Categories: RansomVirus

Virus.Win32.PolyRansom.l removal guide

The Virus.Win32.PolyRansom.l is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Virus.Win32.PolyRansom.l virus can do?

Behavioural detection: Executable code extraction – unpacking
At least one process apparently crashed during execution
SetUnhandledExceptionFilter detected (possible anti-debug)
Creates RWX memory
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
Enumerates the modules from a process (may be used to locate base addresses in process injection)
Enumerates running processes
Expresses interest in specific running processes
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Reads data out of its own binary image
A process created a hidden window
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Code injection with CreateRemoteThread in a remote process
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
Created a process from a suspicious location
A system process is generating network traffic likely as a result of process injection
Installs itself for autorun at Windows startup
Installs itself for autorun at Windows startup
Attempts to modify proxy settings
Created a service that was not started
Uses suspicious command line tools or Windows utilities

How to determine Virus.Win32.PolyRansom.l?


File Info:
name: 11B008698EAA60BF2161.mlwpath: /opt/CAPEv2/storage/binaries/50b4e40be291b02dd3f31974133ff9ec770fd6da9aebdb77f3d648c80974fdaccrc32: E7BDD737md5: 11b008698eaa60bf216176753f7d8fd5sha1: b3ea84dcb831c23198fca7ee1113e7a6d02a0ab4sha256: 50b4e40be291b02dd3f31974133ff9ec770fd6da9aebdb77f3d648c80974fdacsha512: 188cef4b219cf90a3a6f2e7ababd7dd220c6c11873f68b60649219ce5edf1e0cd39730843ad9fe6ffd55d67d36e8848a8ad57fa2df06712a4cd586940cbdbc6dssdeep: 6144:76E3RZd/FMn3SFiO/7+vGuSiiU42KxLaEZsj23Ap1fEhH/k:76MdOnOH/77nUdKxLaZ63K1fqtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1623423D692D1AED2E548EFF171F32C14ABAD784DA266CC925F0F0487DA20C47A0B654Fsha3_384: 82825834dce2b5af352839ba2491f099c3dfabce09c04f1b231f16b5f7a33d52968f7009b7f5e63a24b289a7cede331fep_bytes: b856341278ff1524204000a300304000timestamp: 2015-01-23 23:19:49
Version Info:
0: [No Data]

Virus.Win32.PolyRansom.l also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Win32.Doboc.Gen.2.Dam
FireEye	Generic.mg.11b008698eaa60bf
CAT-QuickHeal	W32.Tempedreve.A5
McAfee	GenericRXLQ-NV!11B008698EAA
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Virus ( 005223721 )
K7GW	Virus ( 005223721 )
Cybereason	malicious.98eaa6
Baidu	Win32.Trojan.Kryptik.ii
Cyren	W32/Ursnif.GWUR-0581
Symantec	W32.Tempedreve.A!inf
ESET-NOD32	a variant of Win32/Kryptik.CTYE
APEX	Malicious
ClamAV	Win.Trojan.Agent-1376290
Kaspersky	Virus.Win32.PolyRansom.l
BitDefender	Win32.Doboc.Gen.2.Dam
NANO-Antivirus	Trojan.Win32.Kryptik.dmvgtq
Avast	Win32:Crypt-SWP [Trj]
Tencent	Trojan.Win32.BitCoinMiner.la
Ad-Aware	Win32.Doboc.Gen.2.Dam
TACHYON	Trojan/W32.Agent.250368.IQ
Sophos	ML/PE-A + W32/MPhage-A
Comodo	Worm.Win32.Tempedreve.DA@5jb9qs
DrWeb	Win32.Tempedreve.1
VIPRE	Worm.Win32.Tempedreve.a (v)
TrendMicro	PE_URSNIF.B-O
McAfee-GW-Edition	BehavesLike.Win32.Duptwux.dc
Emsisoft	Trojan.Crypt (A)
Ikarus	Trojan.Win32.Crypt
GData	Win32.Doboc.Gen.2.Dam
Jiangmin	Trojan/Generic.bggax
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan/Generic.ASBOL.C5F5
Microsoft	Virus:Win32/Ursnif.gen!A
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Agent.C2629122
Acronis	suspicious
BitDefenderTheta	AI:FileInfector.52E8454215
ALYac	Win32.Doboc.Gen.2.Dam
MAX	malware (ai score=85)
VBA32	TrojanDropper.Daws
Malwarebytes	Trojan.NetProxy
TrendMicro-HouseCall	PE_URSNIF.B-O
Rising	Virus.Tuscas!1.CC88 (CLASSIC)
Yandex	Trojan.DR.Daws!ihP2Abnyiok
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Agentb.btuc
Fortinet	W32/Kryptik.CTYE!tr
AVG	Win32:Crypt-SWP [Trj]
Panda	Trj/CryptD.C
CrowdStrike	win/malicious_confidence_90% (D)