About “Trojan-Ransom.Win32.Blocker.ivhl” infection

Malware Removal

The Trojan-Ransom.Win32.Blocker.ivhl is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Review

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Ransom.Win32.Blocker.ivhl virus can do?

  • Creates RWX memory
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Unconventionial language used in binary resources: Russian
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Trojan-Ransom.Win32.Blocker.ivhl?


File Info:

crc32: 38D1DA98
md5: 13d061cc939ade6924a49038ae3b48bb
name: invite.exe
sha1: 2cc89e1b7453c6686d9550781ad8a3f30df92c4f
sha256: 8c17967810e828f650e47a34e265af0dda3cd0f756ff7746f2aa2ba4e09faa81
sha512: 8b5dfe9f2584f8c2141ed9c6301ea3919d0f97eb38d77cb594df2457046114da0468e564bfc6a554abaa3aeccf7d07bfdc7cfd012b5f03d820a84d4bc21fbc0e
ssdeep: 6144:cLy84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXVxP:I+u9nx2GjMY3XKfd/H/9PHP
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Trojan-Ransom.Win32.Blocker.ivhl also known as:

BkavW32.BitwanX.Trojan
MicroWorld-eScanTrojan.Generic.5848174
nProtectTrojan/W32.Agent.407040.CO
CMCTrojan-Ransom.Win32.Fullscreen!O
CAT-QuickHealRansom.Weenloc.A8
McAfeeTrojan-FAZX!13D061CC939A
MalwarebytesTrojan.Winlock
ZillyaTrojan.Fullscreen.Win32.35
TheHackerTrojan/Fullscreen.jo
K7GWTrojan ( 0039911e1 )
K7AntiVirusTrojan ( 0039911e1 )
TrendMicroRansom_WINLOCK.SM
BaiduWin32.Trojan.LockScreen.b
F-ProtW32/Trojan2.OAEZ
SymantecTrojan.Ransomlock
TotalDefenseWin32/Ransom.PC
TrendMicro-HouseCallRansom_WINLOCK.SM
AvastWin32:LockScreen-AHV [Trj]
ClamAVWin.Trojan.Fullscreen-41
KasperskyTrojan-Ransom.Win32.Blocker.ivhl
BitDefenderTrojan.Generic.5848174
NANO-AntivirusTrojan.Win32.Fullscreen.crnep
ViRobotTrojan.Win32.A.ChameleonUnlicence.383298[h]
AegisLabTroj.Ransom.W32.PornoAsset.cioy!c
RisingTrojan.Generic-6lppZ5G10kR (cloud)
Ad-AwareTrojan.Generic.5848174
SophosMal/Ransom-AI
ComodoTrojWare.Win32.Ransom.Fullscreen.fgt
F-SecureTrojan.Generic.5848174
DrWebTrojan.Winlock.3333
VIPREWin32.Malware!Drop
Invincearansom.win32.weenloc.a
McAfee-GW-EditionBehavesLike.Win32.Dropper.fh
EmsisoftTrojan.Generic.5848174 (B)
CyrenW32/Trojan.GDVD-7096
JiangminTrojan/Fullscreen.ak
AviraTR/ATRAPS.Gen
FortinetW32/LockScreen.AGU!tr
Antiy-AVLTrojan[Ransom]/Win32.PornoAsset.cioy
ArcabitTrojan.Generic.D593C6E
SUPERAntiSpywareTrojan.Agent/Gen-Ransom
MicrosoftRansom:Win32/Weenloc.A
AhnLab-V3Trojan/Win32.Atraps.C44235
ALYacTrojan.Generic.5848174
AVwareWin32.Malware!Drop
VBA32Hoax.PornoAsset
ESET-NOD32Win32/LockScreen.AGU
TencentWin32.Trojan.Pornoasset.Dzae
YandexTrojan.Birele!7lgBxo1Ed38
IkarusTrojan-Ransom.Win32.Birele
GDataTrojan.Generic.5848174
AVGGeneric36.IRL
PandaGeneric Malware
CrowdStrikemalicious_confidence_97% (W)
Qihoo-360Malware.Radar01.Gen

How to remove Trojan-Ransom.Win32.Blocker.ivhl?

Trojan-Ransom.Win32.Blocker.ivhl removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment