Win32:RansomX-gen

Win32:RansomX-gen is a generic detection by Avast for hazardous ransomware computer threat. With this kind of attack, it is not only the system that is threatened, more than that, precious files of computer users are in great danger. The motive of Win32:RansomX-gen is to deny user’s access to target files by encrypting them with a complex technique, usually AES-RSA asymmetric method. Then, actors behind Win32:RansomX-gen will demand payment via Bitcoin currency as trade off for the necessary decryption tool.

Threat Behavior

The spread of Win32:RansomX-gen commonly pass-through spam email messages where the virus is delivered as attachment. If not the actual file, the message on email contains links that when opened, will initiate the download and execution of Win32:RansomX-gen coming from a remote server. The virus may also arrive on the computer as part of pirated software or serial key generator that are usually hosted on different illicit servers. Aside from this two top spreaders, makers of Win32:RansomX-gen are also using other methods like malicious advertisements, drive-by-download, and software exploits.

Once Win32:RansomX-gen is executed on the computer, the virus injects couple of files on system folders. It also creates a start-up item by adding an entry on Windows registry that runs the virus code on the boot-up process.

Win32:RansomX-gen encrypts practically every files on the computer except for executables, system files, and applications. It is using an asymmetric type of encryption, which is hard to decipher and actually requires a decryption tool and key in order to recover all the infected files.

Payload

The design of Win32:RansomX-gen primarily focus on its objective of encrypting computer user’s files such as documents, spreadsheets, images, photos, videos, databases, archives, and so on. The encryption process literally makes these files inaccessible and attackers make use of this situation to extort money from victims.

Technical Details
Virus NameWin32:RansomX-gen
Detected byAvast Antivirus, AVG Antivirus
Threat TypeDharma, CrySis
Applies toFlyu, Cve, Fresh, Smpl, Team
Similar DetectionsAcronis : Suspicious
Ad-Aware : Trojan.Ransom.Crysis.A
AhnLab-V3 : Trojan/Win32.Crysis.R213980
ALYac : Trojan.Ransom.Crysis.A
Antiy-AVL : Trojan/Win32.AGeneric
SecureAge APEX : Malicious
Arcabit : Trojan.Ransom.Crysis.A
Avira (no cloud) : TR/Dropper.Gen
BitDefender : Trojan.Ransom.Crysis.A
BitDefenderTheta : AI:Packer
Bkav : W32.RansomeDNZ.Trojan
CAT-QuickHeal : Ransom.Crysis
ClamAV : Win.Trojan.Dharma
Comodo : TrojWare.Win32.Crysis.A
CrowdStrike Falcon : Win/malicious_confidence_100% (D)
Cyren : W32/Trojan.ILHO-9216
DrWeb : Trojan.Encoder.3953
Emsisoft : Trojan.Ransom.Crysis.A
eScan : Trojan.Ransom.Crysis.A
ESET-NOD32 : A Variant Of Win32/Filecoder.Crysis
F-Secure : Trojan.TR/Dropper.Gen
FireEye : Generic.mg.0c4cbf1cb8e5065f
Fortinet : W32/Crysis.W!tr.ransom
GData : Win32.Trojan-Ransom.VirusEncoder.A
Ikarus : Trojan-Ransom.Crysis
Jiangmin : Trojan.Crypren.ic
Kaspersky : Trojan-Ransom.Win32.Crusis
Malwarebytes : Ransom.Crysis
MaxSecure : Trojan-Ransom.Win32.Crusis
McAfee : Ransom-Dharma!0C4CBF1CB8E5
McAfee-GW-Edition : BehavesLike.Win32.RansomDharma
Microsoft : Ransom:Win32/Wadhrama
NANO-Antivirus : Trojan.Win32.Filecoder
Panda : Trj/GdSda.A
Qihoo-360 : HEUR/QVM20.1.52E1.Malware.Gen
Rising : Ransom.Crysis!1.A
SentinelOne : DFI – Malicious PE
Sophos AV : Troj/Criakl-A
Sophos ML : ML/PE-A + Troj/Criakl-A
SUPERAntiSpyware : Ransom.Crysis/Variant
TACHYON : Ransom/W32.crysis
TrendMicro : Ransom.Win32.CRYSIS.A
TrendMicro-HouseCall : Ransom.Win32.CRYSIS.A
Webroot : W32.Ransom.Gen
ZoneAlarm : Trojan-Ransom.Win32.Crusis

How can you remove Win32:RansomX-gen?

To totally remove Win32:RansomX-gen from the computer and get rid of relevant viruses, please execute the procedures as stated on this page. Make sure that you have completely scan the system with suggested malware removal tools and virus scanners.

Step 1 : Scan the computer with Norton Power Eraser

1. Download Norton Power Eraser from the link below. Save the file on your hard drive.

2. Once the download completes, double-click on the file NPE.EXE to run the program.

3. You will be prompted with End User License Agreement. Please click on Accept to continue.

4. Norton Power Eraser will check for the most recent version. Then, the main window will appear. Click on Scan for Risks to the scan and removal process for Win32:RansomX-gen.

NPE-Main

5. By default, Norton Power Eraser was configured to perform rootkit scan. This is essential to get rid of Win32:RansomX-gen or other relevant malware. To accomplish this, you will need to restart the computer. Please click Restart button.

NPE-Rootkit

6. After restarting Windows, the program will check for possible database update and then, proceeds with the scan. It may take a while, please wait for the scan process to complete.

NPE-Scanning

7. Once scanning is done, Norton Power Eraser will display a list of threats including Win32:RansomX-gen. Review identified threats and remove/repair them from the PC by clicking on Fix Now button.

8. If you are prompted to restart the computer in order to complete the virus removal process, please click on Restart Now.

Step 2 : Run Sophos Virus Removal Tool

1. Download Sophos Virus Removal Tool from the link below. Save the file to your Desktop so that we can access the file easily.

2. After downloading, navigate to the file location and double-click it. This will start the instllation procedure. User Account Control will prompt if you want to run the program, click Yes to continue.

3. On initial launch of the program, it will display a Welcome Screen as shown in the image below. Click Next to start the installation procedure.

sophos-welcome

4. Next, you need to accept the license agreement before Sophos Virus Removal Tool can be installed onto the computer. Choose 'I accept the terms in the license agreement'. Then, click Next button.

sophos-license

5. On the next prompts, please click appropriate button to proceed. At the end of the installation process, it will display InstallShield Wizard Completed. Just leave the Launch Sophos Virus Removal Tool with a check mark. Then, click Finish.

6. The tool will download necessary updates so Internet connection is required at this point. Lastly, Sophos Virus Removal Tool displays the welcome screen.

7. Click on Start Scanning button to begin checking the system for presence of rootkit and virus. The tool reveals items that were found linked to Win32:RansomX-gen. It also detects and removes other malicious files.

sophos-startscan

Share & Recommend

About the author

Leave a Comment

Your email address will not be published. Required fields are marked *