Ransom:Win32/WastedLocker.WT!MTB malicious file

Malware Removal

The Ransom:Win32/WastedLocker.WT!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Review

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Ransom:Win32/WastedLocker.WT!MTB virus can do?

  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Attempts to delete volume shadow copies
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom:Win32/WastedLocker.WT!MTB?


File Info:

crc32: B0BCF431
md5: ecb00e9a61f99a7d4c90723294986bbc
name: tmphq1jb7s2
sha1: be59c867da75e2a66b8c2519e950254f817cd4ad
sha256: 8897db876553f942b2eb4005f8475a232bafb82a50ca7761a621842e894a3d80
sha512: 9dee79827d865de41a63962b419eed7e1f9610ff27f00f8b7b2b9f51e905d5db907d310da590d8f1a11ac88e549373edf39bffdb44d1b205728f1b5e0a43aa5e
ssdeep: 1536:d2SYM6dDF+WO8Rh51yXjk2JqdT8LONUeCSC0eWNF:dLYndDg8v51cZoHNF
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Ransom:Win32/WastedLocker.WT!MTB also known as:

BkavW32.AIDetectVM.malware1
DrWebTrojan.Encoder.31904
MicroWorld-eScanGen:Variant.Razy.702165
FireEyeGeneric.mg.ecb00e9a61f99a7d
CAT-QuickHealTrojan.IGENERIC
Qihoo-360Win32/Trojan.288
ALYacSpyware.Ursnif
MalwarebytesRansom.BinADS
AegisLabTrojan.Win32.DelShad.4!c
SangforMalware
K7AntiVirusSpyware ( 0054f96e1 )
BitDefenderGen:Variant.Razy.702165
K7GWSpyware ( 0054f96e1 )
Cybereasonmalicious.a61f99
ArcabitTrojan.Razy.DAB6D5
TrendMicroRansom.Win32.WASTEDLOCKER.AA
BitDefenderThetaAI:Packer.4B82F4AF1E
CyrenW32/Trojan.XAEM-2131
SymantecRansom.WastedLocker
ESET-NOD32a variant of Win32/Filecoder.WastedLocker.A
TrendMicro-HouseCallRansom.Win32.WASTEDLOCKER.AA
Paloaltogeneric.ml
KasperskyTrojan.Win32.DelShad.dhi
AlibabaTrojanSpy:Win32/DelShad.16a8c73b
RisingRansom.WastedLocker!8.11D3E (CLOUD)
Ad-AwareGen:Variant.Razy.702165
EmsisoftGen:Variant.Razy.702165 (B)
ComodoMalware@#27gly5zu0ambg
F-SecureTrojan.TR/Crypt.XPACK.Gen3
VIPRETrojan.Win32.Generic!BT
Invinceaheuristic
SophosTroj/Agent-BEZX
SentinelOneDFI – Suspicious PE
JiangminTrojan.DelShad.xv
WebrootW32.Ransom.Gen
AviraTR/Crypt.XPACK.Gen3
FortinetW32/DelShad.CR!tr.ransom
Antiy-AVLTrojan/Win32.DelShad
Endgamemalicious (high confidence)
MicrosoftRansom:Win32/WastedLocker.WT!MTB
ViRobotTrojan.Win32.S.Ransom.57344.F
ZoneAlarmTrojan.Win32.DelShad.dhi
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C4139121
McAfeeRDN/Generic PWS.y
MAXmalware (ai score=86)
VBA32BScope.Trojan.DelShad
CylanceUnsafe
PandaTrj/GdSda.A
APEXMalicious
TencentWin32.Trojan.Crypt.Anzc
YandexTrojanSpy.Ursnif!imY8FkMVmOs
IkarusTrojan-Ransom.WastedLocker
eGambitUnsafe.AI_Score_97%
GDataGen:Variant.Razy.702165
AVGWin32:MalwareX-gen [Trj]
AvastWin32:MalwareX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ransom:Win32/WastedLocker.WT!MTB?

Ransom:Win32/WastedLocker.WT!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment