Should I remove "Ransom:Win32/Spade.DB!MTB"?

The Ransom:Win32/Spade.DB!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom:Win32/Spade.DB!MTB virus can do?

Attempts to connect to a dead IP:Port (2 unique times)
Starts servers listening on 127.0.0.1:0
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Uses Windows utilities for basic functionality
Attempts to stop active services
Modifies boot configuration settings
Likely virus infection of existing system binary
Clears Windows events or logs
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

www.sfml-dev.org

pastebin.com

ocsp.digicert.com

How to determine Ransom:Win32/Spade.DB!MTB?


File Info:
crc32: 174CFBDD
md5: 7c81770eee7776811ccbf01584262ca7
name: 7C81770EEE7776811CCBF01584262CA7.mlw
sha1: 5632f27158227ec4b6b6910133cebe035dc20bcb
sha256: 153a11e6dfe886a1950c874309f33cee72411bce30d283ece10b8f2d5870ca03
sha512: 39c515bc26ff320d8bfd07311ac927c5b68bac0b1b29b5f83235502f811b969b45edb6980656ac704b1963f562662f799a5275ca8c2f289d9d508f11a6c30437
ssdeep: 24576:/FkxWGzCNdJpSFyI/GRX15UELFv9tJm4BYUeOdeuAo8v2+74Ws3Nm30Y:exqmywGH5UK7AHLUNi3
type: PE32 executable (console) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Ransom:Win32/Spade.DB!MTB also known as:

Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.32640
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.GenericRI.S16230097
ALYac	DeepScan:Generic.Ransom.AmnesiaE.63BE223B
Zillya	Trojan.Generic.Win32.1282352
CrowdStrike	win/malicious_confidence_90% (W)
Cybereason	malicious.eee777
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Filecoder.Ouroboros.E
APEX	Malicious
Avast	Win32:RansomX-gen [Ransom]
ClamAV	Win.Ransomware.Vipasana-9783618-1
Kaspersky	UDS:Trojan-Ransom.Win32.Generic
BitDefender	DeepScan:Generic.Ransom.AmnesiaE.63BE223B
NANO-Antivirus	Trojan.Win32.Encoder.hweqgt
MicroWorld-eScan	DeepScan:Generic.Ransom.AmnesiaE.63BE223B
Tencent	Malware.Win32.Gencirc.11b22a20
Ad-Aware	DeepScan:Generic.Ransom.AmnesiaE.63BE223B
Sophos	Mal/Generic-R + Mal/Oboros-A
BitDefenderTheta	Gen:NN.ZexaF.34170.rvW@aKbk4Woi
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom.Win32.VOIDCRYPT.SMTH
McAfee-GW-Edition	GenericRXMJ-AK!7C81770EEE77
FireEye	DeepScan:Generic.Ransom.AmnesiaE.63BE223B
Emsisoft	DeepScan:Generic.Ransom.AmnesiaE.63BE223B (B)
SentinelOne	Static AI – Suspicious PE
Jiangmin	Trojan.Zudochka.bn
Webroot	W32.Gen.BT
Avira	HEUR/AGEN.1139736
Antiy-AVL	Trojan/Generic.ASCommon.1B2
Microsoft	Ransom:Win32/Spade.DB!MTB
Arcabit	DeepScan:Generic.Ransom.AmnesiaE.63BE223B
GData	DeepScan:Generic.Ransom.AmnesiaE.63BE223B
AhnLab-V3	Trojan/Win32.FileCoder.R352787
McAfee	GenericRXMJ-AK!7C81770EEE77
MAX	malware (ai score=80)
VBA32	BScope.Trojan.DelShad
Malwarebytes	Ransom.VoidCrypt
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Ransom.Win32.VOIDCRYPT.SMTH
Rising	Ransom.Agent!1.C4E7 (CLASSIC)
Yandex	Trojan.Filecoder!ucfKI8vH5ak
Ikarus	Trojan-Ransom.Ouroboros
Fortinet	W32/AmnesiaE.58ED!tr.ransom
AVG	Win32:RansomX-gen [Ransom]

How to remove Ransom:Win32/Spade.DB!MTB?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Should I remove “Ransom:Win32/Spade.DB!MTB”?