Ransom

Ransom:Win32/Troldesh!rfn removal instruction

Malware Removal

The Ransom:Win32/Troldesh!rfn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/Troldesh!rfn virus can do?

  • Executable code extraction
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Russian
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Ransom:Win32/Troldesh!rfn?



File Info:

crc32: 29008928
md5: 210bbedc2a69de5707676a6a6735d2ac
name: 210BBEDC2A69DE5707676A6A6735D2AC.mlw
sha1: 18ce93881a8801a9457a1d8a77dfd4341d3b4002
sha256: ddf74ac48633d395d5e7258936989274d1efa46e500d636404bc6098f14faa9b
sha512: 190e4901cfbcbf8c2ed5341e6718e4daacbccdb2907b7cb0fe5a2dda11f17ec18726ee2e8f5a2524b106737ceb5220e5dfc3a07e38d1bfe74645d6394fff69f6
ssdeep: 12288:5AwlNHqPtWrqdt1bSyPNPaopdjtgUWlmf106xjuOyi6AOdZhHpA:pNHqZtEqtaoxCk10Eu5dnHpA
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0409 0x04b0
InternalName: Start
FileVersion: 1.01.0321
CompanyName: 
LegalTrademarks: View Xerrter Fertui's profile. Viadeo helps professionals like Xerrter Fertui boost their career
Comments: View Xerrter Fertui's profile. Viadeo helps professionals like Xerrter Fertui boost their career
ProductName: mecoi
ProductVersion: 1.01.0321
FileDescription: View Xerrter Fertui's profile. Viadeo helps professionals like Xerrter Fertui boost their career
OriginalFilename: Start.exe

Ransom:Win32/Troldesh!rfn also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.127244
FireEyeGeneric.mg.210bbedc2a69de57
CAT-QuickHealTrojan.VBCrypt.MF.9212
Qihoo-360Win32/Ransom.Shade.HgIASOUA
McAfeeGenericR-ENX!210BBEDC2A69
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Shade.tqvl
SangforMalware
K7AntiVirusTrojan ( 0055e3991 )
BitDefenderGen:Variant.Bulz.127244
K7GWTrojan ( 0055e3991 )
Cybereasonmalicious.c2a69d
BitDefenderThetaGen:NN.ZevbaF.34804.3m3@aWbT0Rnc
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:VB-AJGO [Trj]
ClamAVWin.Trojan.Johnnie-6622858-0
KasperskyTrojan-Ransom.Win32.Shade.uv
AlibabaRansom:Win32/Shade.bbc968fb
NANO-AntivirusTrojan.Win32.Shade.dxguoy
TencentMalware.Win32.Gencirc.10c6fb1e
Ad-AwareGen:Variant.Bulz.127244
SophosML/PE-A + Troj/Ransom-BJB
ComodoMalware@#25w75qgrst3zv
F-SecureTrojan:W32/Emotet.B
DrWebTrojan.DownLoader15.52331
ZillyaTrojan.Injector.Win32.320371
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
EmsisoftGen:Variant.Bulz.127244 (B)
IkarusTrojan.Win32.Injector
JiangminTrojan.VBKrypt.db
WebrootW32.Trojan.GenKD
AviraTR/Drop.Agent.xbwok
Antiy-AVLTrojan/Win32.VBKrypt
MicrosoftRansom:Win32/Troldesh!rfn
ArcabitTrojan.Bulz.D1F10C
ZoneAlarmTrojan-Ransom.Win32.Shade.uv
GDataGen:Variant.Bulz.127244
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C1077648
VBA32Hoax.Shade
ALYacGen:Variant.Bulz.127244
MAXmalware (ai score=100)
MalwarebytesAdware.Elex
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/Injector.CIUO
RisingRansom.Shade!8.12CC (CLOUD)
YandexTrojan.GenAsa!1Amfv1maC7I
SentinelOneStatic AI – Suspicious PE
eGambitGeneric.Dropper
FortinetW32/Injector.CJEB!tr
AVGWin32:VB-AJGO [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ransom:Win32/Troldesh!rfn?

Ransom:Win32/Troldesh!rfn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment