Malware

Win32/Kryptik.GGEF removal guide

Malware Removal

The Win32/Kryptik.GGEF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Kryptik.GGEF virus can do?

  • Executable code extraction
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Win32/Kryptik.GGEF?



File Info:

crc32: 97F58904
md5: 5cd37c88953839eb7ee60214030a60ca
name: 5CD37C88953839EB7EE60214030A60CA.mlw
sha1: d1524173e486c88d6a8d54b043d4a6cac29aa01b
sha256: 4f03f534b406b2adb4fe327704f241c2f488e4d19fa58c63e30c93aff4a84454
sha512: 9934c548aabfdbe030c39fcfd772c21702e8f08223db8790d728aafa7052b726483bfd2122f8ceb90a26fb311ca9eccf5d0a92be164484fb426feb4d84bba0cd
ssdeep: 6144:4hmSpNkx8AsO3X5zCn+foLNBdnAeDoGGD4mMywW:JIkS3O5zC+gT5DGMywW
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2017, odfvilxer
InternalName: toalotspring.exe
FileVersion: 5.1
ProductVersion: 5.1.111.0
Translation: 0x0789 0x04b1

Win32/Kryptik.GGEF also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebBackDoor.Siggen2.2200
MicroWorld-eScanTrojan.GenericKDZ.43749
FireEyeGeneric.mg.5cd37c88953839eb
CAT-QuickHealTrojan.Cloxer.A06
McAfeeGenericRXFE-KE!5CD37C889538
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforWin.Packed.Gandcrab-6552923-4
K7AntiVirusTrojan ( 005339361 )
BitDefenderTrojan.GenericKDZ.43749
K7GWTrojan ( 005339361 )
Cybereasonmalicious.895383
BitDefenderThetaGen:NN.ZexaF.34590.pu1@ae6IUNoi
CyrenW32/S-7ee84da4!Eldorado
SymantecPacked.Generic.525
APEXMalicious
AvastFileRepMalware
ClamAVWin.Packed.Gandcrab-6552923-4
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Upatre.favvjk
ViRobotTrojan.Win32.GandCrab.Gen.A
AegisLabHacktool.Win32.CVE-2016-7255.3!c
Ad-AwareTrojan.GenericKDZ.43749
TACHYONRansom/W32.GandCrab
EmsisoftTrojan.GenericKDZ.43749 (B)
ComodoTrojWare.Win32.Crypt.ZA@7mmoiq
F-SecureHeuristic.HEUR/AGEN.1106533
ZillyaDownloader.Upatre.Win32.65935
TrendMicroRansom.Win32.GANDCRAB.SMLA.hp
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
SophosMal/Generic-R + Mal/Agent-AUL
JiangminTrojanSpy.Panda.hr
MaxSecureRansomeware.CRAB.gen
AviraHEUR/AGEN.1106533
Antiy-AVLTrojan/Win32.TSGeneric
MicrosoftRansom:Win32/Gandcrab.SF!MTB
ArcabitTrojan.Generic.DAAE5
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataTrojan.GenericKDZ.43749
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Gandcrab.Exp
Acronissuspicious
ALYacTrojan.GenericKDZ.43749
MAXmalware (ai score=100)
VBA32BScope.Trojan.Chapak
MalwarebytesMalware.AI.1770524836
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/Kryptik.GGEF
TrendMicro-HouseCallRansom.Win32.GANDCRAB.SMLA.hp
TencentMalware.Win32.Gencirc.114b3c2a
YandexTrojan.GenAsa!Zavy/2LuUmE
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_98%
FortinetW32/GenKryptik.DQHN!tr
AVGFileRepMalware
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360Win32/Trojan.Ransom.d04

How to remove Win32/Kryptik.GGEF?

Win32/Kryptik.GGEF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment