Ransom Trojan

Trojan-Ransom.Win32.PolyRansom removal tips

Malware Removal

The Trojan-Ransom.Win32.PolyRansom is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.PolyRansom virus can do?

  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Deletes executed files from disk

How to determine Trojan-Ransom.Win32.PolyRansom?



File Info:

name: 3FC294A8048985C899D6.mlw
path: /opt/CAPEv2/storage/binaries/ceebaccadaa17a86ac45a5ee7dac95fe7f4587452a1ebec4c6a50bab2862d4df
crc32: CE39FA9B
md5: 3fc294a8048985c899d6b73e043ac5e5
sha1: 83ea355354eaf8da2f513d2ce8378b7439c20eb5
sha256: ceebaccadaa17a86ac45a5ee7dac95fe7f4587452a1ebec4c6a50bab2862d4df
sha512: 4362b4a01433509dfab7b01c44e7f7e63dd79958862dbe05bd1a7f5410ccc23b61b71a620ad8b0c65f9e2cb65e5ef3e88ee0d5247555f1e636b832f39bb5e410
ssdeep: 6144:qe34gLb8O6IN9PvRo+TpzTM/fNbkHsN5CskvdF9GNgUF4ULGYXO5xlx:J0kN9xJTW/lbkHsSsG9UmULGjb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T128942341AE4248BFD48680350AEBC7BF673EED1525871D037FA06EED5EA7CD6881481B
sha3_384: b2ce69145598412bc3528fb5485b66901868ac9b9f183cf48f1a63bd1979f7f533bf35cfc4e5000f9fbde4eafc82487a
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-12-05 22:50:52


Version Info:

0: [No Data]

Trojan-Ransom.Win32.PolyRansom also known as:

LionicTrojan.Win32.PolyRansom.4!c
Elasticmalicious (high confidence)
Cylanceunsafe
CrowdStrikewin/grayware_confidence_60% (D)
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Ransom.Win32.PolyRansom.gen
ZillyaTrojan.PolyRansom.Win32.30094
McAfee-GW-EditionBehavesLike.Win32.Dropper.gc
Trapminesuspicious.low.ml.score
ZoneAlarmHEUR:Trojan-Ransom.Win32.PolyRansom.gen
GoogleDetected
McAfeeArtemis!3FC294A80489
PandaTrj/RansomGen.A
IkarusNsis
DeepInstinctMALICIOUS

How to remove Trojan-Ransom.Win32.PolyRansom?

Trojan-Ransom.Win32.PolyRansom removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment