Trojan-Ransom.Win32.Shade.pdu information

Malware Removal

The Trojan-Ransom.Win32.Shade.pdu is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Ransom.Win32.Shade.pdu virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Creates a hidden or system file
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Trojan-Ransom.Win32.Shade.pdu?


File Info:

crc32: 1AF6AE9B
md5: 1279adbdecf9fbb3a995625a6c23413e
name: 1279ADBDECF9FBB3A995625A6C23413E.mlw
sha1: 89f376e33f2b76196e62522280a3f3a33d7d816f
sha256: 65d730fb48ddd67aef2bd7072c1d29b072b086d0b48f8aae23bd33d9a6a61b99
sha512: 8b75aded4bfc789154c1a4185a82b5636f5b99743a173e1ea99c90f2e5f82d524fdfa0698cc3b6766024fcbc3d3197e3cd9f05dbc0d739520decfb99571b2737
ssdeep: 24576:vkv77h1XHfYLUGRKp9dEwtlAmTWJD0OTYGXdrNkDlgN6jmLDTBNOY:vkjHfYLUGRKbdj0mCJD0OTXwhgN6jeXF
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: WUDFHost.exe
FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 6.1.7601.17514
FileDescription: Windows Driver Foundation - User-mode Driver Framework Host Process
OriginalFilename: WUDFHost.exe
Translation: 0x0409 0x04b0

Trojan-Ransom.Win32.Shade.pdu also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 00517c481 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.26601
CynetMalicious (score: 100)
ALYacTrojan.Ransom.Shade
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaRansom:Win32/Shade.285126d7
K7GWTrojan ( 00517c481 )
Cybereasonmalicious.decf9f
SymantecRansom.Troldesh
ESET-NOD32Win32/Filecoder.Shade.B
APEXMalicious
AvastWin32:Trojan-gen
ClamAVWin.Malware.Generickdz-9825606-0
KasperskyTrojan-Ransom.Win32.Shade.pdu
BitDefenderTrojan.GenericKDZ.52773
NANO-AntivirusTrojan.Win32.Shade.fktmnh
MicroWorld-eScanTrojan.GenericKDZ.52773
TencentWin32.Trojan.Shade.Dwjp
Ad-AwareTrojan.GenericKDZ.52773
SophosMal/Generic-R + Troj/Troldesh-T
ComodoMalCrypt.Indus!@1qrzi1
BitDefenderThetaAI:Packer.E8AB40621F
VIPRETrojan.Win32.Generic!BT
TrendMicroTrojanSpy.Win32.EMOTET.SMA
McAfee-GW-EditionBehavesLike.Win32.Fake.dc
FireEyeGeneric.mg.1279adbdecf9fbb3
EmsisoftTrojan.GenericKDZ.52773 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Shade.sb
WebrootW32.Adware.Gen
AviraTR/Crypt.Epack.AE
Antiy-AVLTrojan/Generic.ASMalwS.29B81F6
MicrosoftRansom:Win32/Troldesh.A
AegisLabTrojan.Win32.Shade.4!c
GDataTrojan.GenericKDZ.52773
Acronissuspicious
McAfeeArtemis!1279ADBDECF9
MAXmalware (ai score=100)
VBA32BScope.TrojanRansom.Troldesh
PandaTrj/GdSda.A
TrendMicro-HouseCallTrojanSpy.Win32.EMOTET.SMA
RisingRansom.Troldesh!8.5D1 (CLOUD)
YandexTrojan.Shade!S5H6rYDqkhk
IkarusTrojan-Ransom.Crypted007
FortinetW32/GenCBL.CN!tr
AVGWin32:Trojan-gen
Paloaltogeneric.ml

How to remove Trojan-Ransom.Win32.Shade.pdu?

Trojan-Ransom.Win32.Shade.pdu removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment