Trojan.Ransom.VegaLocker removal tips

The Trojan.Ransom.VegaLocker is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Ransom.VegaLocker virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (4 unique times)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Drops a binary and executes it
Performs some HTTP requests
Executed a very long command line or script command which may be indicative of chained commands or obfuscation
Uses Windows utilities for basic functionality
Attempts to delete volume shadow copies
Modifies boot configuration settings
Installs itself for autorun at Windows startup
Clears Windows events or logs
Creates a copy of itself
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

Related domains:

iplogger.ru

iplogger.org

apps.identrust.com

isrg.trustid.ocsp.identrust.com

ocsp.int-x3.letsencrypt.org

How to determine Trojan.Ransom.VegaLocker?


File Info:
crc32: 86765CFA
md5: 824c20b4ba06bd9ec5ed999cb7525b36
name: b.exe
sha1: c6e2707673294e7000d389405db0718c7c5a980c
sha256: 24d70038e548e6e1322e5922587d803f181a5a0d8ba95a1a264caa93ccc664a7
sha512: b523b224946e482411de1e34efc8cd40ee831b4c7c27bcbe3670fcb98b7ae9871d494bb4f4fe441c277ab846539a2d258be8967eb7c3e943eb25231c426cd82b
ssdeep: 3072:m87zzhhyoKQMl92cyrrabaDo8RKQELAW0NHMG/CifYNk1G84ot2fm/6X0Sk2LF:m8/zhQadRb1Ht0ot4YYX
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Trojan.Ransom.VegaLocker also known as:

DrWeb	Trojan.Encoder.28645
MicroWorld-eScan	Trojan.GenericKD.41404348
FireEye	Generic.mg.824c20b4ba06bd9e
Qihoo-360	HEUR/QVM19.1.27DB.Malware.Gen
McAfee	RDN/Generic.fap
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 005511e81 )
BitDefender	Trojan.GenericKD.41404348
K7GW	Trojan ( 005511e81 )
CrowdStrike	win/malicious_confidence_100% (W)
TrendMicro	Trojan.Win32.WACATAC.USXVPFS19
BitDefenderTheta	Gen:NN.ZexaF.33558.ruW@aCtj8waG
Cyren	W32/Trojan.YLYU-0129
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Malware-gen
GData	Trojan.GenericKD.41404348
Kaspersky	Trojan-Ransom.Win32.Encoder.cya
Alibaba	Ransom:Win32/Encoder.4a4e8bc5
NANO-Antivirus	Trojan.Win32.Encoder.frygji
AegisLab	Trojan.Win32.Malicious.4!c
Rising	Trojan.Generic@ML.85 (RDMK:eF1I3uGNKdK4lA47GWVw9g)
Ad-Aware	Trojan.GenericKD.41404348
Emsisoft	Trojan.GenericKD.41404348 (B)
Comodo	Malware@#2ni2mokcmo0uh
F-Secure	Trojan.TR/AD.ZardRansom.uumrf
Zillya	Trojan.Encoder.Win32.941
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Pate.dm
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Krypt
Webroot	W32.Trojan.Emotet
Avira	TR/AD.ZardRansom.uumrf
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.D277C7BC
ZoneAlarm	Trojan-Ransom.Win32.Encoder.cya
Microsoft	Trojan:Win32/Occamy.C
AhnLab-V3	Malware/Win32.Generic.C3314923
VBA32	BScope.Trojan.Wacatac
ALYac	Trojan.Ransom.VegaLocker
Panda	Trj/CI.A
ESET-NOD32	a variant of Win32/Kryptik.GUHU
TrendMicro-HouseCall	Trojan.Win32.WACATAC.USXVPFS19
SentinelOne	DFI – Malicious PE
AVG	Win32:Malware-gen
Cybereason	malicious.673294
Paloalto	generic.ml
MaxSecure	Virus.Patched.OF

How to remove Trojan.Ransom.VegaLocker?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan.Ransom.VegaLocker removal tips