Ransom:Win32/Stop.PAG!MTB removal tips

Malware Removal

The Ransom:Win32/Stop.PAG!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Ransom:Win32/Stop.PAG!MTB virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

api.2ip.ua
securebiz.org
tbpws.top
mas.to

How to determine Ransom:Win32/Stop.PAG!MTB?


File Info:

crc32: B73149E8
md5: e4baa71a55e269b09ffeed6355e3f25a
name: E4BAA71A55E269B09FFEED6355E3F25A.mlw
sha1: 1eb895b626bbf77616437f773f2be69cfb01e597
sha256: 92d6fa17884329b71c2e6e9dc455465b6f0a8f7989592b56739f053f8b4a2a00
sha512: 8e1854430ba3332d1c20c0ab4a97071be54ab69eff0fe68fe2a84d5a8349d07198479e9c70213979981ace1e354b42924dc3f748ff10e7720a9138a02212589c
ssdeep: 12288:BToO452t6In9SJngR2mC8PdEucewb0yjdkxhIRVDMSp2E27ugEw26azN:NoO/tuC2mCAd7nwgyrDDMSpNg6Th
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Ransom:Win32/Stop.PAG!MTB also known as:

K7AntiVirusRiskware ( 0040eff71 )
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop18.41125
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Chapak
ALYacTrojan.Ransom.Stop
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.3453526
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/StopCrypt.1017
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.626bbf
CyrenW32/Kryptik.EYC.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Kryptik.HMKR
APEXMalicious
AvastWin32:CrypterX-gen [Trj]
ClamAVWin.Packed.Generic-9892239-0
KasperskyHEUR:Trojan.Win32.Chapak.gen
BitDefenderTrojan.GenericKDZ.77613
MicroWorld-eScanTrojan.GenericKDZ.77613
TencentMalware.Win32.Gencirc.11cde0c9
Ad-AwareTrojan.GenericKDZ.77613
SophosMal/Generic-S
ComodoTrojWare.Win32.UMal.mrcbd@0
BitDefenderThetaGen:NN.ZexaF.34170.0uX@ausZmSnO
McAfee-GW-EditionBehavesLike.Win32.MultiPlug.cc
FireEyeGeneric.mg.e4baa71a55e269b0
EmsisoftTrojan.Crypt (A)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Chapak.obf
AviraTR/YAV.Minerva.udgyf
Antiy-AVLTrojan/Generic.ASMalwS.349A750
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftRansom:Win32/Stop.PAG!MTB
GridinsoftRansom.Win32.STOP.ko!se49303
GDataWin32.Trojan.PSE.13VKHRA
AhnLab-V3Trojan/Win.MalPE.R441499
Acronissuspicious
McAfeePacked-GDT!E4BAA71A55E2
MAXmalware (ai score=84)
VBA32BScope.Trojan.AET.281105
MalwarebytesTrojan.MalPack
PandaTrj/GdSda.A
TrendMicro-HouseCallRansom_StopCrypt.R002C0DIG21
RisingTrojan.Kryptik!1.D975 (CLASSIC)
IkarusTrojan.Win32.Azorult
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HMNW!tr
AVGWin32:CrypterX-gen [Trj]
Paloaltogeneric.ml

How to remove Ransom:Win32/Stop.PAG!MTB?

Ransom:Win32/Stop.PAG!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment