-Ransom.Win32.Gen.gen
AlibabaRansom:Win32/generic.ali2000010
NANO-AntivirusVirus.Win32.Gen.ccmw
AegisLabTrojan.Win32.Gen.j!c
AvastWin32:Trojan-gen
RisingRansom.Sodin!8.10CD8 (RDMK:cmRtazpaPsE6TxO5E3PIJVilBEhc)
Ad-AwareDeepScan:Generic.Ransom.Sodinokibi.B9A407C6
EmsisoftDeepScan:Generic.Ransom.Sodinokibi.B9A407C6 (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
MaxSecureTrojan.Malware.300983.susgen
Trapminemalicious.high.ml.score
SophosMal/Generic-S
IkarusTrojan-Ransom.Sodinokibi
WebrootW32.Rogue.Gen
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan[Ransom]/Win32.Gen
Endgamemalicious (high confidence)
ArcabitDeepScan:Generic.Ransom.Sodinokibi.B9A407C6
ZoneAlarmHEUR:Trojan-Ransom.Win32.Gen.gen
MicrosoftRansom:Win32/Sodinokibi.S!MSR
Acronissuspicious
McAfeeRansom-Sodnkibi!4EB845741CE5
MAXmalware (ai score=80)
VBA32BScope.Trojan.DelShad
ESET-NOD32a variant of Win32/Filecoder.Sodinokibi.B
TrendMicro-HouseCallRansom.Win32.SODINOKIB.SMTH
TencentWin32.Trojan.Filecoder.Phgy
SentinelOneDFI – Malicious PE
FortinetW32/Sodinokibi.B!tr.ransom
BitDefenderThetaGen:NN.ZexaF.34090.kuW@a0TAswf
AVGWin32:Trojan-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)
Qihoo-360HEUR/QVM20.1.5997.Malware.Gen

How to remove Ransom:Win32/Sodinokibi.S!MSR?

Ransom:Win32/Sodinokibi.S!MSR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

1 Comment

  • good evening,
    I work in an association that has encrypted data, from a computer to the nose. I do not find how the helpers on the internet, it is a very ransomware ressent.
    I have the txt file and excel, word etc … encrypt files.
    I could send you a copy, and you morient, or, give a solution.
    all 2019 data.
    I count on your help, thank you.

    Reply

Leave a Comment