WannaCry.Ransom.Encrypt.DDS removal guide

The WannaCry.Ransom.Encrypt.DDS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What WannaCry.Ransom.Encrypt.DDS virus can do?

Possible date expiration check, exits too soon after checking local time
The binary likely contains encrypted or compressed data.
Attempts to modify proxy settings

How to determine WannaCry.Ransom.Encrypt.DDS?


File Info:
crc32: 799309BE
md5: 517a6b1306a3f8b1965053564a1c1564
name: 517A6B1306A3F8B1965053564A1C1564.mlw
sha1: 36513a64a2f1d621366e898df09a7d4675992c2d
sha256: 0466c30d11752dc81e27fd20d12ba53b418ee88fc4fed4e1a1b41a2016ede294
sha512: 561a9631ee24e91c3409172864e310fa98032270561573b0b7c5c1d1f9148a8a3a38041824c8738ff47d23fbf1ba46daa671ba635f8b3923ac6e915056fa801e
ssdeep: 98304:whqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3z:whqPe1Cxcxk3ZAEUadzR8yc4gj
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: lhdfrgui.exe
FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 6.1.7601.17514
FileDescription: Microsoftxae Disk Defragmenter
OriginalFilename: lhdfrgui.exe
Translation: 0x0409 0x04b0

WannaCry.Ransom.Encrypt.DDS also known as:

Bkav	W32.FamVT.DeagezLC.Trojan
K7AntiVirus	Exploit ( 0050d7a31 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.11432
Cynet	Malicious (score: 100)
CAT-QuickHeal	Ransomware.WannaCry.IRG1
ALYac	Trojan.Ransom.WannaCryptor
Cylance	Unsafe
Zillya	Trojan.WannaCry.Win32.1
Sangfor	Ransom.Win32.Wannacry_0.se
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Trojan:Win32/dark.ali1000040
K7GW	Exploit ( 0050d7a31 )
Cybereason	malicious.306a3f
Baidu	Win32.Worm.Rbot.a
Cyren	W32/Trojan.ZTSA-8671
Symantec	Ransom.Wannacry
ESET-NOD32	Win32/Exploit.CVE-2017-0147.A
Zoner	Trojan.Win32.59562
APEX	Malicious
Avast	Sf:WNCryLdr-A [Trj]
ClamAV	Win.Ransomware.WannaCry-6313787-0
Kaspersky	Trojan-Ransom.Win32.Wanna.m
BitDefender	Trojan.Ransom.WannaCryptor.H
NANO-Antivirus	Trojan.Win32.Wanna.eovgam
ViRobot	Trojan.Win32.WannaCry.3723264.A
SUPERAntiSpyware	Ransom.WannaCrypt/Variant
MicroWorld-eScan	Trojan.Ransom.WannaCryptor.H
Tencent	Malware.Win32.Gencirc.10b3d198
Ad-Aware	Trojan.Ransom.WannaCryptor.H
Sophos	Mal/Generic-R + Mal/Wanna-A
Comodo	TrojWare.Win32.Exploit.CVE-2017-0147.C@8oq0ji
F-Secure	Trojan:W32/WannaCry.D
BitDefenderTheta	Gen:NN.ZexaF.34628.Jt1@aePsbmpi
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_WCRY.SM2
McAfee-GW-Edition	BehavesLike.Win32.RansomWannaCry.wc
FireEye	Generic.mg.517a6b1306a3f8b1
Emsisoft	Trojan-Ransom.WanaCrypt0r (A)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.WanaCry.i
Avira	TR/Ransom.IZ
eGambit	Trojan.Generic
Antiy-AVL	Trojan[Ransom]/Win32.Scatter
Kingsoft	Win32.Heur.KVM005.a.(kcloud)
Microsoft	Ransom:Win32/WannaCrypt.H
Gridinsoft	Malware.Win32.Pack.30058!se
Arcabit	Trojan.Ransom.WannaCryptor.H
AegisLab	Trojan.Win32.Wanna.toNz
ZoneAlarm	Trojan-Ransom.Win32.Wanna.m
GData	Win32.Trojan-Ransom.WannaCry.D
TACHYON	Ransom/W32.WannaCry.Zen
AhnLab-V3	Trojan/Win32.WannaCryptor.R200572
Acronis	suspicious
McAfee	Ransom-WannaCry!517A6B1306A3
MAX	malware (ai score=100)
VBA32	TrojanRansom.Wanna
Malwarebytes	WannaCry.Ransom.Encrypt.DDS
Panda	Trj/RansomCrypt.I
TrendMicro-HouseCall	Ransom_WCRY.SM2
Rising	Ransom.Wanna!8.E7B2 (TFE:dGZlOgVr8t/MABEOqA)
Yandex	Trojan.GenAsa!VW7HnU9046M
Ikarus	Trojan-Ransom.Wannacryptor
MaxSecure	Trojan-Ransom.Win32.Wanna.m
Fortinet	W32/Generic.AC.3F0684!tr
AVG	Sf:WNCryLdr-A [Trj]
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.WannaCry.HykCjlsA

How to remove WannaCry.Ransom.Encrypt.DDS?

WannaCry.Ransom.Encrypt.DDS removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X