Ransom Trojan

Trojan-Ransom.Win32.Crypren removal tips

Malware Removal

The Trojan-Ransom.Win32.Crypren is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan-Ransom.Win32.Crypren virus can do?

  • A file was accessed within the Public folder.
  • Authenticode signature is invalid
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan-Ransom.Win32.Crypren?


File Info:

name: 4017893E94A267FAC17F.mlw
path: /opt/CAPEv2/storage/binaries/a899a843a7031573549b99fdf85c508a7a2c91b37e13fa15b1fc72b5dd699148
crc32: 13F5C2D2
md5: 4017893e94a267fac17fdd592aa1f614
sha1: d5e2a40c350a0b3c21aef1d53dddba3c1a6f76ac
sha256: a899a843a7031573549b99fdf85c508a7a2c91b37e13fa15b1fc72b5dd699148
sha512: 8248ce4a2b5aa3ea5949395074a3117b7e9528acc2afbacf2cf080540b115ab8a99081516eaaf4d4939942f964c976aac961454de0d415eb6b597cf7b33aa549
ssdeep: 1536:yJ2lz7KsWcmK1MgfL2oWxz9knTpiU76hUtu5:M2lzVYK1MYL+z5U76hUtu5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DF639F1134A2C0B3C45A41B54458CB9AA73BBD126FBDC843BBD8074F6E762D1AB3B355
sha3_384: fd0c3e31c735266c8e527af12abf8ee4259c5ab26882087d6d0ad35d7959b67e575e3c2590a53f7504f3eda344e5b767
ep_bytes: e8c6220000e916feffffcccccccccccc
timestamp: 2011-12-08 12:29:07

Version Info:

0: [No Data]

Trojan-Ransom.Win32.Crypren also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Crypren.4!c
MicroWorld-eScanTrojan.GenericKD.69127449
McAfeeArtemis!4017893E94A2
ZillyaTrojan.Crypren.Win32.1311
SangforTrojan.Win32.Agent.Va7s
APEXMalicious
KasperskyHEUR:Trojan-Ransom.Win32.Crypren.gen
BitDefenderTrojan.GenericKD.69127449
AvastWin32:RansomX-gen [Ransom]
VIPRETrojan.GenericKD.69127449
McAfee-GW-EditionBehavesLike.Win32.BadFile.kh
FireEyeTrojan.GenericKD.69127449
EmsisoftTrojan.GenericKD.69127449 (B)
GDataTrojan.GenericKD.69127449
ArcabitTrojan.Generic.D41ECD19
ZoneAlarmHEUR:Trojan-Ransom.Win32.Crypren.gen
AhnLab-V3Malware/Gen.Generic.C4323889
ALYacTrojan.GenericKD.69127449
MAXmalware (ai score=80)
Cylanceunsafe
PandaTrj/RansomGen.A
RisingRansom.Crypren!8.1D6C (CLOUD)
AVGWin32:RansomX-gen [Ransom]
DeepInstinctMALICIOUS

How to remove Trojan-Ransom.Win32.Crypren?

Trojan-Ransom.Win32.Crypren removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment