Ransom Trojan

How to remove “Trojan.Ransom.Spora.F”?

Malware Removal

The Trojan.Ransom.Spora.F is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Ransom.Spora.F virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Anomalous binary characteristics

How to determine Trojan.Ransom.Spora.F?



File Info:

crc32: 6E511B1F
md5: a4179ab844a6d5a4bf0bf32b8f6da03b
name: A4179AB844A6D5A4BF0BF32B8F6DA03B.mlw
sha1: e8585646a45a7ac0b541e36e648744b50aca71a4
sha256: ad21e5d4ba2ee71408b46694aa3fbddae11737b722aab9e72c0351239e219750
sha512: ac07b144774d59f318d2ef98deb417abb84d2d04282b76db7211a0aad6cfdb570df8809e0263b82a1761df0e8a29c279e416239d028012fbbb773f3006624888
ssdeep: 3072:FiGWfvnheAmUCdDyIoApwuevV0Qqv9cnKe+ECTxPYU:F2vnhRmVdLpwHvVqlcd+EC9
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright:  (C) 2009
InternalName: calculate
FileVersion: 1, 0, 0, 1
CompanyName: 
PrivateBuild: 
LegalTrademarks: 
Comments: 
ProductName: calculate 
SpecialBuild: 
ProductVersion: 1, 0, 0, 1
FileDescription: calculate
OriginalFilename: calculate.EXE
Translation: 0x0407 0x04e4

Trojan.Ransom.Spora.F also known as:

K7AntiVirusTrojan ( 00502a2c1 )
Elasticmalicious (high confidence)
DrWebBackDoor.Siggen2.1859
CynetMalicious (score: 100)
ALYacTrojan.Ransom.Spora.F
CylanceUnsafe
ZillyaTrojan.PetrWrap.Win32.4
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaRansom:Win32/PetrWrap.192a4c16
K7GWTrojan ( 00502a2c1 )
Cybereasonmalicious.844a6d
CyrenW32/Trojan.RJSW-8082
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.DKYQ
APEXMalicious
AvastWin32:Dropper-gen [Drp]
KasperskyTrojan-Ransom.Win32.PetrWrap.a
BitDefenderTrojan.Ransom.Spora.F
NANO-AntivirusTrojan.Win32.PetrWrap.elpeaw
ViRobotTrojan.Win32.Spora.163843
MicroWorld-eScanTrojan.Ransom.Spora.F
TencentMalware.Win32.Gencirc.10b58791
Ad-AwareTrojan.Ransom.Spora.F
SophosML/PE-A + Troj/Ransom-EFS
ComodoMalware@#1rugmaurt9ced
BitDefenderThetaGen:NN.ZexaF.34608.jqW@aOktM9ab
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
FireEyeGeneric.mg.a4179ab844a6d5a4
EmsisoftTrojan.Ransom.Spora.F (B)
SentinelOneStatic AI – Suspicious PE
AviraHEUR/AGEN.1108493
eGambitUnsafe.AI_Score_99%
MicrosoftRansom:Win32/Spora.A
ArcabitTrojan.Ransom.Spora.F
AegisLabTrojan.Win32.PetrWrap.j!c
ZoneAlarmTrojan-Ransom.Win32.PetrWrap.a
GDataTrojan.Ransom.Spora.F
TACHYONRansom/W32.PetrWrap.159744
AhnLab-V3Trojan/Win32.Spora.R194975
Acronissuspicious
McAfeeGenericRXAZ-HQ!A4179AB844A6
MAXmalware (ai score=100)
VBA32Trojan-Ransom.PetrWrap
MalwarebytesTrojan.Xcsidl
PandaTrj/Genetic.gen
RisingRansom.PetrWrap!8.E49E (CLOUD)
YandexTrojan.GenAsa!bc4tHgpJ/Wk
IkarusTrojan.Win32.Injector
FortinetW32/Injector.DMED!tr
AVGWin32:Dropper-gen [Drp]
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.PetrWrap.HgIASOUA

How to remove Trojan.Ransom.Spora.F?

Trojan.Ransom.Spora.F removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment