Ransom

Should I remove “Troj/Ransom-FSO”?

Malware Removal

The Troj/Ransom-FSO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Ransom-FSO virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • Starts servers listening on 127.0.0.1:46715
  • Reads data out of its own binary image
  • A process created a hidden window
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Installs Tor on the infected machine
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Creates a hidden or system file
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Troj/Ransom-FSO?



File Info:

crc32: 1D335E4A
md5: 346c0d5722c95ac1ab099227c70e2b9f
name: 2c.jpg
sha1: dc859baf9302230f7b9eedf8347ab258e0add5bf
sha256: cb229ca0114835dd255b1069e9995581217ac862347fa81f8c6bd230bb3edcc2
sha512: b4b9aa0ada60ff0e16ec40928827f1f9b13b4241e1902c638217dc62bed13794d06d838ce84b4062edcfe5a6c8dece2ce09debb3e7ad73fc1cd20565f34adac3
ssdeep: 24576:K0XoSFVAgm6Tmhjh5PIiZzIibVAnh163BJcb:K/CVs6mjh9bVyaxKb
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

FileOldVersion: 1.0.4.4
InternalName: gjdtth.exe
Copyright: Copyright (C) 2020, odfgbiv
Translation: 0x0841 0x04c4

Troj/Ransom-FSO also known as:

BkavW32.AIDetectVM.malware
MicroWorld-eScanTrojan.GenericKD.32713656
FireEyeGeneric.mg.346c0d5722c95ac1
CAT-QuickHealRansom.Stop.P5
McAfeeGenericRXJC-QW!346C0D5722C9
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusTrojan ( 0055b0f71 )
BitDefenderTrojan.GenericKD.32713656
K7GWTrojan ( 0055b0f71 )
Cybereasonmalicious.f93022
TrendMicroTrojan.Win32.SMOKELOAD.SMD2.hp
F-ProtW32/Shade.AP
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Tofsee-7489241-0
GDataTrojan.GenericKD.32713656
KasperskyTrojan-Ransom.Win32.Agent.avzi
AlibabaRansom:Win32/Troldesh.1b735222
NANO-AntivirusTrojan.Win32.Encoder.ghvfsb
AegisLabAdware.Win32.SoftPulse.m2pZ
RisingTrojan.Kryptik!1.BE74 (CLOUD)
Endgamemalicious (high confidence)
EmsisoftTrojan.Generic.EF (A)
ComodoMalware@#3rlp9qyu0qu4z
F-SecureHeuristic.HEUR/AGEN.1045577
DrWebTrojan.Encoder.858
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
Trapminesuspicious.low.ml.score
SophosTroj/Ransom-FSO
IkarusTrojan-Downloader.Win32.SmokeLoader
CyrenW32/Trojan.NBHE-0176
JiangminTrojanDownloader.Bandit.avd
eGambitUnsafe.AI_Score_99%
AviraHEUR/AGEN.1045577
WebrootW32.Trojan.Gen
MAXmalware (ai score=83)
Antiy-AVLTrojan[Ransom]/Win32.Agent
ArcabitTrojan.Generic.D1F32BB8
ZoneAlarmTrojan-Ransom.Win32.Agent.avzi
MicrosoftRansom:Win32/Troldesh.A
AhnLab-V3Trojan/Win32.MalPe.R299328
Acronissuspicious
VBA32BScope.TrojanDownloader.Bandit
ALYacTrojan.Ransom.Shade
Ad-AwareTrojan.GenericKD.32713656
MalwarebytesTrojan.MalPack.GS
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/Kryptik.GYIT
TrendMicro-HouseCallTrojan.Win32.SMOKELOAD.SMD2.hp
TencentWin32.Trojan.Agent.Liqu
YandexRiskware.NetTool!
SentinelOneDFI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.GYIT!tr
BitDefenderThetaGen:NN.ZexaF.34100.av0@auwilQc
AVGWin32:TrojanX-gen [Trj]
AvastWin32:TrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Win32/Trojan.Ransom.0e7

How to remove Troj/Ransom-FSO?

Troj/Ransom-FSO removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment