Ransom Trojan

How to remove “Trojan-Ransom.Win32.Zerber.ohr”?

Malware Removal

The Trojan-Ransom.Win32.Zerber.ohr is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.Zerber.ohr virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Exhibits behavior characteristic of Cerber ransomware

How to determine Trojan-Ransom.Win32.Zerber.ohr?



File Info:

crc32: 1346B435
md5: 814789d44691ba21d37dd6576b9db265
name: 814789D44691BA21D37DD6576B9DB265.mlw
sha1: ea4ab82745257513360ab74c7a612aee6e0c94cf
sha256: 3ee89d2b0b20911914f977222cb75c2716e79bb93999055d4716c10608834a88
sha512: 45359099c1e606cf91d5ff1d47d9695dcfed1ab9e0204b5a771219219d9b4b7e5b373bf49ece925766f10bc365cc2d65c8f0c443113d91f5f8fde8debe423a06
ssdeep: 3072:Mb0MOG8XpvwR8q9hZLB9A3NxXU539CEyT6k6GHCLyKRrpBBnMVXl0x:WOG8Xpvo9hJQ453pfk6GHCLyKRr3ilU
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

FileVersion: 3.2.3.51
CompanyName: x41ex41ex41e  x42fx43dx434x435x43ax441
LegalTrademarks: Punto Switcher
Comments: x412x44bx433x440x443x437x447x438x43a P unto Switcher
ProductName: Punto Switcher
ProductVersion: 3.2.3.51
FileDescription: x412x44bx433x440x443x437x447x438x43a Punto Switcher
OriginalFilename: puntounloader.exe
Translation: 0x0419 0x04b0

Trojan-Ransom.Win32.Zerber.ohr also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.5994
CAT-QuickHealRansom.Cerber.YY2
ALYacTrojan.Ransom.Cerber.1
MalwarebytesMachineLearning/Anomalous.100%
SangforRansom.Win32.Cerber_31.se
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 004f87f21 )
K7AntiVirusTrojan ( 004f87f21 )
BaiduWin32.Trojan.Kryptik.avk
CyrenW32/S-8d663af7!Eldorado
SymantecPacked.Generic.459
ESET-NOD32Win32/Filecoder.Cerber.B
APEXMalicious
AvastWin32:Filecoder-BG [Trj]
CynetMalicious (score: 100)
KasperskyTrojan-Ransom.Win32.Zerber.ohr
BitDefenderTrojan.Ransom.Cerber.1
NANO-AntivirusTrojan.Win32.Zerber.evdhur
MicroWorld-eScanTrojan.Ransom.Cerber.1
TencentMalware.Win32.Gencirc.10b245d5
Ad-AwareTrojan.Ransom.Cerber.1
SophosML/PE-A + Mal/Cerber-B
ComodoTrojWare.Win32.Kryptik.ERJ@6l0vie
BitDefenderThetaGen:NN.ZexaF.34628.wq1@aWJierhk
ZillyaTrojan.Zerber.Win32.388
TrendMicroRansom_HPCERBER.SM3
McAfee-GW-EditionGenericRXAI-NE!814789D44691
FireEyeGeneric.mg.814789d44691ba21
EmsisoftTrojan.Ransom.Cerber.1 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Zerber.vj
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1121409
ZoneAlarmTrojan-Ransom.Win32.Zerber.ohr
GDataTrojan.Ransom.Cerber.1
TACHYONRansom/W32.Cryptor.361097
AhnLab-V3Win-Trojan/Cerber.Gen
Acronissuspicious
McAfeeGenericRXAI-NE!814789D44691
MAXmalware (ai score=80)
VBA32BScope.Trojan.Yakes
PandaTrj/Genetic.gen
TrendMicro-HouseCallRansom_HPCERBER.SM3
RisingTrojan.Kryptik!1.AF0E (RDMK:cmRtazqDFmipGmqnNDJmw6p5pYBw)
IkarusTrojan.Win32.Filecoder
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Kryptik.HEKH!tr
AVGWin32:Filecoder-BG [Trj]
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Cerber.HxQBEpsA

How to remove Trojan-Ransom.Win32.Zerber.ohr?

Trojan-Ransom.Win32.Zerber.ohr removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment