Categories: Ransom

Ransom:Win32/Teerac!rfn removal tips

The Ransom:Win32/Teerac!rfn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom:Win32/Teerac!rfn virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
A process attempted to delay the analysis task.
Reads data out of its own binary image
A process created a hidden window
Executed a process and injected code into it, probably while unpacking
Attempts to delete volume shadow copies
A system process is generating network traffic likely as a result of process injection
Behavior consistent with a dropper attempting to download the next stage.
Installs itself for autorun at Windows startup
Attempts to modify proxy settings
Attempts to modify browser security settings
Creates a copy of itself
Harvests credentials from local FTP client softwares
Harvests information related to installed mail clients
Collects information to fingerprint the system
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

How to determine Ransom:Win32/Teerac!rfn?


File Info:
crc32: 9D27BAADmd5: c86a3887813d7c084833973c910b02a4name: C86A3887813D7C084833973C910B02A4.mlwsha1: 10f35960a8b8399dd03a30795976222b84505f65sha256: a96e010f86d38528ff6039c16a36d75feef2471df9b6b3955a1f4c51d82fbf7dsha512: 427a27cd6e08e453116243d76f7a6cab15fccfc664f72b07c5b9b33bf231b052677f6ba536381b4acd9ede4b69e1ae9b18a6f05f74ace68685b77b8a202302dfssdeep: 6144:EAsBZ7WEysj09jdWQKDP9+roqRStG1s6ZIaw1JgpxiGCn3mFb0+EhOYh+NjwI4Vg:WWM87fSc1smEJgXUn3gXGOYhswIJtype: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Version Info:
0: [No Data]

Ransom:Win32/Teerac!rfn also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 0055e3ef1 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.4549
MicroWorld-eScan	Trojan.GenericKD.3240422
ALYac	Trojan.GenericKD.3240422
Cylance	Unsafe
Zillya	Trojan.Onion.Win32.1095
Sangfor	Trojan.Win32.GenericKD.4
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Backdoor:Win32/Androm.6d437a3b
K7GW	Trojan ( 0055e3ef1 )
Cybereason	malicious.7813d7
Symantec	Ransom.TorrentLocker
ESET-NOD32	Win32/Filecoder.TorrentLocker.A
APEX	Malicious
Avast	Win32:Malware-gen
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Backdoor.Win32.Androm.gen
BitDefender	Trojan.GenericKD.3240422
NANO-Antivirus	Trojan.Win32.Encoder.ecnlxe
ViRobot	Dropper.S.Agent.380007
Tencent	Win32.Trojan.Filecoder.Syrq
Ad-Aware	Trojan.GenericKD.3240422
Sophos	Mal/Generic-R + Mal/Cerber-Z
Comodo	Malware@#sdotzqvaqep8
BitDefenderTheta	Gen:NN.ZedlaF.34628.du8@aCbE@Nbi
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_CRILOCK.CBQ165G
McAfee-GW-Edition	BehavesLike.Win32.Dropper.fc
FireEye	Generic.mg.c86a3887813d7c08
Emsisoft	Trojan.GenericKD.3240422 (B)
SentinelOne	Static AI – Suspicious PE
Webroot	W32.Trojan.Gen
Avira	TR/Dropper.Gen
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Ransom:Win32/Teerac!rfn
Arcabit	Trojan.Generic.D3171E6
AegisLab	Trojan.Win32.Androm.4!c
ZoneAlarm	HEUR:Backdoor.Win32.Androm.gen
GData	Trojan.GenericKD.3240422
AhnLab-V3	Trojan/Win32.ZBot.C1442030
McAfee	Artemis!C86A3887813D
MAX	malware (ai score=100)
VBA32	Trojan-Ransom.Onion
Panda	Trj/CI.A
TrendMicro-HouseCall	Ransom_CRILOCK.CBQ165G
Rising	Trojan.Injector!8.C4 (CLOUD)
Ikarus	Trojan.Win32.Injector
Fortinet	W32/Malicious_Behavior.VEX
AVG	Win32:Malware-gen
Qihoo-360	Win32/Backdoor.Androm.HyoDEpsA