Categories: Ransom

Ransom:Win32/Zeppelin.A!MSR removal guide

The Ransom:Win32/Zeppelin.A!MSR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom:Win32/Zeppelin.A!MSR virus can do?

At least one process apparently crashed during execution
Injection with CreateRemoteThread in a remote process
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
A process attempted to delay the analysis task.
A process created a hidden window
Drops a binary and executes it
Uses Windows utilities for basic functionality
Code injection with CreateRemoteThread in a remote process
Attempts to delete volume shadow copies
Deletes its original binary from disk
Modifies boot configuration settings
A system process is generating network traffic likely as a result of process injection
Installs itself for autorun at Windows startup
Exhibits possible ransomware file modification behavior
Writes a potential ransom message to disk
Likely virus infection of existing system binary
Clears Windows events or logs
Creates a copy of itself
Uses suspicious command line tools or Windows utilities

Related domains:

geoiptool.com

iplogger.org

How to determine Ransom:Win32/Zeppelin.A!MSR?


File Info:
crc32: BD374CCBmd5: f42abb7569dbc2ff5faa7e078cb71476name: default.exesha1: 04530a6165fc29ab536bab1be16f6b87c46288e6sha256: 516475caf3fbd1f0c0283572550528f1f9e7b502dce5fb6b89d40f366a150bfdsha512: 3277534a02435538e144dea3476416e1d9117fcddef3dcb4379b82f33516c3e87767c3b0d2b880e61a3d803b583c96d772a0bdeecbfc109fe66444e9b29216afssdeep: 6144:zia1vcaEaA+HPsISAzG44DQFu/U3buRKlemZ9DnGAeWBES+:zHctWvVSAx4DQFu/U3buRKlemZ9DnGAtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
0: [No Data]

Ransom:Win32/Zeppelin.A!MSR also known as:

Bkav	W32.AIDetectVM.malware2
MicroWorld-eScan	Generic.Ransom.Buhtrap.2513DF63
FireEye	Generic.mg.f42abb7569dbc2ff
McAfee	GenericRXJE-WA!F42ABB7569DB
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 0055b3591 )
BitDefender	Generic.Ransom.Buhtrap.2513DF63
K7GW	Trojan ( 0055b3591 )
Cybereason	malicious.569dbc
Invincea	heuristic
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
GData	Generic.Ransom.Buhtrap.2513DF63
Kaspersky	HEUR:Trojan.Win32.Agent.gen
Alibaba	Ransom:Win32/Zeppelin.a542f583
NANO-Antivirus	Trojan.Win32.Encoder.hbetkw
Rising	Ransom.Buhtrap!1.C04E (CLOUD)
Endgame	malicious (high confidence)
Sophos	Mal/Behav-010
F-Secure	Trojan.TR/RedCap.tztzy
DrWeb	Trojan.Encoder.31043
TrendMicro	Ransom.Win32.ZEPPELIN.SMTH
McAfee-GW-Edition	BehavesLike.Win32.Backdoor.dh
Trapmine	suspicious.low.ml.score
Emsisoft	Generic.Ransom.Buhtrap.2513DF63 (B)
Ikarus	Trojan-Ransom.Buran
Cyren	W32/Ransom.LV.gen!Eldorado
Webroot	W32.Malware.Gen
Avira	TR/RedCap.tztzy
MAX	malware (ai score=82)
Antiy-AVL	Trojan[Ransom]/Win32.Buran.a
Microsoft	Ransom:Win32/Zeppelin.A!MSR
Arcabit	Generic.Ransom.Buhtrap.2513DF63
AegisLab	Trojan.Win32.Agent.4!c
ZoneAlarm	HEUR:Trojan.Win32.Agent.gen
AhnLab-V3	Malware/Win32.Generic.C3574288
BitDefenderTheta	AI:Packer.AFA0E9E71E
ALYac	Trojan.Ransom.VegaLocker
VBA32	BScope.TrojanRansom.Crypmod
Malwarebytes	Ransom.Jamper.brn
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Filecoder.Buran.H
TrendMicro-HouseCall	Ransom.Win32.ZEPPELIN.SMTH
Tencent	Malware.Win32.Gencirc.10b86475
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Buran.H!tr.ransom
Ad-Aware	Generic.Ransom.Buhtrap.2513DF63
AVG	FileRepMalware
Avast	Win32:Dh-A [Heur]
CrowdStrike	win/malicious_confidence_100% (W)