Ransom • Trojan

About “Trojan-Ransom.Win32.Blocker.gnve” infection

The Trojan-Ransom.Win32.Blocker.gnve is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan-Ransom.Win32.Blocker.gnve virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Trojan-Ransom.Win32.Blocker.gnve?


File Info:
name: F032B115DF457AB53928.mlw
path: /opt/CAPEv2/storage/binaries/3ca2b5eddcea66f52c9c7303dbc43c1b589999969940ba7c17dfb96a0d65a5bc
crc32: 08D1279F
md5: f032b115df457ab5392868e9baabe1e4
sha1: 8d0c174b774d21ca76758fd90eb51f4e327ecb39
sha256: 3ca2b5eddcea66f52c9c7303dbc43c1b589999969940ba7c17dfb96a0d65a5bc
sha512: 90326d0234caa937da67acd877dca5984b3d2bafa860f8580b5fae61f0e418fb0dc4758beea585340cf248acd7b6eae0f105039a941e7e1866956e11748702ad
ssdeep: 192:n1c2hLi+wf1prymZT5+X4Q0P+NZoJJREqqP/LN:1cGLi+wf1AYYX4PP+NeV
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1D4324B9B9F5D0221F76108B87B7712590A3EBCD3339572E7EFB278401B25692C4918E7
sha3_384: e50a0a276963ec4df7603907e5044109662dd0e1b7e889263dc190699fe66046630cd9aa578c5cdab8a43c9d33bb8d34
ep_bytes: e880040000e99ffdffff5589e589ff81
timestamp: 2012-10-29 15:49:48

Version Info:
0: [No Data]

Trojan-Ransom.Win32.Blocker.gnve also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.451781
FireEye	Gen:Variant.Zusy.451781
CAT-QuickHeal	Trojan.GenericRI.S30115043
Malwarebytes	Malware.AI.3654172958
BitDefenderTheta	Gen:NN.ZexaF.36164.ayW@aS8Jlwii
Cyren	W32/Blocker.L.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Small.NYG
Kaspersky	Trojan-Ransom.Win32.Blocker.gnve
BitDefender	Gen:Variant.Zusy.451781
NANO-Antivirus	Trojan.Win32.Blocker.favveo
Avast	Win32:RansomX-gen [Ransom]
Tencent	Trojan-Ransom.Win32.Blocker.ko
TACHYON	Ransom/W32.Blocker.11264
DrWeb	Trojan.MulDrop21.58295
VIPRE	Gen:Variant.Zusy.451781
Emsisoft	Gen:Variant.Zusy.451781 (B)
Ikarus	Trojan.Win32.Small
GData	Gen:Variant.Zusy.451781
Jiangmin	Trojan.Blocker.uxa
Google	Detected
Arcabit	Trojan.Zusy.D6E4C5
ZoneAlarm	Trojan-Ransom.Win32.Blocker.gnve
Microsoft	Trojan:Win32/Wacatac.B!ml
AhnLab-V3	Trojan/Win.Blocker.R560620
MAX	malware (ai score=84)
Panda	Trj/Genetic.gen
Rising	Ransom.Blocker!8.12A (TFE:5:oSUc7RfbUHO)
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Wacatac.B!tr
AVG	Win32:RansomX-gen [Ransom]
DeepInstinct	MALICIOUS

How to remove Trojan-Ransom.Win32.Blocker.gnve?

Trojan-Ransom.Win32.Blocker.gnve removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X