Trojan-Ransom.Win32.GandCrypt.feh removal

The Trojan-Ransom.Win32.GandCrypt.feh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Ransom.Win32.GandCrypt.feh virus can do?

Executable code extraction
Creates RWX memory
Unconventionial language used in binary resources: Serbian (Cyrillic)
The binary likely contains encrypted or compressed data.
Attempts to repeatedly call a single API many times in order to delay analysis time
Network activity detected but not expressed in API logs
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Trojan-Ransom.Win32.GandCrypt.feh?


File Info:
crc32: 20E30629
md5: ad515436b79ab1b868782f3909630b77
name: AD515436B79AB1B868782F3909630B77.mlw
sha1: 31516af1a3a6a16be05ec70ee9b5738a514a37f3
sha256: 2e49776e0cbc8a8ba8e6740d4462616ef647e37df9cfae37734b97b6cb79af46
sha512: 2ea9c7bed022e1fe3cd0ca87db66699c6be9a2dade063f1b61e3a79fb7af67cd99904f4697f06765ebd65800c004e19b4d2b15e106373fd1ceea19daff1d0b3d
ssdeep: 3072:CfCBRUk24+Jy6EOYoRzl722Oo00wqCCR6e/47rYqOvV:NBR5bW5DkSR6P7rYqOv
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0809 0x04b0

Trojan-Ransom.Win32.GandCrypt.feh also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 0053cd131 )
Lionic	Trojan.Win32.GandCrypt.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.25976
Cynet	Malicious (score: 100)
CAT-QuickHeal	Ransom.GandCrab.S3886332
ALYac	Trojan.Ransom.GandCrab
Cylance	Unsafe
Zillya	Trojan.GandCrypt.Win32.799
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
Alibaba	Ransom:Win32/GandCrypt.7cb134eb
K7GW	Trojan ( 0053cd131 )
Cybereason	malicious.6b79ab
Cyren	W32/Kryptik.KN.gen!Eldorado
Symantec	Packed.Generic.525
ESET-NOD32	a variant of Win32/Kryptik.GKXZ
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
ClamAV	Win.Packed.Midie-7060941-0
Kaspersky	Trojan-Ransom.Win32.GandCrypt.feh
BitDefender	Trojan.Ransomware.GenericKDS.31225990
NANO-Antivirus	Trojan.Win32.GandCrypt.fichcy
ViRobot	Trojan.Win32.R.Agent.169984.AB
MicroWorld-eScan	Trojan.Ransomware.GenericKDS.31225990
Tencent	Win32.Trojan.Gandcrypt.Lohl
Ad-Aware	Trojan.Ransomware.GenericKDS.31225990
Sophos	Mal/Generic-S
Comodo	TrojWare.Win32.TrojanSpy.Ursnif.EM@7vyz23
BitDefenderTheta	Gen:NN.ZexaF.34170.kuW@a0x88BoG
TrendMicro	TrojanSpy.Win32.GUILDMA.SMAL
McAfee-GW-Edition	BehavesLike.Win32.Generic.cc
FireEye	Generic.mg.ad515436b79ab1b8
Emsisoft	Trojan.Ransomware.GenericKDS.31225990 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.GandCrypt.ne
Avira	HEUR/AGEN.1106537
Antiy-AVL	Trojan/Generic.ASMalwS.2817BA5
Microsoft	VirTool:Win32/CeeInject.UQ!bit
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Win32.Trojan-Ransom.GandCrab.U
TACHYON	Ransom/W32.GandCrab.169984
AhnLab-V3	Win-Trojan/MalPe36.Suspicious.X2037
Acronis	suspicious
McAfee	Trojan-FQPW!AD515436B79A
MAX	malware (ai score=100)
VBA32	BScope.Trojan.Encoder
Malwarebytes	Trojan.MalPack
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TrojanSpy.Win32.GUILDMA.SMAL
Rising	Trojan.Kryptik!1.B423 (CLASSIC)
Yandex	Trojan.GenAsa!/RLvJTIaHbY
Ikarus	Trojan.Win32.Krypt
Fortinet	W32/Kryptik.GMSM!tr
AVG	Win32:PWSX-gen [Trj]
Paloalto	generic.ml

How to remove Trojan-Ransom.Win32.GandCrypt.feh?

Trojan-Ransom.Win32.GandCrypt.feh removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan-Ransom.Win32.GandCrypt.feh removal