Ransom Trojan

Trojan-Ransom.Win32.Foreign.nmui removal guide

Malware Removal

The Trojan-Ransom.Win32.Foreign.nmui is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.Foreign.nmui virus can do?

  • Executable code extraction
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Anomalous binary characteristics

How to determine Trojan-Ransom.Win32.Foreign.nmui?



File Info:

crc32: 37222005
md5: d3f270ab691b847425d482f2d4a8af1d
name: D3F270AB691B847425D482F2D4A8AF1D.mlw
sha1: 566721913cbd0de6b56c112c7291f859677e5555
sha256: e02ec39e8ae6614c21b20517679bd6a4e024f4d5f27354a9c24d5fcc22ce21f5
sha512: 4350039bd28d2a93be501b1b1ddf4932ae22b010492091a5c326fdb1f95d1e51ab5f03544c2d4a815ce804480a299a943ad82ffcda8a616a32fcc9c53fb9148d
ssdeep: 12288:gQgdEtXgEoyh4Rs1lDZf1q/Z5AsY/lG8yvB:6dE1zodelFfIR51l5
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9mbcrump 1995-Present 
InternalName: Atari Cable
FileVersion: 6.2.45.2
CompanyName: mbcrump
Comments: Webpartstorageattribute Optomechanical Prevail Modification Action Tardis
ProductName: Atari Cable
Languages: English
ProductVersion: 6.2.45.2
FileDescription: Webpartstorageattribute Optomechanical Prevail Modification Action Tardis
Translation: 0x0409 0x04b0

Trojan-Ransom.Win32.Foreign.nmui also known as:

BkavW32.AIDetect.malware1
K7AntiVirusSpyware ( 00505e681 )
DrWebTrojan.Gozi.20
CynetMalicious (score: 100)
ALYacTrojan.BrsecmonE.1
CylanceUnsafe
ZillyaTrojan.Ursnif.Win32.11522
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Foreign.b4cad34f
K7GWSpyware ( 00505e681 )
Cybereasonmalicious.b691b8
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Spy.Ursnif.AO
APEXMalicious
AvastWin32:Trojan-gen
KasperskyTrojan-Ransom.Win32.Foreign.nmui
BitDefenderTrojan.BrsecmonE.1
NANO-AntivirusTrojan.Win32.Ursnif.epftyf
MicroWorld-eScanTrojan.BrsecmonE.1
TencentWin32.Trojan.Foreign.Wtdi
Ad-AwareTrojan.BrsecmonE.1
SophosMal/Generic-S
ComodoMalware@#cx0ylyfaufmo
BitDefenderThetaGen:NN.ZexaF.34722.Eq0@a0BYmDhi
VIPRETrojan.Win32.Generic!BT
TrendMicroTSPY_HPURSNIF.SMZD2
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.gc
FireEyeGeneric.mg.d3f270ab691b8474
EmsisoftTrojan.BrsecmonE.1 (B)
SentinelOneStatic AI – Suspicious PE
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1111829
Antiy-AVLTrojan/Generic.ASMalwS.2041C8F
MicrosoftTrojan:Win32/Tiggre!rfn
AegisLabTrojan.Win32.Generic.4!c
GDataTrojan.BrsecmonE.1
AhnLab-V3Win-Trojan/Sagecrypt.Gen
Acronissuspicious
McAfeeArtemis!D3F270AB691B
MAXmalware (ai score=84)
VBA32BScope.TrojanRansom.Foreign
PandaTrj/CI.A
TrendMicro-HouseCallTSPY_HPURSNIF.SMZD2
RisingTrojan.Generic@ML.100 (RDML:mI3U3ecJNLYEQx/L6qMevw)
IkarusTrojan-Ransom.Foreign
FortinetW32/Kryptik.HDDU!tr
AVGWin32:Trojan-gen
Paloaltogeneric.ml

How to remove Trojan-Ransom.Win32.Foreign.nmui?

Trojan-Ransom.Win32.Foreign.nmui removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment