Trojan-Ransom.Win32.GandCrypt.gpz removal guide

The Trojan-Ransom.Win32.GandCrypt.gpz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Ransom.Win32.GandCrypt.gpz virus can do?

Executable code extraction
Presents an Authenticode digital signature
Creates RWX memory
The binary likely contains encrypted or compressed data.
Attempts to repeatedly call a single API many times in order to delay analysis time
Network activity detected but not expressed in API logs
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Trojan-Ransom.Win32.GandCrypt.gpz?


File Info:
crc32: F8B9A5BC
md5: 25671f53f3f54b1e795aeb02f1686629
name: 25671F53F3F54B1E795AEB02F1686629.mlw
sha1: 15609842d77ef006674ab8ad8be01c2416740054
sha256: 60faeb48896c332eb549833ddd1dbf45096321e14e48ccaee6ce8aa135b82d02
sha512: 1c5c15da57aa31ca4e7a67296e631c521ea95e85c7398a08ff5a0ea080c059f7fe0433e57e37980fa9f1b7b13e4f022a4da36cab179deb8bb5b77fbbc8c1b2c8
ssdeep: 12288:h/++pwmxtkA9OjR7tV8TbKnwH77pDp/p4:A+pwmnkA9OjR7tVIbKnwu
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0409 0x04b0
InternalName: flatwise
FileVersion: 76.27.0002
Comments: practice took CENTS BALL LAKE WELCOME
ProductName: PICK'exactly'tone'DANCE'wife'finland<
ProductVersion: 76.27.0002
FileDescription: middle`miss`PURE`string`PLEASANT`GAVE<
OriginalFilename: flatwise.exe

Trojan-Ransom.Win32.GandCrypt.gpz also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 00543dea1 )
Lionic	Trojan.Win32.GandCrypt.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
ALYac	Gen:Heur.PonyStealer.Jm1@dmK!Icei
Cylance	Unsafe
Zillya	Adware.GandCrypt.Win32.20
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Ransom:Win32/GandCrypt.ca01d4e2
K7GW	Trojan ( 00543dea1 )
Cybereason	malicious.3f3f54
Cyren	W32/VBKrypt.HM.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/Injector.EBSO
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Ransomware.Noon-7344212-0
Kaspersky	Trojan-Ransom.Win32.GandCrypt.gpz
BitDefender	Gen:Heur.PonyStealer.Jm1@dmK!Icei
NANO-Antivirus	Trojan.Win32.GandCrypt.fkkrkb
MicroWorld-eScan	Gen:Heur.PonyStealer.Jm1@dmK!Icei
Tencent	Win32.Trojan.Raas.Auto
Ad-Aware	Gen:Heur.PonyStealer.Jm1@dmK!Icei
Sophos	Mal/Generic-R + Mal/FareitVB-V
Comodo	Malware@#mx19iah778yr
BitDefenderTheta	Gen:NN.ZevbaF.34170.Jm1@amK!Icei
TrendMicro	TrojanSpy.Win32.FAREIT.SMA.hp
McAfee-GW-Edition	Fareit-FNA!25671F53F3F5
FireEye	Generic.mg.25671f53f3f54b1e
Emsisoft	Gen:Heur.PonyStealer.Jm1@dmK!Icei (B)
Jiangmin	Trojan.GandCrypt.qy
Webroot	W32.Trojan.Gen
Avira	TR/AD.GandCrab.hmh
Antiy-AVL	Trojan/Generic.ASMalwS.298A880
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	VirTool:Win32/VBInject.AIE!bit
GData	Gen:Heur.PonyStealer.Jm1@dmK!Icei
AhnLab-V3	Win-Trojan/VBKrypt.RP05.X1878
McAfee	Fareit-FNA!25671F53F3F5
MAX	malware (ai score=100)
VBA32	BScope.Backdoor.Androm
Malwarebytes	Trojan.MalPack.VB.Generic
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TrojanSpy.Win32.FAREIT.SMA.hp
Yandex	Trojan.GandCrypt!L605SGB4xNg
Ikarus	Trojan.Win32.Krypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/GuLoader.VHIX!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml

How to remove Trojan-Ransom.Win32.GandCrypt.gpz?

Trojan-Ransom.Win32.GandCrypt.gpz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan-Ransom.Win32.GandCrypt.gpz removal guide