Ransom Trojan

About “Trojan-Ransom.Win32.Foreign.nrvw” infection

Malware Removal

The Trojan-Ransom.Win32.Foreign.nrvw is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.Foreign.nrvw virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Trojan-Ransom.Win32.Foreign.nrvw?



File Info:

crc32: 2E7C09A2
md5: 89c7d9d73c44db55a0aba07c36e4c7f0
name: 89C7D9D73C44DB55A0ABA07C36E4C7F0.mlw
sha1: fa2531c3cf08440c88497680b83b97c5b63d0aad
sha256: f614d063f90588858755eb06998dc364ee10ac742b4b113ad9c5e2c132b0cba5
sha512: 1dce4d871c4339f5347895ef5a59ae0a4ebde489cb8acd8dbf9a911042d0fc9a97b28464a86d68af0311335d90cb5ab17b8ac019787e43bfee7245eb86b8c104
ssdeep: 6144:0h9EkybFTLAiRhj9bHOJAvISTQ87ivf12fbo:0hSTLBzZHOmJ88M9Qk
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: The Qt Company Ltd (c) 2015 Company 
InternalName: ApprenticeEliminate
CompanyName: The Qt Company Ltd
FileDescription: Shve Wizards Exchweb
LegalTrademarks: The Qt Company Ltd (c) 2015 Company 
Comments: Shve Wizards Exchweb
ProductName: ApprenticeEliminate
ProductVersion: 3.2.5.8
PrivateBuild: 3.2.5.8
OriginalFilename: ApprenticeEliminate.exe
Translation: 0x0409 0x04b0

Trojan-Ransom.Win32.Foreign.nrvw also known as:

K7AntiVirusTrojan ( 0051fab81 )
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
ZillyaTrojan.Foreign.Win32.57053
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_60% (D)
K7GWTrojan ( 0051fab81 )
ESET-NOD32a variant of Win32/Kryptik.FZQI
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Foreign.nrvw
NANO-AntivirusTrojan.Win32.Kryptik.evimwk
TencentWin32.Trojan.Raas.Auto
SophosML/PE-A
BitDefenderThetaGen:NN.ZexaCO.34170.qq0@aOPpSmki
VIPRETrojan.Win32.Generic!BT
FireEyeGeneric.mg.89c7d9d73c44db55
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1117343
MicrosoftRansom:Win32/Genasom
TACHYONRansom/W32.Foreign.270336
AhnLab-V3Trojan/Win32.Foreign.C2275156
McAfeeArtemis!89C7D9D73C44
MAXmalware (ai score=95)
VBA32Trojan-Ransom.Foreign
IkarusTrojan-Ransom.GandCrab
FortinetW32/Foreign.NRVW!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Trojan-Ransom.Win32.Foreign.nrvw?

Trojan-Ransom.Win32.Foreign.nrvw removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment