Ransom Trojan

Trojan-Ransom.Win32.GandCrypt.erw removal instruction

Malware Removal

The Trojan-Ransom.Win32.GandCrypt.erw is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Ransom.Win32.GandCrypt.erw virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (7 unique times)
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings

Related domains:

z.whorecord.xyz
a.tomx.xyz
www.billerimpex.com
billerimpex.com
www.macartegrise.eu
www.poketeg.com
perovaphoto.ru
asl-company.ru
www.fabbfoundation.gm
www.perfectfunnelblueprint.com
www.wash-wear.com
pp-panda74.ru
cevent.net
bellytobabyphotographyseattle.com
alem.be
apps.identrust.com
crl.identrust.com
x1.c.lencr.org
boatshowradio.com
dna-cp.com
acbt.fr
r3.o.lencr.org
wpakademi.com
www.cakav.hu
www.mimid.cz
6chen.cn
goodapd.website
oceanlinen.com
tommarmores.com.br
nesten.dk
zaeba.co.uk
www.n2plus.co.th
koloritplus.ru
h5s.vn
marketisleri.com
www.toflyaviacao.com.br
www.rment.in
www.lagouttedelixir.com
www.krishnagrp.com
big-game-fishing-croatia.hr
ocsp.digicert.com
mauricionacif.com
www.ismcrossconnect.com
aurumwedding.ru
test.theveeview.com
relectrica.com.mx

How to determine Trojan-Ransom.Win32.GandCrypt.erw?


File Info:

crc32: 27F113A2
md5: 980e9d820d70b12676717ec6cc1090eb
name: 980E9D820D70B12676717EC6CC1090EB.mlw
sha1: 3b0da193f64b797f32a8142a9c32ab6f4df14bdb
sha256: d21c74d73792bcc544750fe0a70685926322e4da2682c2781ecc57de6e15c4ec
sha512: ecbb4721918ec95ea7990679346315f7dcf20dc72f80d6e9a9b5b8ca2b484194e4276d4524257c4f893adacb510db90f31c6c539507586853c29e2f58638fe07
ssdeep: 3072:o89lh5lWQGRiP+KEbWRcyS40sxOWkHSNBa/PoDqKRDC9FMFA6:HnG+kA0Ay6OgDqKBC9F2A6
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

InternalName: tgabhryj.exe
FileVersion: 4.5.7

Trojan-Ransom.Win32.GandCrypt.erw also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0053c2831 )
LionicTrojan.Win32.GandCrypt.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.25976
ALYacTrojan.BRMon.Gen.4
MalwarebytesTrojan.MalPack
ZillyaTrojan.GandCrypt.Win32.652
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderTrojan.BRMon.Gen.4
K7GWTrojan ( 0053c2831 )
Cybereasonmalicious.20d70b
CyrenW32/Kryptik.ID.gen!Eldorado
SymantecPacked.Generic.525
ESET-NOD32a variant of Win32/Kryptik.GKPT
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan-Ransom.Win32.GandCrypt.erw
AlibabaRansom:Win32/GandCrypt.92ff2eae
NANO-AntivirusTrojan.Win32.GandCrypt.fhngbg
ViRobotTrojan.Win32.R.Agent.228352.AC
MicroWorld-eScanTrojan.BRMon.Gen.4
TencentWin32.Trojan.Gandcrypt.Hrow
Ad-AwareTrojan.BRMon.Gen.4
SophosMal/Generic-R + Mal/GandCrab-B
ComodoMalware@#103kt6r20li33
BitDefenderThetaGen:NN.ZexaF.34142.nu0@am9gJCcG
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
FireEyeGeneric.mg.980e9d820d70b126
EmsisoftTrojan.BRMon.Gen.4 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.GandCrypt.lz
AviraHEUR/AGEN.1106537
Antiy-AVLTrojan/Generic.ASMalwS.2803D26
MicrosoftVirTool:Win32/CeeInject.AAG!bit
ArcabitTrojan.BRMon.Gen.4
ZoneAlarmTrojan-Ransom.Win32.GandCrypt.erw
GDataWin32.Trojan-Ransom.GandCrab.U
AhnLab-V3Win-Trojan/MalPe34.Suspicious.X2029
Acronissuspicious
VBA32BScope.Trojan.Fuerboos
MAXmalware (ai score=100)
RisingTrojan.Generic@ML.100 (RDML:78SqL2hLmIqzdtKV1PypAA)
YandexTrojan.GenAsa!+9WQtD1UcSg
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GenKryptik.CNAR!tr
PandaTrj/GdSda.A

How to remove Trojan-Ransom.Win32.GandCrypt.erw?

Trojan-Ransom.Win32.GandCrypt.erw removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment