Ransom

How to remove “Ransom:Win32/Tobfy.L”?

Malware Removal

The Ransom:Win32/Tobfy.L is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/Tobfy.L virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

How to determine Ransom:Win32/Tobfy.L?



File Info:

crc32: 5F164C0D
md5: 5580e75d6e42ac15c892b640a4d20527
name: 5580E75D6E42AC15C892B640A4D20527.mlw
sha1: 6e1610a9f452be0f8c6bdbfb8d2a2fcc44221678
sha256: 186b7b25b6ec5159b2d67dd1df5e4eaf811756ae0b239b528d39b9bbbe7e1b5c
sha512: 58660ca5d446feb1cbb0a55d9f2cc308c447db22620c058772ad67c7f3ab5b57e224e7b782b80fe85e7f926321da0c499bb867d5ee5ff0fa8429bde1077805e0
ssdeep: 3072:5dm02kNdH6rih7zvfPRIQModK+l/ionaXUojcm2Ey/fnMEGqP67FUQvkUiGt62I:/XPdH6U7P2QZdK+lKonqafndGJvNiGt
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows


Version Info:

0: [No Data]

Ransom:Win32/Tobfy.L also known as:

BkavW32.AIDetectVM.malware2
Elasticmalicious (high confidence)
DrWebTrojan.Winlock.6658
MicroWorld-eScanTrojan.EmotetU.Gen.kGW@f4Oa6lci
FireEyeGeneric.mg.5580e75d6e42ac15
McAfeePWS-Zbot.gen.apm
MalwarebytesRansom.FileCryptor
VIPRETrojan.Win32.BcCheman.a (v)
K7AntiVirusPassword-Stealer ( 0040f2a31 )
BitDefenderTrojan.EmotetU.Gen.kGW@f4Oa6lci
K7GWPassword-Stealer ( 0040f2a31 )
BitDefenderThetaGen:NN.ZexaF.34804.kGW@a4Oa6lci
CyrenW32/Downloader.EK.gen!Eldorado
SymantecTrojan.Ransomlock!g8
TotalDefenseWin32/Ransom.ATQ
APEXMalicious
AvastWin32:Cryptor
ClamAVWin.Worm.Zbot-9759575-0
KasperskyTrojan.Win32.Wago.z
NANO-AntivirusTrojan.Win32.Yakes.zkzpo
ViRobotTrojan.Win32.A.Zbot.179200.AO
AegisLabTrojan.Win32.Yakes.4!c
RisingTrojan.Generic@ML.98 (RDML:RKDW1YIFtL9h5WO8pY8Fkw)
Ad-AwareTrojan.EmotetU.Gen.kGW@f4Oa6lci
TACHYONTrojan-Spy/W32.ZBot.179200.AT
EmsisoftTrojan.EmotetU.Gen.kGW@f4Oa6lci (B)
ComodoTrojWare.Win32.Injector.XANA@4rjadd
F-SecureTrojan.TR/Crypt.XPACK.Gen8
ZillyaTrojan.Yakes.Win32.6870
TrendMicroWORM_DORKBOT.SMC
McAfee-GW-EditionPWS-Zbot.gen.apm
SophosML/PE-A + Mal/BcCheMan-A
SentinelOneStatic AI – Suspicious PE
JiangminTrojan/Yakes.hnr
WebrootW32.Rogue.Gen
AviraTR/Crypt.XPACK.Gen8
Antiy-AVLTrojan/Win32.Yakes
MicrosoftRansom:Win32/Tobfy.L
ArcabitTrojan.EmotetU.Gen.ECD1B07
ZoneAlarmTrojan.Win32.Wago.z
GDataTrojan.EmotetU.Gen.kGW@f4Oa6lci
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Ransomlock.C2299896
Acronissuspicious
VBA32BScope.Malware-Cryptor.Oop
ALYacTrojan.EmotetU.Gen.kGW@f4Oa6lci
MAXmalware (ai score=81)
PandaTrj/CI.A
ESET-NOD32a variant of Win32/Injector.XRY
TrendMicro-HouseCallWORM_DORKBOT.SMC
TencentWin32.Trojan.Yakes.bgjw
YandexTrojan.Injector!cW2IYeQ4nxY
IkarusTrojan.Win32.Yakes
FortinetW32/Injector.XNT!tr
AVGWin32:Cryptor
Cybereasonmalicious.d6e42a
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.e6d

How to remove Ransom:Win32/Tobfy.L?

Ransom:Win32/Tobfy.L removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment