What is "Trojan-Ransom.Win32.Stop"?

The Trojan-Ransom.Win32.Stop is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Ransom.Win32.Stop virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
A named pipe was used for inter-process communication
Performs some HTTP requests
Unconventionial language used in binary resources: Tatar
The binary likely contains encrypted or compressed data.
Installs itself for autorun at Windows startup
Writes a potential ransom message to disk
Attempts to modify proxy settings
Creates a copy of itself
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

Related domains:

api.2ip.ua

plnv.top

How to determine Trojan-Ransom.Win32.Stop?


File Info:
crc32: 2E5DEDC3
md5: 32f3be8697cbd7c40c05ee83318ae14c
name: 32F3BE8697CBD7C40C05EE83318AE14C.mlw
sha1: 9e58be40a590755bfb204d2d2f40d2de26bf4542
sha256: 6c747049b34b13fee03f951bc3b0f330aab130d3f1ecd4e39df734a94d4442d1
sha512: 9b2a9afdc989e77e0a6cdd283b41958b2bb2162c1ff4a711c5f54c935d0c7628516f85ff64fe5d6e5dfed5175ceb4e3b0a01d18ee606a1d2ff293b09da0ecabb
ssdeep: 12288:6zVWziqF+qpKMHLWbPeJsyixMNOELgd2fsKpcHuRy1GmBzsEWJOifJNUyCt:6ZLqF+qLHAGPVOSpcu9EoLyy
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
InternalName: calinilimodumator.exe
FileVersions: 7.0.0.23
LegalCopyrights: Vsekdag
ProductVersions: 67.0.20.45
Translation: 0x0409 0x22fc

Trojan-Ransom.Win32.Stop also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.73131
FireEye	Generic.mg.32f3be8697cbd7c4
CAT-QuickHeal	Trojanransom.Stop
ALYac	Trojan.Ransom.Stop
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKDZ.73131
K7GW	Trojan ( 005783f91 )
K7AntiVirus	Trojan ( 005783f91 )
Cyren	W32/Azorult.P.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:BotX-gen [Trj]
ClamAV	Win.Dropper.Mokes-9835362-0
Kaspersky	HEUR:Trojan-Ransom.Win32.Stop.gen
Alibaba	Ransom:Win32/generic.ali2000027
NANO-Antivirus	Trojan.Win32.Stop.imjfpm
Tencent	Win32.Trojan.Raas.Auto
Ad-Aware	Trojan.GenericKDZ.73131
Emsisoft	Trojan.Crypt (A)
F-Secure	Trojan.TR/AD.InstaBot.BH
DrWeb	Trojan.Hosts.48251
TrendMicro	TrojanSpy.Win32.RANSOM.USMANBP21
McAfee-GW-Edition	BehavesLike.Win32.Generic.cc
Sophos	Mal/Generic-S
Ikarus	Trojan.WinGo.Ranumbot
Webroot	W32.Trojan.Gen
Avira	TR/AD.InstaBot.BH
Microsoft	Trojan:Win32/Azorult.MZ!MTB
Gridinsoft	Trojan.Win32.Kryptik.vb
Arcabit	Trojan.Generic.D11DAB
ZoneAlarm	HEUR:Trojan-Ransom.Win32.Stop.gen
GData	Trojan.GenericKDZ.73131
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Gen.RL_Reputation.R367821
Acronis	suspicious
McAfee	RDN/Ransom
MAX	malware (ai score=87)
VBA32	BScope.Backdoor.Mokes
Malwarebytes	Trojan.MalPack.GS
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Kryptik.HJPL
TrendMicro-HouseCall	TrojanSpy.Win32.RANSOM.USMANBP21
Rising	Ransom.Stop!8.10810 (CLOUD)
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_88%
Fortinet	W32/GenKryptik.FCCE!tr
BitDefenderTheta	Gen:NN.ZexaF.34590.YG0@aqqPEFhG
AVG	Win32:BotX-gen [Trj]
Paloalto	generic.ml
Qihoo-360	Win32/Trojan.Generic.HwoCdygA

How to remove Trojan-Ransom.Win32.Stop?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “Trojan-Ransom.Win32.Stop”?