Ransom Trojan

Trojan-Ransom.NSIS.Xamyh.ada removal instruction

Malware Removal

The Trojan-Ransom.NSIS.Xamyh.ada is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.NSIS.Xamyh.ada virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • Executed a process and injected code into it, probably while unpacking
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Trojan-Ransom.NSIS.Xamyh.ada?



File Info:

crc32: 2D1847D0
md5: 38578f346948d29814324e749e66fb65
name: 38578F346948D29814324E749E66FB65.mlw
sha1: dad493e9de9b348bec2950c0ab84c63621bb6c4b
sha256: ad24442ea8852532a89f1351161c95ca9532c6eb143a97887b00ce61b87e7653
sha512: 74ee1b5412e612dfc3e3d323be62a518d1d73c63f7a28983a6ffbe64af77c672f709786d812d8470cc50c468c43c2d15b2ce56618ab0ce20f11aa17bbdcdaed2
ssdeep: 12288:kMjEoJiPAC+RxDKjRhZNYAbteRjG7og0oGrkHjP4y62ez9HCh3BSc937Nad3lLBT:kMjrJq5+RxDKjzPbtew7og07kDWdyLL8
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 2005-2012 Oleg N. Scherbakov
InternalName: 7ZSfxMod
FileVersion: 1.5.0.2712
CompanyName: Oleg N. Scherbakov
PrivateBuild: December 30, 2012
ProductName: 7-Zip SFX
ProductVersion: 1.5.0.2712
FileDescription: 7z Setup SFX (x86)
OriginalFilename: 7ZSfxMod_x86.exe
Translation: 0x0000 0x04b0

Trojan-Ransom.NSIS.Xamyh.ada also known as:

K7AntiVirusTrojan ( 0055e3f51 )
LionicTrojan.Win32.Zerber.j!c
DrWebTrojan.Boaxxe.492
CynetMalicious (score: 99)
CAT-QuickHealRansom.Onion.B
ALYacTrojan.GenericKD.33827222
CylanceUnsafe
AlibabaRansom:Win32/Zerber.f006239a
K7GWTrojan ( 0055e3f51 )
Cybereasonmalicious.46948d
CyrenW32/S-1d1fde68!Eldorado
SymantecTrojan.Gen
ESET-NOD32multiple detections
APEXMalicious
AvastWin32:Dropper-gen [Drp]
ClamAVWin.Ransomware.Cerber-9892415-0
KasperskyTrojan-Ransom.NSIS.Xamyh.ada
BitDefenderTrojan.GenericKD.33827222
NANO-AntivirusTrojan.Win32.Dwn.ehimfn
MicroWorld-eScanTrojan.GenericKD.33827222
TencentNsis.Trojan.Myxah.Ljud
Ad-AwareTrojan.GenericKD.33827222
SophosMal/Generic-R
BitDefenderThetaGen:NN.ZexaF.34170.gy3@aKz0@TfO
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_CERBER.F116JI
McAfee-GW-EditionRDN/Ransom
FireEyeGeneric.mg.38578f346948d298
EmsisoftTrojan.GenericKD.33827222 (B)
SentinelOneStatic AI – Malicious SFX
JiangminTrojan-Ransom.NSIS.Xamyh.a
AviraTR/Crypt.ZPACK.auilk
Antiy-AVLTrojan/Generic.ASMalwS.1BCD03A
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Tnega!ml
ArcabitTrojan.Generic.D2042996
ZoneAlarmTrojan-Ransom.NSIS.Xamyh.ada
GDataTrojan.GenericKD.33827222
TACHYONTrojan-PWS/W32.Tepfer.742675
McAfeeArtemis!38578F346948
MAXmalware (ai score=86)
VBA32SScope.Malware-Cryptor.Hlux
MalwarebytesMalware.AI.3671180496
PandaTrj/CI.A
TrendMicro-HouseCallRansom_CERBER.F116JI
RisingMalware.Obscure/Heur!1.A89E (CLASSIC)
YandexTrojan.DownLoader!fgaSxBhysV0
FortinetW32/Injector.GW!tr
AVGWin32:Dropper-gen [Drp]
Paloaltogeneric.ml

How to remove Trojan-Ransom.NSIS.Xamyh.ada?

Trojan-Ransom.NSIS.Xamyh.ada removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment