Trojan-Ransom.Win32.Shade.qjq removal guide

Malware Removal

The Trojan-Ransom.Win32.Shade.qjq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

ribbon

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
THANK YOU!
DOWNLOAD NOW
On Going Offer

What Trojan-Ransom.Win32.Shade.qjq virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Attempts to connect to a dead IP:Port (10 unique times)
  • Starts servers listening on 127.0.0.1:48625
  • Reads data out of its own binary image
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to delete volume shadow copies
  • Installs Tor on the infected machine
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Collects information about installed applications
  • Creates a hidden or system file
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

Related domains:

ipv4bot.whatismyipaddress.com

How to determine Trojan-Ransom.Win32.Shade.qjq?


File Info:

crc32: ADD40D13
md5: 0eef75deaea6806d3dde5b83c3b625f6
name: 2c.jpg
sha1: dcaedcc047db68c979263293a0a767e52bc88d15
sha256: 7ce52df2e1186532c119b3ad42fad1012bb78e6393bff209086dec386bbd49af
sha512: 2e5a2bbc751c3349a393484215f5792d284727e8338414e55c4a13fa7f52dc93b0eb4c75efce79cbd138bcf44d4c2a279a68c7bf51bf9afc0b5d0b5f5a03ec6b
ssdeep: 24576:hGf04SoHT5/a30mSfflaDtBQMcFXxqL1wDYXT8Qh0L4HREppTmSm9TbL2:h5m/wafflkPQtRQ/T8A0sxITmFbK
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Carbon3D Copyright xa9 2013. All rights reserved.
InternalName: Javascripts
FileVersion: 8.5.41.9
CompanyName: Carbon3D
PrivateBuild: 8.5.41.9
LegalTrademarks: Carbon3D Copyright xa9 2013. All rights reserved.
Comments: Win9x Disposing Pattersn Perspectivecamera
ProductName: Javascripts
ProductVersion: 8.5.41.9
FileDescription: Win9x Disposing Pattersn Perspectivecamera
OriginalFilename: Javascripts
Translation: 0x0409 0x04b0

Trojan-Ransom.Win32.Shade.qjq also known as:

MicroWorld-eScanTrojan.GenericKD.42074851
FireEyeGeneric.mg.0eef75deaea6806d
McAfeeArtemis!0EEF75DEAEA6
SangforMalware
K7AntiVirusTrojan ( 0055c8161 )
BitDefenderTrojan.GenericKD.32768043
K7GWTrojan ( 0055c8161 )
CrowdStrikewin/malicious_confidence_90% (W)
SymantecML.Attribute.HighConfidence
APEXMalicious
ClamAVWin.Trojan.Agent-7419326-0
GDataTrojan.GenericKD.32768043
KasperskyTrojan-Ransom.Win32.Shade.qjq
NANO-AntivirusTrojan.Win32.Generic.gjrsdo
AegisLabTrojan.Win32.Shade.tqV8
RisingTrojan.Generic@ML.96 (RDML:c5hExLJoqIIjEDr3J4XyJg)
Endgamemalicious (high confidence)
F-SecureTrojan.TR/AD.Troldesh.brbyh
DrWebTrojan.Encoder.858
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Worm.tc
SophosMal/Generic-S
IkarusTrojan.Win32.Agent
AviraTR/AD.Troldesh.brbyh
MAXmalware (ai score=82)
ArcabitTrojan.Generic.D1F4002B
ZoneAlarmTrojan-Ransom.Win32.Shade.qjq
MicrosoftTrojan:Win32/Occamy.B
Acronissuspicious
Ad-AwareTrojan.GenericKD.32768043
MalwarebytesRansom.Troldesh
ESET-NOD32a variant of Win32/GenKryptik.DYXB
SentinelOneDFI – Suspicious PE
FortinetW32/Kryptik.GVSM!tr
BitDefenderThetaGen:NN.ZexaF.32515.Br0@aa9B9bhi
AVGFileRepMalware
Cybereasonmalicious.047db6
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Ransom.f4d

How to remove Trojan-Ransom.Win32.Shade.qjq?

Trojan-Ransom.Win32.Shade.qjq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment