Ransom

Ransom:Win32/Teerac.F removal guide

Malware Removal

The Ransom:Win32/Teerac.F is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/Teerac.F virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • A process created a hidden window
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Attempts to delete volume shadow copies
  • Behavior consistent with a dropper attempting to download the next stage.
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings
  • Creates a copy of itself
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom:Win32/Teerac.F?



File Info:

crc32: 010EF306
md5: af2154a07b0c7a440c9aeac1ac596ebd
name: AF2154A07B0C7A440C9AEAC1AC596EBD.mlw
sha1: 291da4671e06b28dba00cf9c87b1098ed82acd94
sha256: cfa654455f4235be59f68db6de566d66f49cc531d4ae824a8a2e01c1ff7d04bf
sha512: d3a43035369569cc283a0ff8d6c5aef9fb629b469d9316db9531c2f454f97e139234616306bfde1de666eb768d26344e0866e7940f56468fd1011450e3e765d5
ssdeep: 12288:J6ICbpn5viYlKBwvk1XHkzdbUziBJMQ8vXairNU:J6IynJg1XwRxMQiq
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: 
InternalName: Send Bug Report
FileVersion: 1.1.0.53
CompanyName: IObit  
LegalTrademarks: IObit
Comments: 
ProductName: 
ProductVersion: 1.1.0.0
FileDescription: Send Bug Report
OriginalFilename: Send Bug Report
Translation: 0x0409 0x04e4

Ransom:Win32/Teerac.F also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 005224381 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.761
CynetMalicious (score: 100)
CAT-QuickHealRansom.Cerber.MUE.A4
ALYacTrojan.Ransom.Crypto.1
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.1311246
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Teerac.0683c5b3
K7GWTrojan ( 005224381 )
Cybereasonmalicious.07b0c7
BaiduWin32.Trojan.Kryptik.anp
CyrenW32/Ransom.NY.gen!Eldorado
ESET-NOD32a variant of Win32/Kryptik.FEOX
APEXMalicious
AvastWin32:Trojan-gen
ClamAVWin.Ransomware.Cerber-6935710-0
KasperskyHEUR:Packed.Win32.Mentiger.gen
BitDefenderTrojan.Ransom.Crypto.1
NANO-AntivirusTrojan.Win32.TrjGen.efezjo
SUPERAntiSpywareRansom.Cryptolocker/Variant
MicroWorld-eScanTrojan.Ransom.Crypto.1
TencentMalware.Win32.Gencirc.10b56587
Ad-AwareTrojan.Ransom.Crypto.1
SophosML/PE-A + Mal/Ransom-EJ
ComodoTrojWare.Win32.Kryptik.ERJ@6l0vie
BitDefenderThetaGen:NN.ZexaF.34628.5q0@a0sfiXjj
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_HPCERBER.SM3
McAfee-GW-EditionBehavesLike.Win32.Dropper.dh
FireEyeGeneric.mg.af2154a07b0c7a44
EmsisoftTrojan.Ransom.Crypto.1 (B)
JiangminDownloader.LMN.dwr
AviraHEUR/AGEN.1129194
eGambitUnsafe.AI_Score_93%
MicrosoftRansom:Win32/Teerac.F
ArcabitTrojan.Ransom.Crypto.1
AegisLabHacktool.Win32.Generic.x!c
GDataTrojan.Ransom.Crypto.1
AhnLab-V3Win-Trojan/Lukitus2.Exp
Acronissuspicious
McAfeeGenericRXDI-ZN!AF2154A07B0C
MAXmalware (ai score=100)
VBA32BScope.Trojan.Encoder
MalwarebytesMalware.AI.4115280965
PandaTrj/GdSda.A
TrendMicro-HouseCallRansom_HPCERBER.SM3
RisingTrojan.Kryptik!1.AE9C (CLOUD)
SentinelOneStatic AI – Malicious PE
MaxSecureWin.MxResIcn.Heur.Gen
FortinetW32/Kryptik.HGZD!tr
AVGWin32:Trojan-gen
Qihoo-360Win32/Trojan.b59

How to remove Ransom:Win32/Teerac.F?

Ransom:Win32/Teerac.F removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment