Ransom Trojan

Trojan-Ransom.Win32.Encoder.ron removal instruction

Malware Removal

The Trojan-Ransom.Win32.Encoder.ron is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Ransom.Win32.Encoder.ron virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Exhibits possible ransomware file modification behavior
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan-Ransom.Win32.Encoder.ron?


File Info:

name: EAAC1FCF5D48EC8DD877.mlw
path: /opt/CAPEv2/storage/binaries/8ebf069bcc5d5f24a0e7b30b8f9e8058073dab642bd83f5adf05a05aebc558b1
crc32: A44663A9
md5: eaac1fcf5d48ec8dd8776df873d122b1
sha1: 66fe0b97aee7b8ac161a168312c490eca4b76817
sha256: 8ebf069bcc5d5f24a0e7b30b8f9e8058073dab642bd83f5adf05a05aebc558b1
sha512: 7482337e089f5b2ec3914923bab00d325cb9bae46a5891c5486f0e5b261f81ed11d16c32d2350db85f25971caca12e718c56f1b2237fc39fc1d34f215ee2bae9
ssdeep: 1536:j7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfkxB6Og:/q6+ouCpk2mpcWJ0r+QNTBfkTK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C7937C45F3E241F7E9E10A3100A6712FA73A66249724E8DBC34C3D829953AD49A7C3F9
sha3_384: 210b43f0e056994c70edd67473ae166a50a371bf296f8a4049f671d8ebce3fabdd068baa333e4b48d205e132bf4f1b10
ep_bytes: 68ac00000068000000006810804100e8
timestamp: 2019-07-30 08:52:50

Version Info:

0: [No Data]

Trojan-Ransom.Win32.Encoder.ron also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Tiny.trFe
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Bat.1
McAfeeArtemis!EAAC1FCF5D48
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0055f5011 )
AlibabaTrojan:BAT/KillFiles.ff882a2c
K7GWTrojan ( 0055f5011 )
Cybereasonmalicious.7aee7b
VirITTrojan.Win32.Genus.IHW
CyrenW32/Trojan.VFBA-8001
ESET-NOD32BAT/KillFiles.NPF
APEXMalicious
AvastFileRepMalware [Misc]
KasperskyTrojan-Ransom.Win32.Encoder.ron
BitDefenderGen:Heur.Bat.1
Ad-AwareGen:Heur.Bat.1
TACHYONTrojan/W32.KillFiles.89600
SophosMal/Generic-S
ZillyaTool.Lazagne.Win32.102
McAfee-GW-EditionBehavesLike.Win32.Generic.mh
FireEyeGeneric.mg.eaac1fcf5d48ec8d
EmsisoftGen:Heur.Bat.1 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Heur.Bat.1
ArcabitTrojan.Bat.1
MicrosoftProgram:Win32/Wacapew.C!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4723677
ALYacGen:Heur.Bat.1
MAXmalware (ai score=85)
MalwarebytesMalware.AI.392946571
TrendMicro-HouseCallTROJ_GEN.R002H09FL22
RisingRansom.Encoder!8.FFD4 (CLOUD)
IkarusTrojan.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/PossibleThreat
AVGFileRepMalware [Misc]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Trojan-Ransom.Win32.Encoder.ron?

Trojan-Ransom.Win32.Encoder.ron removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment