About “Ransom:Win32/Sorena.PA!MTB” infection

The Ransom:Win32/Sorena.PA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ransom:Win32/Sorena.PA!MTB virus can do?

How to determine Ransom:Win32/Sorena.PA!MTB?


File Info:
crc32: E922DBBF
md5: c7e98cfdf6e3db405331cf6b38dc198a
name: encrypt.exe
sha1: 805d8c78c3dcc3db15499247b865f6bad473ed1f
sha256: 80524ef85a8b932ff3d782663ba401b04e0d4baf17b2e4554464c7f436e48c6c
sha512: b11d1cff3b35d2e5979bcae4ac839a845a2e8a30ab8724cc0c0ca6b550c0a276deb4f33041b84873de54efc8d66f2faa3b3521539d3956c6f92dcb2b23545a6f
ssdeep: 49152:GaMN+taC6muU4cUW7riMMZEV3Aei9xPHobNYsA6FoWkQPlNyCMM:Ga2+ruU4cUWSM2EV3AvHaN3A6WWk04B
type: PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows

Version Info:
0: [No Data]

Ransom:Win32/Sorena.PA!MTB also known as:

MicroWorld-eScan	Gen:Variant.Ursu.747827
FireEye	Gen:Variant.Ursu.747827
McAfee	Artemis!C7E98CFDF6E3
Cylance	Unsafe
K7AntiVirus	Trojan ( 005618c01 )
BitDefender	Gen:Variant.Ursu.747827
K7GW	Trojan ( 005618c01 )
Symantec	Trojan.Gen.MBT
Avast	Win64:Trojan-gen
GData	Gen:Variant.Ursu.747827
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Ransom:Win32/Sorena.736c1ddc
ViRobot	Trojan.Win32.Z.Ursu.2854400.B
Rising	Ransom.Sorena!8.11795 (CLOUD)
Ad-Aware	Gen:Variant.Ursu.747827
Sophos	Mal/Generic-S
Comodo	Malware@#2vnezz921277q
F-Secure	Trojan.TR/FileCoder.joxbq
DrWeb	Trojan.Encoder.31868
TrendMicro	Ransom.Win64.SORENA.SMDS
Emsisoft	Gen:Variant.Ursu.747827 (B)
Ikarus	Trojan-Ransom.FileCrypter
Cyren	W64/Trojan.AYVK-7016
Webroot	W32.Malware.Gen
Avira	TR/FileCoder.joxbq
MAX	malware (ai score=100)
Antiy-AVL	Trojan[Ransom]/Win32.Sorena
Arcabit	Trojan.Ursu.DB6933
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Ransom:Win32/Sorena.PA!MTB
Cynet	Malicious (score: 85)
AhnLab-V3	Malware/Win64.RL_Ransom.R333333
ALYac	Trojan.Ransom.Filecoder
Malwarebytes	Ransom.HackForLife
ESET-NOD32	a variant of Win64/Filecoder.AY
TrendMicro-HouseCall	Ransom.Win64.SORENA.SMDS
Tencent	Win32.Trojan.Generic.Tbin
Fortinet	W32/Sorena.AY!tr.ransom
AVG	Win64:Trojan-gen
Paloalto	generic.ml

How to remove Ransom:Win32/Sorena.PA!MTB?

Ransom:Win32/Sorena.PA!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X