Ransom Trojan

About “Trojan-Ransom.Win32.Zerber.feuy” infection

Malware Removal

The Trojan-Ransom.Win32.Zerber.feuy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.Zerber.feuy virus can do?

  • Executable code extraction
  • Enumerates user accounts on the system
  • Creates RWX memory
  • A process created a hidden window
  • Drops a binary and executes it
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Modifies boot configuration settings
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Mimics the file times of a Windows system file
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan-Ransom.Win32.Zerber.feuy?



File Info:

crc32: D1FC1AAE
md5: a4009f5e7cc8a160b984f697a306e3a1
name: A4009F5E7CC8A160B984F697A306E3A1.mlw
sha1: 96f7950ed6296b58867de2d570a1127f4781b877
sha256: 8bc7eb2276cb4e059da104a1654e9604dbb60ae7dd364aa09d0728e9eb27fc2d
sha512: 689463bb846793c70416af2f0aed065e223ac9b865439e0486841219bd7697e43f4b3fe89ed5dfd333ba01029281441447f84eaa98e3bdac5da9a1ea52e28e4f
ssdeep: 3072:fxg44y1xDNeBAopsuXaIz4EtVsVYf9IuT+Qa9bPZw0J27EkUFvpp:Jg44KmtSAae40VsVCCuT+QQPfQ4kUF
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Bibliognost Octine
InternalName: wheeching
FileVersion: 10.7.7630.44546
CompanyName: Bibliognost Octine
ProductName: wheeching expdt
ProductVersion: 10.7.7630.44546
FileDescription: wheeching colymbiform
OriginalFilename: wheeching.exe
Translation: 0x0409 0x04b0

Trojan-Ransom.Win32.Zerber.feuy also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0048cbe01 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.4691
CynetMalicious (score: 100)
ALYacTrojan.GenericKD.44140656
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Zerber.4ea2bfde
K7GWTrojan ( 0048cbe01 )
Cybereasonmalicious.e7cc8a
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.EYLT
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Zerber.feuy
BitDefenderTrojan.GenericKD.44140656
NANO-AntivirusTrojan.Win32.Zerber.evdfvx
MicroWorld-eScanTrojan.GenericKD.44140656
TencentWin32.Trojan.Zerber.Lizo
Ad-AwareTrojan.GenericKD.44140656
SophosMal/Generic-S
ComodoMalware@#2ugbbemyhfr48
F-SecureHeuristic.HEUR/AGEN.1121409
BitDefenderThetaGen:NN.ZevbaF.34608.kq0@aeXxcxoi
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionGeneric.cux
FireEyeGeneric.mg.a4009f5e7cc8a160
EmsisoftTrojan.GenericKD.44140656 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1121409
MicrosoftRansom:Win32/Cerber
ArcabitTrojan.Generic.D2A18870
AegisLabTrojan.Win32.Generic.4!c
ZoneAlarmTrojan-Ransom.Win32.Zerber.feuy
GDataTrojan.GenericKD.44140656
Acronissuspicious
McAfeeGeneric.cux
MAXmalware (ai score=100)
PandaTrj/GdSda.A
RisingRansom.Zerber!8.518C (CLOUD)
YandexTrojan.Zerber!zbOmW62r5h8
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.7164915.susgen
FortinetW32/Kryptik.EYKI!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Cerber.HxQB2GYA

How to remove Trojan-Ransom.Win32.Zerber.feuy?

Trojan-Ransom.Win32.Zerber.feuy removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment