Win32:RansomX-gen is a generic detection by Avast for hazardous ransomware computer threat. With this kind of attack, it is not only the system that is threatened, more than that, precious files of computer users are in great danger. The motive of Win32:RansomX-gen is to deny user’s access to target files by encrypting them with a complex technique, usually AES-RSA asymmetric method. Then, actors behind Win32:RansomX-gen will demand payment via Bitcoin currency as trade off for the necessary decryption tool.
Threat Behavior
The spread of Win32:RansomX-gen commonly pass-through spam email messages where the virus is delivered as attachment. If not the actual file, the message on email contains links that when opened, will initiate the download and execution of Win32:RansomX-gen coming from a remote server. The virus may also arrive on the computer as part of pirated software or serial key generator that are usually hosted on different illicit servers. Aside from this two top spreaders, makers of Win32:RansomX-gen are also using other methods like malicious advertisements, drive-by-download, and software exploits.
Once Win32:RansomX-gen is executed on the computer, the virus injects couple of files on system folders. It also creates a start-up item by adding an entry on Windows registry that runs the virus code on the boot-up process.
Win32:RansomX-gen encrypts practically every files on the computer except for executables, system files, and applications. It is using an asymmetric type of encryption, which is hard to decipher and actually requires a decryption tool and key in order to recover all the infected files.
Payload
The design of Win32:RansomX-gen primarily focus on its objective of encrypting computer user’s files such as documents, spreadsheets, images, photos, videos, databases, archives, and so on. The encryption process literally makes these files inaccessible and attackers make use of this situation to extort money from victims.
Some examples of hazardous ransomware that were identified with this signature includes Suka, Yoad, Gac, Instant Ransomware 2.0, RansomeToad, and Solaso.
| Version Name | Alert Level | Date Added |
| Win64:RansomX-gen | Severe | Dec. 12, 2020 |
How can you remove Win32:RansomX-gen?
To totally remove Win32:RansomX-gen from the computer and get rid of relevant viruses, please execute the procedures as stated on this page. Make sure that you have completely scan the system with suggested malware removal tools and virus scanners.
Step 1 : Scan the computer with Norton Power Eraser
1. Download Norton Power Eraser from the link below. Save the file on your hard drive.
2. Once the download completes, double-click on the file NPE.EXE to run the program.
3. You will be prompted with End User License Agreement. Please click on Accept to continue.
4. Norton Power Eraser will check for the most recent version. Then, the main window will appear. Click on Scan for Risks to the scan and removal process for Win32:RansomX-gen.
5. By default, Norton Power Eraser was configured to perform rootkit scan. This is essential to get rid of Win32:RansomX-gen or other relevant malware. To accomplish this, you will need to restart the computer. Please click Restart button.
6. After restarting Windows, the program will check for possible database update and then, proceeds with the scan. It may take a while, please wait for the scan process to complete.
7. Once scanning is done, Norton Power Eraser will display a list of threats including Win32:RansomX-gen. Review identified threats and remove/repair them from the PC by clicking on Fix Now button.
8. If you are prompted to restart the computer in order to complete the virus removal process, please click on Restart Now.
Step 2 : Run Sophos Virus Removal Tool
1. Download Sophos Virus Removal Tool from the link below. Save the file to your Desktop so that we can access the file easily.
2. After downloading, navigate to the file location and double-click it. This will start the instllation procedure. User Account Control will prompt if you want to run the program, click Yes to continue.
3. On initial launch of the program, it will display a Welcome Screen as shown in the image below. Click Next to start the installation procedure.
4. Next, you need to accept the license agreement before Sophos Virus Removal Tool can be installed onto the computer. Choose 'I accept the terms in the license agreement'. Then, click Next button.
5. On the next prompts, please click appropriate button to proceed. At the end of the installation process, it will display InstallShield Wizard Completed. Just leave the Launch Sophos Virus Removal Tool with a check mark. Then, click Finish.
6. The tool will download necessary updates so Internet connection is required at this point. Lastly, Sophos Virus Removal Tool displays the welcome screen.
7. Click on Start Scanning button to begin checking the system for presence of rootkit and virus. The tool reveals items that were found linked to Win32:RansomX-gen. It also detects and removes other malicious files.
