Categories: Trojan

Trojan.Win32.RegRun.zrm removal guide

The Trojan.Win32.RegRun.zrm is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Win32.RegRun.zrm virus can do?

Executable code extraction
Creates RWX memory
Attempts to connect to a dead IP:Port (5 unique times)
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Attempts to remove evidence of file being downloaded from the Internet
Installs itself for autorun at Windows startup
Exhibits possible ransomware file modification behavior
Writes a potential ransom message to disk
Attempts to modify proxy settings
Creates a copy of itself
Appends a known CryptFile2 ransomware file extension to files that have been encrypted
Creates a known CryptFile2 ransomware decryption instruction / key file.
Anomalous binary characteristics

Related domains:

mm.shinkendo.fr

crt.usertrust.com

ocsp.comodoca.com

ocsp.usertrust.com

crl.usertrust.com

How to determine Trojan.Win32.RegRun.zrm?


File Info:
crc32: 8E34E784md5: acf12fb465eeceb8746392e631a62ebdname: ACF12FB465EECEB8746392E631A62EBD.mlwsha1: 53591c7be5d7ad7606b6422531b35e34a63c9101sha256: 8be1b2d7e9cb98d370c18c32a91b0f47cd5065db4d814144328cfa1c4619c95asha512: 62d42857cc717f8da18bb45cabe90aa41418b2bb09d652027882cdb5d3af3174c20f41915745aff62af05be9d9c5a30293f5d6fd17a8aa75ce0df519c866f84bssdeep: 3072:fdjVduyUO9q75O11111114aaAilpPX6q2y8kFO:fNVdmfaaPqytype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
0: [No Data]

Trojan.Win32.RegRun.zrm also known as:

K7AntiVirus	Trojan ( 0051e3671 )
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.6033
Cynet	Malicious (score: 100)
CAT-QuickHeal	Ransomware.Tescrypt.WR5
ALYac	Gen:Heur.Mint.Dreidel.gyW@xG06CQki
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_80% (D)
K7GW	Trojan ( 0051e3671 )
Cybereason	malicious.465eec
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.FZPR
APEX	Malicious
Avast	FileRepMalware
Kaspersky	Trojan.Win32.RegRun.zrm
BitDefender	Gen:Heur.Mint.Dreidel.gyW@xG06CQki
NANO-Antivirus	Trojan.Win32.HydraCrypt.evpkvp
MicroWorld-eScan	Gen:Heur.Mint.Dreidel.gyW@xG06CQki
Tencent	Win32.Trojan.Generic.Lrsb
Ad-Aware	Gen:Heur.Mint.Dreidel.gyW@xG06CQki
Sophos	ML/PE-A + Mal/Slenfbot-I
Comodo	Malware@#3n6kx1ivnyma8
BitDefenderTheta	Gen:NN.ZexaF.34170.gyW@aG06CQki
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_CRYPHYDRA.SMJ
McAfee-GW-Edition	BehavesLike.Win32.Generic.ch
FireEye	Generic.mg.acf12fb465eeceb8
Emsisoft	Gen:Heur.Mint.Dreidel.gyW@xG06CQki (B)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/AGEN.1124648
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASMalwS.22E6EC9
Microsoft	Trojan:Win32/Dynamer!rfn
GData	Gen:Heur.Mint.Dreidel.gyW@xG06CQki
AhnLab-V3	Malware/Win32.Generic.C1406676
Acronis	suspicious
McAfee	Generic.cvg
MAX	malware (ai score=100)
VBA32	BScope.TrojanRansom.Blocker
Malwarebytes	Malware.AI.3818972437
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Ransom_CRYPHYDRA.SMJ
Rising	Trojan.Generic@ML.93 (RDML:nOsZnDi6Bc/Nan+sIiv0cA)
Yandex	Trojan.Agent!Xw+nL7bVfh0
Ikarus	Trojan.Win32.Crypt
Fortinet	W32/Kryptik.FGQU!tr
AVG	FileRepMalware
Paloalto	generic.ml