Ransom Trojan

Trojan-Ransom.Win32.Foreign.nzjx removal instruction

Malware Removal

The Trojan-Ransom.Win32.Foreign.nzjx is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.Foreign.nzjx virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Anomalous binary characteristics

How to determine Trojan-Ransom.Win32.Foreign.nzjx?



File Info:

crc32: 2CBEEA38
md5: 7c155adb87f5b68925bd0e956c568318
name: 7C155ADB87F5B68925BD0E956C568318.mlw
sha1: 404b9ab60cc7995cee5cbee9d6cc9c691a476cf3
sha256: ba0a3e439a96f7e43a04196dc124caa504dd078faa665a34bef799d7824efe11
sha512: 2d12ac25cf9e0ff721d4550e48a3d1849321f5f518525a005f54022d2e4290eaab4a353a1ec8d29030d4fe181f57b253083a4cc1f477e0d898aff7a06538ef76
ssdeep: 12288:zy25ITeIttpwjdms44UEEoApkxB9lH1JB5s4YqmDT9:zbjEtpwjdm94UEEZuB975xADT9
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Assembly Version: 6.2.3.792
LegalCopyright: Copyright xa9Photodex Corporation 1995-Present 
InternalName: Tplgytab Downloader
FileVersion: 6.2.3.792
CompanyName: Photodex Corporation
PrivateBuild: 6.2.3.792
LegalTrademarks: Copyright xa9Photodex Corporation 1995-Present 
Comments: Isdiscriminator Incase
ProductName: Tplgytab Downloader
Languages: English
ProductVersion: 6.2.3.792
FileDescription: Isdiscriminator Incase
OriginalFilename: Tplgytab Downloader.exe
Translation: 0x0409 0x04b0

Trojan-Ransom.Win32.Foreign.nzjx also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 99)
ALYacGen:Variant.Ransom.Shade.27
CylanceUnsafe
ZillyaTrojan.Foreign.Win32.57699
SangforTrojan.Win32.Agent.nil
CrowdStrikewin/malicious_confidence_80% (D)
Cybereasonmalicious.b87f5b
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.EJOL
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Foreign.nzjx
BitDefenderGen:Variant.Ransom.Shade.27
NANO-AntivirusTrojan.Win32.GenKryptik.ezizvm
MicroWorld-eScanGen:Variant.Ransom.Shade.27
TencentWin32.Trojan.Foreign.Ahon
Ad-AwareGen:Variant.Ransom.Shade.27
SophosMal/Generic-S
ComodoMalware@#1tsialcun9n19
BitDefenderThetaGen:NN.ZexaF.34796.Rq0@aW5zPMci
VIPRETrojan.Win32.Generic!BT
TrendMicroTSPY_HPURSNIF.SMZD2
McAfee-GW-EditionBehavesLike.Win32.Ransomware.jc
FireEyeGeneric.mg.7c155adb87f5b689
EmsisoftGen:Variant.Ransom.Shade.27 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1130350
MicrosoftTrojan:Win32/Tiggre!rfn
GDataGen:Variant.Ransom.Shade.27
Acronissuspicious
McAfeeGeneric.drc
MAXmalware (ai score=85)
VBA32TrojanRansom.Foreign
MalwarebytesMalware.AI.1849628423
PandaTrj/CI.A
TrendMicro-HouseCallTSPY_HPURSNIF.SMZD2
RisingTrojan.Generic@ML.82 (RDML:Crm2ZMOr3U4ZVjmVotbmGQ)
IkarusTrojan-Ransom.GandCrab
FortinetW32/GenKryptik.BVEX!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Foreign.HgIASOYA

How to remove Trojan-Ransom.Win32.Foreign.nzjx?

Trojan-Ransom.Win32.Foreign.nzjx removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment