Trojan.Ransom.Gen

The Trojan.Ransom.Gen Trojan is the malware infection responsible for many ransomware variants such as the infamous Ukash Virus family as well as North American ransomware infections, such as the FBI Moneypack ransomware threat. Trojan.Ransom.Gen is distributed via malicious email attachments and social engineering attacks targeting inexperienced computer users. Once Trojan.Ransom.Gen infiltrates a computer, Trojan.Ransom.Gen installs a ransomware threat that blocks access to the targeted computer as a way of forcing the victim to pay a large amount of money. If you cannot gain access to your computer due to the presence of an obtrusive, full screen message claiming to belong to law enforcement, ESG security researchers strongly advise using a reliable and fully updated anti-malware application to remove Trojan.Ransom.Gen and its associated malware from your computer permanently.

The basic principle behind most ransomware infections is taking the victim's computer hostage in order to demand a ransom from the computer user. Trojan.Ransom.Gen is not exception; this malware infection prevents the PC user from gaining access to the infected machine. To do this, Trojan.Ransom.Gen creates a fake message from a law enforcement agency. This message varies depending on the victim's computer's IP address. The IP address can be use to determine a computer's geographical location. Using this information, Trojan.Ransom.Gen displays a message in the targeted victim's language and supposedly being sent by the law enforcement agency belonging to the victim's country (for example, victims in the United States receive a message from the FBI while victims in the United Kingdom receive a message from the Metropolitan Police or from Scotland Yard). This message will typically allege that the targeted computer was associated with illegal activities, such as copyright infringement or viewing forbidden pornographic material. It will usually threaten the victim with jail time unless a fine is paid using the Ukash or Moneypak money transfer services.

Since Trojan.Ransom.Gen blocks access to the infected computer, it may be difficult to remove this threat without being able to access anti-malware software on the infected machine. Fortunately, Windows allows computer users to bypass Trojan.Ransom.Gen by using Safe Mode to start up the infected computer. This can also be done by starting up the infected computer from an external memory device, such as a CD or a shared drive.

Type: Trojans

Infected with Trojan.Ransom.Gen? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Trojan.Ransom.Gen

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Trojan.Ransom.Gen has typically the following processes in memory:

C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cisvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

Trojan.Ransom.Gen creates the following files in the system:

C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 3 + 7 ?