Ransom Trojan

About “Trojan-Ransom.Win32.Zerber.evvr” infection

Malware Removal

The Trojan-Ransom.Win32.Zerber.evvr is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.Zerber.evvr virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Compression (or decompression)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to modify desktop wallpaper
  • Exhibits behavior characteristic of Cerber ransomware
  • Attempts to execute a binary from a dead or sinkholed URL
  • Attempts to modify proxy settings
  • Attempts to access Bitcoin/ALTCoin wallets
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Trojan-Ransom.Win32.Zerber.evvr?



File Info:

crc32: A168EA6C
md5: 363c5fac2b07827b53810c58a4e9c2c5
name: 363C5FAC2B07827B53810C58A4E9C2C5.mlw
sha1: 95c8b55a8cdd4c431a44073b84e442852b6f9067
sha256: 059e929de96083a821175d418de716be89ad023517b60168fd02ab1a8ad3b5b6
sha512: 44248e914e0769462f37e2bc7d9d248650efe5fc3af9fbf286809eef69de40eaf6215822511667e85b5a846caa9bb4136c9bcfddb5e3197ffd36bcd495bba0b7
ssdeep: 6144:un/L+DvX84As3uRQO1rtxbYsK/ElHjWLqW15UqesYGZSi9VMOhj1YNj8iM:4wvX8XWubfssKCKL0tsYGYi9WOx1YNjg
type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive


Version Info:

0: [No Data]

Trojan-Ransom.Win32.Zerber.evvr also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 005042991 )
Elasticmalicious (high confidence)
DrWebTrojan.Click3.25793
CynetMalicious (score: 100)
CAT-QuickHealRansom.Cerber.A
ALYacDropped:Trojan.Ransom.GenericKD.43365925
CylanceUnsafe
ZillyaTrojan.Nisloder.Win32.255
SangforTrojan.Win32.Gen.2
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Zerber.66fac832
K7GWTrojan ( 005042991 )
Cybereasonmalicious.c2b078
SymantecRansom.Cerber
ESET-NOD32multiple detections
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Ransomware.Cerber-6932993-0
KasperskyTrojan-Ransom.Win32.Zerber.evvr
BitDefenderDropped:Trojan.Ransom.GenericKD.43365925
NANO-AntivirusTrojan.Win32.DKPI.eljcvh
SUPERAntiSpywareRansom.Cerber/Variant
MicroWorld-eScanDropped:Trojan.Ransom.GenericKD.43365925
TencentWin32.Trojan.Raas.Auto
Ad-AwareDropped:Trojan.Ransom.GenericKD.43365925
SophosMal/Generic-R + Mal/Cerber-Z
ComodoMalware@#3m12st66i0tvt
BitDefenderThetaGen:NN.ZedlaF.34608.hu4@a8FTO7gi
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_CERBER.F117B6
McAfee-GW-EditionRDN/Ransom
FireEyeGeneric.mg.363c5fac2b07827b
EmsisoftDropped:Trojan.Ransom.GenericKD.43365925 (B)
WebrootW32.Trojan.Ransom
AviraHEUR/AGEN.1111189
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftRansom:Win32/Cerber!rfn
ArcabitTrojan.Ransom.Generic.D295B625
GDataDropped:Trojan.Ransom.GenericKD.43365925
AhnLab-V3Trojan/Win32.Cerber.R194527
McAfeeArtemis!363C5FAC2B07
MAXmalware (ai score=85)
VBA32Hoax.Zerber
MalwarebytesTrojan.Injector.DL
PandaTrj/CI.A
TrendMicro-HouseCallRansom_CERBER.F117B6
RisingRansom.Cerber!8.3058 (CLOUD)
YandexTrojan.Injector!+6Pci6WVsRs
IkarusTrojan.Win32.Krypt
FortinetW32/InjectorGen.DKPY!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Cerber.HyoDpRAA

How to remove Trojan-Ransom.Win32.Zerber.evvr?

Trojan-Ransom.Win32.Zerber.evvr removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment