Categories: Ransom

About “Ransom:Win32/Troldesh.A!bit” infection

The Ransom:Win32/Troldesh.A!bit is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom:Win32/Troldesh.A!bit virus can do?

Executable code extraction
Presents an Authenticode digital signature
Creates RWX memory
Reads data out of its own binary image
The binary likely contains encrypted or compressed data.
Collects information about installed applications
Creates a hidden or system file
Network activity detected but not expressed in API logs
Creates a copy of itself
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Ransom:Win32/Troldesh.A!bit?


File Info:
crc32: E5A4209Fmd5: 985458b52c78c0ee2356cc25172f7277name: sserv.jpgsha1: fc487008021692b99267447bb9ac73755cfa2997sha256: 981e0d084f78e268294fe3c0a5ecc4869bb189aff927a6b6a5da0cad61b4fca4sha512: 4ebfe198bd474fdb8a7d282cd52442f2cc00bf3a636cb6efc40e4b98a780eabb0efd2f3a7e872857e5190aa6f4ab73d940c2935fedacec22e7b265ff96cda66dssdeep: 24576:AinBv073hiuK+BP9lbifbKw1ohJkdV4KrY:Am0jsuKWlmOrhJIV4dtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright (C) 2014 AVG Technologies CZ, s.r.o.InternalName: VistaAux.exeFileVersion: 17.3.3443.0CompanyName: AVG Technologies CZ, s.r.o.ProductName: AVG Internet Security System ProductVersion: 17.3.3443.0FileDescription: AVG Virus scannerOriginalFilename: VistaAux.exeTranslation: 0x0409 0x04e4

Ransom:Win32/Troldesh.A!bit also known as:

MicroWorld-eScan	Trojan.GenericKD.31361640
FireEye	Generic.mg.985458b52c78c0ee
CAT-QuickHeal	Trojan.IGENERIC
McAfee	Generic.buc
Malwarebytes	Ransom.FileCryptor
VIPRE	Win32.Malware!Drop
AegisLab	Trojan.Win32.Shade.tpKI
K7AntiVirus	Trojan ( 004b8aa51 )
BitDefender	Trojan.GenericKD.31361640
K7GW	Trojan ( 004b8aa51 )
Cybereason	malicious.52c78c
Invincea	heuristic
F-Prot	W32/Shade.O
Symantec	Downloader
APEX	Malicious
Paloalto	generic.ml
GData	Win32.Trojan-Ransom.Shade.3A1UFU
Kaspersky	Trojan-Ransom.Win32.Shade.pbx
Alibaba	Ransom:Win32/Shade.fdcd1b64
NANO-Antivirus	Trojan.Win32.Shade.fkklvp
ViRobot	Trojan.Win32.S.Ransom.1066248.A
Rising	Ransom.Troldesh!8.5D1 (KTSE)
Ad-Aware	Trojan.GenericKD.31361640
Sophos	Troj/Xtbl-BD
Comodo	Malware@#da0t3rgfpq7f
F-Secure	Trojan.TR/FileCoder.AJ
DrWeb	Trojan.Encoder.26601
Zillya	Trojan.Shade.Win32.871
TrendMicro	TROJ_FRS.0NA103KK18
McAfee-GW-Edition	Generic.buc
Trapmine	malicious.moderate.ml.score
Emsisoft	Trojan.GenericKD.31361640 (B)
Ikarus	Ransom.Win32.Troldesh
Cyren	W32/Trojan.EIIA-8447
Jiangmin	Trojan.Shade.rv
Webroot	W32.Adware.Gen
Avira	TR/FileCoder.AJ
Antiy-AVL	Trojan[Ransom]/Win32.Shade
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.D1DE8A68
SUPERAntiSpyware	Ransom.MalPack/Variant
ZoneAlarm	Trojan-Ransom.Win32.Shade.pbx
Microsoft	Ransom:Win32/Troldesh.A!bit
AhnLab-V3	Malware/Win32.RL_Generic.R264656
Acronis	suspicious
VBA32	BScope.TrojanRansom.Shade
ALYac	Trojan.Ransom.Shade
MAX	malware (ai score=100)
Cylance	Unsafe
Panda	Trj/WLT.E
Zoner	Trojan.Win32.74252
ESET-NOD32	Win32/Filecoder.Shade.B
TrendMicro-HouseCall	TROJ_FRS.0NA103KK18
Yandex	Trojan.Shade!
SentinelOne	DFI – Malicious PE
eGambit	PE.Heur.InvalidSig
Fortinet	W32/Shade.BD!tr
AVG	Win32:Malware-gen
Avast	Win32:Malware-gen
Qihoo-360	Win32/Trojan.Ransom.d4b