Click on screenshot to zoom
Danger level 9
Type: Trojans

Other mutations known as:
Trojan.Ransom.Hexzone

Trojan.Ransom

Every so often a harmful threat appears with such severe symptoms that bring its victims’ PCs to a complete standstill – and this Trojan.Ransom is exactly such a threat. Trojan.Ransom is what is referred to as a backdoor Trojan, one of the most surreptitious and devious kinds of Trojans there are. This Trojan was designed to disable all running software on the system, whether the software was installed to protect the PC or not.

What makes Trojan.Ransom even more dangerous is its ability to detect and disable any type of running security application on the system directly after its infiltration of the system. This makes the PC that much more vulnerable to all other types of infections and threats out there. The developers behind this backdoor Trojan will thus have free reign of the infected system, and will have access to the user’s sensitive personal info such as passwords and usernames, and financial information.

Download Spyware Removal Tool to Remove* Trojan.Ransom
  • Quick & tested solution for Trojan.Ransom removal.
  • 100% Free Scan for Windows

Trojan.Ransom enters the system in a variety of ways, and will hide itself in the deepest part of the system, so as to make it extremely difficult for the user to detect and destroy Trojan.Ransom from the system. It might also pose itself as a legitimate system file. One of the most popular ways Trojan.Ransom enters its victim’s PC is through bundling itself with third party security updates and downloads for popular codecs and software.

This backdoor Trojan will also make it extremely easy for other threats to enter the system, seeing as it immediately disables all security software on the system. Trojan.Ransom also goes by other names, some of the popular names include Trojan.Ransom.Hexzone, Trojan.Ransom.BlueScreen.ad and Trojan.Ransom.BZ. Should you wish to attempt to manually remove Trojan.Ransom, follow these instructions carefuly:

1. Reboot the PC
2. Press the F8 key before the Windows logo loads during the boot up process. This will take you to the Windows Advanced Options Menu. Now select Safe Mode With Command Prompt
3. You should now type ‘regedit’ into the console, and navigate to here: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
4. Search for the key ‘SHELL’, and replace it with the value ‘Explorer.exe’
5. Now restart the PC again.

If you want to attempt to remove Trojan.Ransom another way, you will need to enter a valid serial number. Choose any of the following:

CO40927445
720194320Q

This will not only unlock Windows and allow you to execute programs again, but it will also remove Trojan.Ransom from the system.

In order to protect your PC against similar threats in future, you have to invest in your system’s security software. Although it could be pricey initially, it is definitely worth it in order to protect your system against all the many malicious threats out there on a constant search for a weak, susceptible PC.

Download Spyware Removal Tool to Remove* Trojan.Ransom
  • Quick & tested solution for Trojan.Ransom removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Trojan.Ransom

Files associated with Trojan.Ransom infection:

aiXNb_YjRFus7HUGf.dll
winhelper.dll
amUB7nWLj2GlV_6yXwT_.dll
wl.exe
rjxlib.dll
testdll.dll
services.exe
aO2sUkDmi9WxvwTJr.dll
ac_VZHEH4bVx.dll
gyxlib.dll
helper32.dll
ErrorRepairProfessional.exe
Ho0lW43d.exe
pqqnqdpn.exe
tqioqdpr.exe
lqloqdpj.exe
hippogeekSA.exe
Boonty.exe
SkypePM.exe
n.
basicscan.exe
xSqLssAlWkqS.exe
B7AA3C17A558.exe
rlvknlg.exe
PresentationCore.cpl
0.7605177068147073.exe
ClamAVFile
95AF81FBA43664882967.exe
InetAccelerator.exe
jashla.exe
kjgb6hg5.exe
ptpzmbku.exe
iqs9m0qq.exe
chrome.exe
zxrtgshv.exe
3abtx3ku.exe
opera.exe
a5isd89m.exe
wltngl8u.exe
pvtv11n1.exe
iexploer.exe
o9a7e2y0.exe
c2qjcylz.exe
firefox.exe
Explorer.exe
0.0891118890155631.exe
redbook.sys
netbt.sys
cdrom.sys
6DSS92c31Apgjk.exe
svchost.exe
services32.exe
MLFILEM.SYS
jqs.exe
privacy.exe
about[1].exe
hniYtlAmoTCQf.exe
mahmud.exe
yhz3kf8s.exe
Recycle.Bin.exe
hmv.exe
btwdiw32.dll
wpbt0.dll
dxdiag.exe
vktema.dll
svghost.exe
AviConverterSetup.exe
setup.exe
$Recycle$.exe
PS535_2121.exe
PS0d6_2121.exe
PSe00_2190.exe
userinit.exe
syhdizi.exe
svajnager.exe
hdddoctor.exe
asdfjnkads.exe
cleepprogx.exe
portwexexe.exe
wl.exe
winhelper.dll
testdll.dll
services.exe
rjxlib.dll
helper32.dll
gyxlib.dll
das368.tmp
aZFQEU7nWEWU.dll
aX6kXZo_ner.dll
aO2sUkDmi9WxvwTJr.dll
amUB7nWLj2GlV_6yXwT_.dll
aKAuEWkfC.dll
aiXNb_YjRFus7HUGf.dll
ac_VZHEH4bVx.dll
iexplore.exe
tprlib.dll
flowMediaDecoder_23[1].exe
aX6kXZo_ner.dll
das368.tmp
aZFQEU7nWEWU.dll
aKAuEWkfC.dll

Trojan.Ransom DLL's to remove:

winhelper.dll
amUB7nWLj2GlV_6yXwT_.dll
aZFQEU7nWEWU.dll
helper32.dll
gyxlib.dll
aX6kXZo_ner.dll
aO2sUkDmi9WxvwTJr.dll
ac_VZHEH4bVx.dll
testdll.dll
rjxlib.dll
aKAuEWkfC.dll
aiXNb_YjRFus7HUGf.dll
btwdiw32.dll
wpbt0.dll
vktema.dll
winhelper.dll
testdll.dll
amUB7nWLj2GlV_6yXwT_.dll
helper32.dll
rjxlib.dll
gyxlib.dll
aO2sUkDmi9WxvwTJr.dll
ac_VZHEH4bVx.dll
aX6kXZo_ner.dll
aiXNb_YjRFus7HUGf.dll
aZFQEU7nWEWU.dll
aKAuEWkfC.dll
winhelper.dll
testdll.dll
rjxlib.dll
helper32.dll
gyxlib.dll
aZFQEU7nWEWU.dll
aX6kXZo_ner.dll
aO2sUkDmi9WxvwTJr.dll
amUB7nWLj2GlV_6yXwT_.dll
aKAuEWkfC.dll
aiXNb_YjRFus7HUGf.dll
ac_VZHEH4bVx.dll
tprlib.dll

Trojan.Ransom processes to kill:

services.exe
ErrorRepairProfessional.exe
Ho0lW43d.exe
pqqnqdpn.exe
tqioqdpr.exe
lqloqdpj.exe
hippogeekSA.exe
Boonty.exe
SkypePM.exe
basicscan.exe
xSqLssAlWkqS.exe
B7AA3C17A558.exe
rlvknlg.exe
0.7605177068147073.exe
95AF81FBA43664882967.exe
InetAccelerator.exe
jashla.exe
kjgb6hg5.exe
ptpzmbku.exe
iqs9m0qq.exe
chrome.exe
zxrtgshv.exe
3abtx3ku.exe
opera.exe
a5isd89m.exe
wltngl8u.exe
pvtv11n1.exe
iexploer.exe
o9a7e2y0.exe
c2qjcylz.exe
firefox.exe
Explorer.exe
0.0891118890155631.exe
6DSS92c31Apgjk.exe
svchost.exe
services32.exe
jqs.exe
privacy.exe
about[1].exe
hniYtlAmoTCQf.exe
mahmud.exe
yhz3kf8s.exe
Recycle.Bin.exe
hmv.exe
dxdiag.exe
svghost.exe
AviConverterSetup.exe
setup.exe
$Recycle$.exe
PS535_2121.exe
PS0d6_2121.exe
PSe00_2190.exe
userinit.exe
syhdizi.exe
svajnager.exe
hdddoctor.exe
asdfjnkads.exe
cleepprogx.exe
portwexexe.exe
wl.exe
services.exe
services.exe
services.exe
services.exe
services.exe
services.exe
wl.exe
services.exe
services.exe
services.exe
services.exe
services.exe
services.exe
iexplore.exe
flowMediaDecoder_23[1].exe
wl.exe

Remove Trojan.Ransom registry entries:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{61861D95-85BF-3ECF-42CA-A672EB2925BE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{9EC90B7A-E7D9-488F-84CD-C018FDA695F3}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{212D2299-CCC6-4AD5-B848-27CDDF5D9CAA}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{3CA9F1E8-5965-F5EF-D086-B54C82B3C09F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{1381CD50-001A-7591-0BA1-BCDE6A31109C}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{8EC283D0-540C-B7BE-D163-DDCC19C53A9B}
MicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DE6532E2-FD43-4DFB-9108-14140DBAB88C}
AppID{E82CA17E-0C70-4F8C-AD15-5C00B3229DE5}
AppIDtprlib.DLL
{1408E208-2AC1-42D3-9F10-78A5B36E05AC}
{44D67555-2D4E-4227-
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.