Categories: RansomTrojan

Trojan-Ransom.Win32.Blocker.ibsr removal tips

The Trojan-Ransom.Win32.Blocker.ibsr is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Ransom.Win32.Blocker.ibsr virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
Unconventionial language used in binary resources: Tatar
Uses Windows utilities for basic functionality
Detects Avast Antivirus through the presence of a library
Detects Sandboxie through the presence of a library
Executed a process and injected code into it, probably while unpacking
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Network activity detected but not expressed in API logs
Creates a slightly modified copy of itself
Anomalous binary characteristics

How to determine Trojan-Ransom.Win32.Blocker.ibsr?


File Info:
crc32: D6896A21md5: 2a43ce7c6be11a771de52661fed882bbname: 2A43CE7C6BE11A771DE52661FED882BB.mlwsha1: d203a7ffc22917c3ce5bbc5dd7f0a437b8a359afsha256: d751c09ec7ca2af67ee1e8312a01b7f9c7733d5aa2f68ef12d68c5b1a5edef20sha512: fdc4b636be3ff1c9c5d01249d9739070455500736360beef9caff835e57e267e3c35de96053364aa7c67604b5301438640062e41b8e90570f2534950b363e2cfssdeep: 24576:zra8UjUY82v5HNV4NA3asjCAYvUtfpNmD:zra8UjUY82v5HNV4NA3akCAYvUtfpNmtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
Translation: 0x0409 0x04b0LegalCopyright: valiseri xe9choues 2010InternalName: affecte contreboFileVersion: 8.05.0005CompanyName: gouverner pxe9chonsLegalTrademarks: gentera decimeraProductName: indxe9pendants flxe9trieProductVersion: 8.05.0005FileDescription: xe9tendions racolages renchxe9risseOriginalFilename: affecte contrebo.exe

Trojan-Ransom.Win32.Blocker.ibsr also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 003d92281 )
Elastic	malicious (high confidence)
DrWeb	BackDoor.Tordev.8
Cynet	Malicious (score: 100)
ALYac	Gen:Heur.PonyStealer.MLT.1
Cylance	Unsafe
Zillya	Trojan.Injector.Win32.140049
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Ransom:Win32/Blocker.0e228b8b
K7GW	Trojan ( 003d92281 )
Cybereason	malicious.c6be11
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.VZA
APEX	Malicious
Avast	Win32:Trojan-gen
ClamAV	Win.Packed.Nlsx-6883103-0
Kaspersky	Trojan-Ransom.Win32.Blocker.ibsr
BitDefender	Gen:Heur.PonyStealer.MLT.1
NANO-Antivirus	Trojan.Win32.Blocker.fqtoea
ViRobot	Trojan.Win32.A.VBKrypt.1257472.M
MicroWorld-eScan	Gen:Heur.PonyStealer.MLT.1
Tencent	Malware.Win32.Gencirc.10cdaf61
Ad-Aware	Gen:Heur.PonyStealer.MLT.1
Sophos	Mal/Generic-S
Comodo	Malware@#1nfdhjhifjw22
BitDefenderTheta	Gen:NN.ZevbaF.34142.mn0@a8krh!aG
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Generic.tt
FireEye	Generic.mg.2a43ce7c6be11a77
Emsisoft	Gen:Heur.PonyStealer.MLT.1 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Blocker.nrt
Avira	TR/Dropper.VB.Gen8
Antiy-AVL	Trojan/Generic.ASMalwS.C9706
Microsoft	Trojan:Win32/Occamy.C
GData	Gen:Heur.PonyStealer.MLT.1
Acronis	suspicious
McAfee	GenericRXAA-AA!2A43CE7C6BE1
MAX	malware (ai score=94)
VBA32	Trojan.VBKrypt
Panda	Generic Malware
Yandex	Trojan.GenAsa!nKErMfSVR5U
Ikarus	Trojan.Win32.Injector
MaxSecure	Trojan.Malware.4510684.susgen
Fortinet	W32/VB.QMS!tr
AVG	Win32:Trojan-gen
Paloalto	generic.ml