Ransom • Trojan

Trojan-Ransom.Win32.Foreign.nmac removal guide

The Trojan-Ransom.Win32.Foreign.nmac is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan-Ransom.Win32.Foreign.nmac virus can do?

The binary likely contains encrypted or compressed data.
Attempts to repeatedly call a single API many times in order to delay analysis time
Network activity detected but not expressed in API logs

How to determine Trojan-Ransom.Win32.Foreign.nmac?


File Info:
crc32: D60D44C8
md5: b3a76e0d0ae41ec0b6effb4795337709
name: B3A76E0D0AE41EC0B6EFFB4795337709.mlw
sha1: e6e4b60ea7ce1d9fe441e2b918a80bcd341d2aba
sha256: 046a99542fc91a59c0a253ad58bafc40d0533ae4cf1718c599e3c49e83758c06
sha512: 659c9ae07f768e0d27f070f5549664b25cfbde2f826eb8771b4329576e07c5678b2be1aa72770d340c4cabde6c2d66d297fe617dbdeca2908e1db3e7f5a1d0b6
ssdeep: 12288:/kYf6GryqPTQGmqtTOOHdSgo+Cy2IFnuC:smb7QQhO2dK+J2f
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: All rights reserved. iMobie Inc.
InternalName: Ad
FileVersion: 5.2.2.504
CompanyName: iMobie Inc.
PrivateBuild: 5.2.2.504
LegalTrademarks: All rights reserved. iMobie Inc.
Comments: Pcs Russell Meetings
ProductName: Ad
ProductVersion: 5.2.2.504
FileDescription: Pcs Russell Meetings
OriginalFilename: Ad.exe
Translation: 0x0409 0x04b0

Trojan-Ransom.Win32.Foreign.nmac also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Spyware ( 00505e681 )
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
ALYac	Trojan.GenericKD.44420397
Cylance	Unsafe
Zillya	Trojan.Ursnif.Win32.850
Sangfor	Virus.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Spyware ( 00505e681 )
Cybereason	malicious.d0ae41
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Spy.Ursnif.AO
APEX	Malicious
Avast	FileRepMalware
Kaspersky	Trojan-Ransom.Win32.Foreign.nmac
BitDefender	Trojan.GenericKD.44420397
NANO-Antivirus	Trojan.Win32.Ursnif.enliwi
MicroWorld-eScan	Trojan.GenericKD.44420397
Tencent	Win32.Trojan.Foreign.Pfjb
Ad-Aware	Trojan.GenericKD.44420397
Sophos	ML/PE-A + Troj/Gozi-GM
Comodo	Malware@#13qwnwsfw73th
BitDefenderTheta	Gen:NN.ZexaF.34170.Fu0@aKii59fi
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Possible_HPGen-38
McAfee-GW-Edition	BehavesLike.Win32.Dropper.gc
FireEye	Generic.mg.b3a76e0d0ae41ec0
Emsisoft	Trojan.GenericKD.44420397 (B)
SentinelOne	Static AI – Malicious PE
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1138861
eGambit	Unsafe.AI_Score_98%
Antiy-AVL	Trojan/Generic.ASMalwS.1F47226
Microsoft	Trojan:Win32/Skeeyah.A!rfn
GData	Trojan.GenericKD.44420397
TACHYON	Ransom/W32.Foreign.508416.B
McAfee	Artemis!B3A76E0D0AE4
MAX	malware (ai score=100)
VBA32	BScope.Trojan.Dimnie
Panda	Trj/CI.A
TrendMicro-HouseCall	Possible_HPGen-38
Rising	Trojan.Generic@ML.99 (RDML:9eIjWUy5slfkDISKB6m2hA)
Yandex	Trojan.Foreign!jFKQizDUYq8
Ikarus	Trojan-Ransom.GandCrab
Fortinet	W32/Foreign.AO!tr
AVG	FileRepMalware
Paloalto	generic.ml

How to remove Trojan-Ransom.Win32.Foreign.nmac?

Trojan-Ransom.Win32.Foreign.nmac removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X