Ransom Trojan

Trojan.Ransom.MBRlock removal

Malware Removal

The Trojan.Ransom.MBRlock is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Ransom.MBRlock virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Likely installs a bootkit via raw harddisk modifications
  • Attempts to restart the guest VM
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself

How to determine Trojan.Ransom.MBRlock?



File Info:

crc32: 04E66FD1
md5: 14435889b2ecea4f3ff9601d28b41f6e
name: 14435889B2ECEA4F3FF9601D28B41F6E.mlw
sha1: 0a257cf8a9d3b36e3876e759066dc98d1e6a770e
sha256: b930289632a67a2221cae7eff523d806a0489560b76309b619aa08b3d0768994
sha512: c31a4495111e2fb816ce83eac2fa19eea1d8a436563e735d0cca4a4d27a353fd4a8fbe2e3e9d343cf665a8facb3f7abe6017948945fc76bf886b46a394ae00b1
ssdeep: 24576:2Yt/urxjPFN3RAqDuTZiUytrwGCjob3xPk:2m/2PF8yuImcb3xPk
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: byxff1ax635ex5934x7f51x7edc
FileVersion: 1.0.0.0
CompanyName: byxff1ax635ex5934x7f51x7edc
Comments: x8bb0x5f69x6218x961fx4e13x7528CFx5f3aT
ProductName: x8bb0x5f69x6218x961fx4e13x7528CFx5f3aT
ProductVersion: 1.0.0.0
FileDescription: x8bb0x5f69x6218x961fx4e13x7528CFx5f3aT
Translation: 0x0804 0x04b0

Trojan.Ransom.MBRlock also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 005246d51 )
LionicTrojan.Win32.Foreign.4!c
Elasticmalicious (high confidence)
DrWebTrojan.MBRlock.256
CynetMalicious (score: 100)
CAT-QuickHealTrojan.GenericRI.S13885534
ALYacTrojan.Ransom.MBRlock
CylanceUnsafe
ZillyaTrojan.Foreign.Win32.58285
SangforWin.Malware.Zusy-6840460-0
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaRansom:Win32/Foreign.e205bd42
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.9b2ece
CyrenW32/Agent.EW.gen!Eldorado
SymantecTrojan Horse
ESET-NOD32a variant of Win32/MBRlock.BA
APEXMalicious
AvastWin32:RansomX-gen [Ransom]
ClamAVWin.Malware.Flystudio-9875686-0
KasperskyUDS:Trojan.Win32.Agent.sb
BitDefenderGen:Variant.Ransom.MBRLock.3
NANO-AntivirusTrojan.Win32.MBRlock.euwouz
MicroWorld-eScanGen:Variant.Ransom.MBRLock.3
TencentWin32.Trojan.Mbr-locker.Jqgq
Ad-AwareGen:Variant.Ransom.MBRLock.3
SophosGeneric PUA AK (PUA)
ComodoWorm.Win32.Dropper.RA@1qraug
BitDefenderThetaGen:NN.ZexaF.34796.4q0@a81XDthb
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom.Win32.MBRLOCKER.SM
McAfee-GW-EditionBehavesLike.Win32.Generic.dh
FireEyeGeneric.mg.14435889b2ecea4f
EmsisoftGen:Variant.Ransom.MBRLock.3 (B)
SentinelOneStatic AI – Malicious PE
JiangminHeur:Trojan/AntiAV
WebrootW32.Malware.Gen
AviraTR/Redcap.ldxuu
Antiy-AVLTrojan/Generic.ASCommon.FA
MicrosoftRansom:Win32/Molock!rfn
GDataWin32.Trojan.PSE.19Q2126
AhnLab-V3Malware/Win32.Generic.C2356217
Acronissuspicious
McAfeeGenericRXMT-HU!14435889B2EC
MAXmalware (ai score=100)
VBA32TrojanRansom.Foreign
MalwarebytesTrojan.MalPack.FlyStudio
PandaTrj/GdSda.A
TrendMicro-HouseCallRansom.Win32.MBRLOCKER.SM
RisingRansom.Dexcrypt!1.B151 (CLASSIC)
YandexTrojan.GenAsa!8Pse7bGjdGs
IkarusTrojan.Win32.MBRlock
FortinetW32/MBRlock.BA!tr.ransom
AVGWin32:RansomX-gen [Ransom]
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Foreign.HgIASQsA

How to remove Trojan.Ransom.MBRlock?

Trojan.Ransom.MBRlock removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment