Published Feb 11, 2016|Updated Sep 15, 2017

Ransom:Win32/Exxroute.A

Severe |Detected with Windows Defender Antivirus

Aliases: No associated aliases

Summary

Windows Defender  detects and removes this threat.

This ransomware can stop you from using your PC or accessing your data. It might ask you to pay money to a malicious hacker.

This threat can be downloaded by Angler EK (Exploit:JS/Axpergle or Exploit:SWF/Axpergle) and written to the Temp directory as api-ms-win-system-<any string>-l1-1-0.dll (for example: api-ms-win-system-ndishc-l1-1-0.dll or api-ms-win-system-wcnwiz-l1-1-0.dll) to appear like it is a valid system file.

Our ransomware page has more information on this type of threat.