Categories: RansomTrojan

How to remove “Trojan-Ransom.Win32.Zerber.fjcp”?

The Trojan-Ransom.Win32.Zerber.fjcp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Ransom.Win32.Zerber.fjcp virus can do?

Executable code extraction
Enumerates user accounts on the system
Creates RWX memory
A process attempted to delay the analysis task.
A process created a hidden window
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Creates an excessive number of UDP connection attempts to external IP addresses
Performs some HTTP requests
Looks up the external IP address
Uses Windows utilities for basic functionality
Attempts to delete volume shadow copies
Deletes its original binary from disk
Attempts to repeatedly call a single API many times in order to delay analysis time
Modifies boot configuration settings
Exhibits behavior characteristic of Cerber ransomware
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Mimics the file times of a Windows system file
Installs itself for autorun at Windows startup
Creates a hidden or system file
EternalBlue behavior
Attempts to modify proxy settings
Creates a copy of itself
Generates some ICMP traffic
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

ipinfo.io

How to determine Trojan-Ransom.Win32.Zerber.fjcp?


File Info:
crc32: 3BD5AC6Bmd5: b4cfd0e2e21e5c5d9a351f166aa58b3fname: B4CFD0E2E21E5C5D9A351F166AA58B3F.mlwsha1: 1031fc16b1e2ccfdf369fe01d1d164b801874003sha256: cd907311a8e1a03e12a9cc6194753df278044e469aa4f60cceb9b860e0f6a829sha512: 04afd5daa16b877e56f4f856cb5b698eef12b5a13d990d1e3034633b6c82f7a55dc62c3a50ecbbc3b6b25ed76df3039515e5eaf88b759efb38bde139d889467cssdeep: 6144:bSvMYirkJtPIvre6amXoCYd6hWDrc13M4Hckc/T1jxGjJd:lYVmSXm9YLIJMFNjtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright Geit Sord PepInternalName: bedbugsFileVersion: 3.4CompanyName: Geit Sord PepProductName: bedbugs rubbishryProductVersion: 3.4FileDescription: bedbugs nuclide weidOriginalFilename: bedbugs.exeTranslation: 0x0409 0x04b0

Trojan-Ransom.Win32.Zerber.fjcp also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 004f27fc1 )
DrWeb	Trojan.Encoder.4794
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Symmi.66021
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (D)
K7GW	Trojan ( 004f27fc1 )
Cybereason	malicious.2e21e5
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.FACZ
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Trojan-Ransom.Win32.Zerber.fjcp
BitDefender	Gen:Variant.Symmi.66021
NANO-Antivirus	Trojan.Win32.Zerber.evpsar
MicroWorld-eScan	Gen:Variant.Symmi.66021
Tencent	Win32.Trojan.Zerber.Pgmx
Ad-Aware	Gen:Variant.Symmi.66021
Sophos	ML/PE-A + Mal/Cerber-C
Comodo	Malware@#2g3fr4wsgeoz5
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	Ransomware-GIX!B4CFD0E2E21E
FireEye	Generic.mg.b4cfd0e2e21e5c5d
Emsisoft	Gen:Variant.Symmi.66021 (B)
SentinelOne	Static AI – Suspicious PE
Avira	HEUR/AGEN.1121409
Microsoft	Ransom:Win32/Cerber.A
AegisLab	Trojan.Win32.Generic.4!c
GData	Gen:Variant.Symmi.66021
Acronis	suspicious
McAfee	Ransomware-GIX!B4CFD0E2E21E
MAX	malware (ai score=99)
VBA32	Trojan-Ransom.Zerber
Panda	Trj/GdSda.A
Rising	Ransom.Cerber!8.3058 (CLOUD)
Yandex	Trojan.Zerber!qA4XqTPn/Ak
Ikarus	Trojan.Win32.Crypt
Fortinet	W32/Kryptik.EYKI!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml