Ransom Trojan

Trojan-Ransom.Win32.SageCrypt.dcv removal

Malware Removal

The Trojan-Ransom.Win32.SageCrypt.dcv is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.SageCrypt.dcv virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Detected script timer window indicative of sleep style evasion
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself
  • Collects information to fingerprint the system

How to determine Trojan-Ransom.Win32.SageCrypt.dcv?



File Info:

crc32: F8017672
md5: c52301c33a3f6bf4da5c3cfdc89748f2
name: upload_file
sha1: 15ec2e036200af763d1665650850312ffce07233
sha256: 8e25e8e2cc04d2c03bf0c8a19bc458d63641a01ccdb5cc46e7adcc829ed0ef2d
sha512: 9798f5af7d585b65065292491105fb48eaf6cfdc36c3923c2a60aaeef500ac1ad636378ca0bbcdc91db191bf81b28860475602ca50f6e91f11b9e9d588918f15
ssdeep: 12288:4HxHbps6eCvIpbRuxw61WgdDGqwcVDYX4k:eTexpcxw6RjYXP
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (c) 2014 - . All rights reserved. labDVxfffd
InternalName: Lags
FileVersion: 7.8.9.4
CompanyName: labDVxfffd
FileDescription: Macsx Appraisals Eggheads Landscape Dropout
Comments: Macsx Appraisals Eggheads Landscape Dropout
ProductName: Lags
ProductVersion: 7.8.9.4
PrivateBuild: 7.8.9.4
OriginalFilename: Lags
Translation: 0x0409 0x04b0

Trojan-Ransom.Win32.SageCrypt.dcv also known as:

BkavW32.AIDetectVM.malware1
DrWebTrojan.Encoder.10781
MicroWorld-eScanTrojan.GenericKD.34249931
FireEyeGeneric.mg.c52301c33a3f6bf4
ALYacTrojan.GenericKD.34249931
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
K7AntiVirusTrojan ( 004f76a01 )
BitDefenderTrojan.GenericKD.34249931
K7GWTrojan ( 004f76a01 )
Cybereasonmalicious.33a3f6
TrendMicroMal_MiliCry-1h
BitDefenderThetaGen:NN.ZexaF.34142.Dq0@aKfdqzpi
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Malware-gen
GDataTrojan.GenericKD.34249931
KasperskyTrojan-Ransom.Win32.SageCrypt.dcv
AlibabaRansom:Win32/SageCrypt.94ea951f
NANO-AntivirusTrojan.Win32.SageCrypt.falyiz
ViRobotTrojan.Win32.Z.Sagecrypt.475136.O
AegisLabTrojan.Win32.SageCrypt.j!c
TencentMalware.Win32.Gencirc.10b2ea82
EmsisoftTrojan.GenericKD.34249931 (B)
ComodoTrojWare.Win32.Genome.tdkze@0
F-SecureTrojan.TR/AD.Sage.icukk
ZillyaTrojan.SageCrypt.Win32.177
Invinceaheuristic
Trapminesuspicious.low.ml.score
SophosMal/Generic-S
IkarusTrojan-Ransom.FileCrypter
JiangminTrojan.SageCrypt.hj
AviraTR/AD.Sage.icukk
eGambitUnsafe.AI_Score_99%
MAXmalware (ai score=80)
Antiy-AVLTrojan/Win32.TSGeneric
ArcabitTrojan.Generic.D20A9CCB
ZoneAlarmTrojan-Ransom.Win32.SageCrypt.dcv
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Sagecrypt.Gen
McAfeeGenericRXBG-ZF!C52301C33A3F
TACHYONRansom/W32.SageCrypt.475136
VBA32BScope.Trojan-Ransom.SageCrypt
MalwarebytesRansom.Sage
PandaTrj/CI.A
ESET-NOD32Win32/Filecoder.NHQ
TrendMicro-HouseCallMal_MiliCry-1h
RisingRansom.Milicry!8.A2F2 (TFE:5:Fxti397groL)
YandexTrojan.SageCrypt!
SentinelOneDFI – Suspicious PE
FortinetW32/Generic.AP.C8398!tr
Ad-AwareTrojan.GenericKD.34249931
AVGWin32:Malware-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Trojan.Generic

How to remove Trojan-Ransom.Win32.SageCrypt.dcv?

Trojan-Ransom.Win32.SageCrypt.dcv removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment