Trojan-Ransom.NSIS.Zerber removal guide

The Trojan-Ransom.NSIS.Zerber is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Ransom.NSIS.Zerber virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
A process attempted to delay the analysis task.
Reads data out of its own binary image
Deletes its original binary from disk
Executed a process and injected code into it, probably while unpacking
Checks the version of Bios, possibly for anti-virtualization
Checks the CPU name from registry, possibly for anti-virtualization
Creates a copy of itself
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Trojan-Ransom.NSIS.Zerber?


File Info:
crc32: FBA8A78E
md5: 0959d7f3742179485aec77a13b80451d
name: 0959D7F3742179485AEC77A13B80451D.mlw
sha1: a092a0de3311aff6e4fa52d2dc933090c67d511f
sha256: 13829ea7e3b106031ba2c36972ba84ed73751dca9d3d034a0aa302c472a5971b
sha512: 93f5a16d4d1c597fed8179bc817e0630c59e4994f0bdf1d4bf6eb3edf9f7ecd44c5947f8a904d9d9cc8f740add7321efefcafc7898f38454210e5ce7e2b38cc5
ssdeep: 3072:GNdm6/Xbi5XJC/O45RzVuXXnoMrbe2JH+uCMatInkIBJ00ISgxXpixQw+WSw/KN:Gn/L+GOmzE4MrbXBLaikIBJ0tSEX6+Qo
type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

Version Info:
0: [No Data]

Trojan-Ransom.NSIS.Zerber also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 0055e3f51 )
Lionic	Trojan.NSIS.Generic.j!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Click3.25793
Cynet	Malicious (score: 100)
ALYac	Trojan.GenericKD.3003276
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_70% (D)
K7GW	Trojan ( 0055e3f51 )
Cybereason	malicious.374217
Cyren	W32/Cerber.ZXKZ-6074
Symantec	Trojan.Gen.2
ESET-NOD32	multiple detections
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Dropper.Cerber-9845751-0
Kaspersky	HEUR:Trojan-Ransom.NSIS.Zerber.gen
BitDefender	Trojan.NSIS.Androm.11
NANO-Antivirus	Trojan.Win32.Panda.ehxjtd
MicroWorld-eScan	Trojan.NSIS.Androm.11
Tencent	Win32.Trojan.Raasj.Auto
Sophos	Mal/Generic-R + Mal/Miuref-L
Comodo	Malware@#2npm1usl9qpqu
F-Secure	Heuristic.HEUR/AGEN.1120699
BitDefenderTheta	Gen:NN.ZedlaF.34110.lC8@auDqNGe
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_HPCERBER.SMNSX
McAfee-GW-Edition	BehavesLike.Win32.AdwareAdload.cc
FireEye	Generic.mg.0959d7f374217948
Emsisoft	Trojan.NSIS.Androm.11 (B)
SentinelOne	Static AI – Malicious PE
Webroot	W32.Trojan.Ransom
Avira	HEUR/AGEN.1124303
Antiy-AVL	Trojan/Win32.TSGeneric
Microsoft	Trojan:Win32/Miuref.R
Arcabit	Trojan.Generic.D2DD38C
SUPERAntiSpyware	Ransom.Cerber/Variant
ZoneAlarm	HEUR:Trojan-Ransom.NSIS.Zerber.gen
GData	Trojan.GenericKD.3003276
AhnLab-V3	Trojan/Win32.Miuref.R189513
McAfee	RDN/Generic.bds
MAX	malware (ai score=100)
VBA32	Trojan.Click
Malwarebytes	Generic.Malware/Suspicious
Panda	Trj/CI.A
TrendMicro-HouseCall	Ransom_HPCERBER.SMNSX
Rising	Trojan.Generic@ML.91 (RDML:08seR6qkxuqHAQu8TvZD0g)
Yandex	Trojan.GenAsa!rCXNmI7/ldk
Fortinet	W32/InjectorGen.DGRI!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml

How to remove Trojan-Ransom.NSIS.Zerber?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan-Ransom.NSIS.Zerber removal guide