Ransom Trojan

How to remove “Trojan.Ransom.ZY”?

Malware Removal

The Trojan.Ransom.ZY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan.Ransom.ZY virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)

How to determine Trojan.Ransom.ZY?


File Info:

name: 3F87059AEE28FEB4AD4C.mlw
path: /opt/CAPEv2/storage/binaries/597cf42abda2f1964f517b4e4d5aa34d8153be9d87576e02521d838dcf1ae48d
crc32: DE664FFD
md5: 3f87059aee28feb4ad4c79a3e465a9d9
sha1: 0b8ed2c424489093e020551e24e19e27082593f7
sha256: 597cf42abda2f1964f517b4e4d5aa34d8153be9d87576e02521d838dcf1ae48d
sha512: 7b7764b11028fe853fc01fce603df63551d763a197fc5f8bd6d90aaa7e689bf52d59ffb33c232c20fae3f7a76e65d4d15fd4f27982bb90cfb1ba51c80054bb2a
ssdeep: 6144:9gWtdUK+oS7Ev4e8cxtWrxpuafYTUpG3cndArUHLe7FN+GeMP6nQGXPe4wlkDiMN:mWvUK+oSM4e8+OxpuyYAQMndcUrRMP6X
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16B64ABE325490A5EC175FB75F2D7C76F2DA2249E8B53F2878E068EA109DF2097E20147
sha3_384: 8775b343eed1b0189f6b71b370738bbcbc56304853e076eff9f484626216fdc194207462ff0ebaceac747e0cb41789f2
ep_bytes: 5589e583ec08c7042402000000ff15c8
timestamp: 2004-06-30 16:58:47

Version Info:

0: [No Data]

Trojan.Ransom.ZY also known as:

LionicTrojan.Win32.Generic.lJkz
DrWebTrojan.DownLoader8.5817
MicroWorld-eScanTrojan.Ransom.ZY
FireEyeGeneric.mg.3f87059aee28feb4
CAT-QuickHealW32.Virut.Cur1
ALYacTrojan.Ransom.ZY
CylanceUnsafe
ZillyaTrojan.Injector.Win32.241849
SangforTrojan.Win32.Save.a
Cybereasonmalicious.aee28f
BitDefenderThetaGen:NN.ZexaF.34682.tyW@aazFiJdi
VirITWin32.Scribble.AC
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Virut.NBP
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Ransom.ZY
NANO-AntivirusTrojan.Win32.ZBot.craquc
AvastWin32:Vitro [Inf]
RisingMalware.Undefined!8.C (TFE:5:UtiKsa62uZF)
Ad-AwareTrojan.Ransom.ZY
EmsisoftTrojan.Ransom.ZY (B)
ComodoTrojWare.Win32.Injector.AEOT@4wpojz
BaiduWin32.Virus.Virut.gen
VIPRETrojan.Ransom.ZY
McAfee-GW-EditionPWS-Zbot-FAZY!3F87059AEE28
Trapminemalicious.high.ml.score
SophosML/PE-A + Troj/DwnLdr-KUC
SentinelOneStatic AI – Malicious PE
JiangminWin32/Virut.bv
GoogleDetected
AviraTR/Crypt.XPACK.Gen7
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASMalwS.7A8
MicrosoftVirTool:Win32/CeeInject.gen!HL
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataTrojan.Ransom.ZY
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Inject.R60877
Acronissuspicious
McAfeePWS-Zbot-FAZY!3F87059AEE28
VBA32TrojanSpy.Zbot
MalwarebytesMalware.Heuristic.1001
TencentVirus.Win32.Virut.ua
YandexTrojan.GenAsa!78MsmArIU8A
IkarusTrojan-Spy.Win32.Zbot
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.CE
AVGWin32:Vitro [Inf]
PandaTrj/Zbot.M
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Ransom.ZY?

Trojan.Ransom.ZY removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment