Ransom • Trojan

Trojan-Ransom.MSIL.Blocker removal guide

The Trojan-Ransom.MSIL.Blocker is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan-Ransom.MSIL.Blocker virus can do?

Network activity detected but not expressed in API logs

How to determine Trojan-Ransom.MSIL.Blocker?


File Info:
crc32: F4C3A2E9
md5: 93a02efc3319e40884d86f0603d6073d
name: upload_file
sha1: df7966c6dda6c785ad4bcf5b7a49f0a99a9bc51e
sha256: de7e69ec920dccdc40220e414a2d1b3bc05e53c5f5ea34e309bd3365aa5dae78
sha512: 620172b1822721b279eb1b92d288a2ee82056b77c91c59134edc1aa727524bee2e5211cc41d69e67b1dc1caf9c555e5f475b3fca97d3dd3b94b224443e5fc2c7
ssdeep: 12288:gHX8kTaa4C/vW/R7h2Iq2oJUadK0RXgJ3ukGHN5uKyOtTiZfhz:gHLTEJ9rqUozRlkGLuKyYTQ
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 2010 - 2019
Assembly Version: 0.0.0.0
InternalName: chuloway.exe
FileVersion: 8.12.17.21
CompanyName: 8p&Cm%P2H4*r/Rk7
Comments: Bz2)4W/nf@9X(5Dd
ProductName: d^4J3D%qb6N/S_9
ProductVersion: 8.12.17.21
FileDescription: d^4J3D%qb6N/S_9
OriginalFilename: chuloway.exe

Trojan-Ransom.MSIL.Blocker also known as:

FireEye	Generic.mg.93a02efc3319e408
Qihoo-360	Generic/Trojan.Ransom.8af
McAfee	Fareit-FVT!93A02EFC3319
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.MSIL.Blocker.j!c
Sangfor	Malware
K7AntiVirus	Trojan ( 0056ba301 )
BitDefender	Trojan.GenericKD.43572819
K7GW	Trojan ( 0056ba301 )
BitDefenderTheta	Gen:NN.ZemsilF.34144.xn0@a4IiEgc
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 85)
GData	Trojan.GenericKD.43572819
Kaspersky	HEUR:Trojan-Ransom.MSIL.Blocker.gen
Alibaba	Trojan:MSIL/Kryptik.56342bb6
MicroWorld-eScan	Trojan.GenericKD.43572819
Ad-Aware	Trojan.GenericKD.43572819
Emsisoft	Trojan.GenericKD.43572819 (B)
F-Secure	Trojan.TR/Kryptik.iqafc
Sophos	Mal/Generic-S
Ikarus	Trojan-Spy.Keylogger.AgentTesla
Cyren	W32/MSIL_Kryptik.AHE.gen!Eldorado
Webroot	W32.Adware.Gen
Avira	TR/Kryptik.iqafc
MAX	malware (ai score=83)
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.D298DE53
ViRobot	Trojan.Win32.Z.Kryptik.1440256
ZoneAlarm	HEUR:Trojan-Ransom.MSIL.Blocker.gen
Microsoft	Trojan:Win32/Ymacco.AAC6
AhnLab-V3	Malware/Win32.RL_Generic.C4172954
ALYac	Trojan.GenericKD.43572819
Malwarebytes	Trojan.MalPack.Caesar
ESET-NOD32	a variant of MSIL/Kryptik.XDM
Rising	Ransom.Blocker!8.12A (CLOUD)
AVG	Win32:PWSX-gen [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (W)
MaxSecure	Trojan.Malware.300983.susgen

How to remove Trojan-Ransom.MSIL.Blocker?

Trojan-Ransom.MSIL.Blocker removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X