Written by Robert Bailey

What is Win64/Rozena.HQ infection?

In this post you will certainly discover regarding the interpretation of Win64/Rozena.HQ as well as its unfavorable impact on your computer. Such ransomware are a form of malware that is clarified by on the internet fraudulences to demand paying the ransom money by a sufferer.

GridinSoft Anti-Malware Review

It is better to prevent, than repair and repent!

When we talk about the intrusion of unfamiliar programs into your computer’s work, the proverb “Forewarned is forearmed” describes the situation as accurately as possible. Gridinsoft Anti-Malware is exactly the tool that is always useful to have in your armory: fast, efficient, up-to-date. It is appropriate to use it as an emergency help at the slightest suspicion of infection.
GridinSoft Anti-Malware 6-day trial available.
EULA | Privacy Policy | GridinSoft

Most of the cases, Win64/Rozena.HQ virus will advise its victims to start funds move for the function of reducing the effects of the amendments that the Trojan infection has introduced to the target’s tool.

Win64/Rozena.HQ Summary

These modifications can be as adheres to:

  • Anomalous binary characteristics. This is a way of hiding virus’ code from antiviruses and virus’ analysts.
  • Ciphering the records situated on the sufferer’s hard drive — so the sufferer can no longer make use of the data;
  • Preventing regular accessibility to the victim’s workstation;


One of the most typical channels where Win64/Rozena.HQ Ransomware Trojans are infused are:

  • By methods of phishing e-mails. Email phishing is a cyber attack that uses disguised email as a goal is to trick the recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link for download a malware.
  • As an effect of user winding up on a source that holds a malicious software program;

As soon as the Trojan is effectively infused, it will either cipher the information on the victim’s PC or protect against the device from functioning in an appropriate way – while likewise placing a ransom money note that mentions the demand for the victims to impact the payment for the function of decrypting the records or recovering the file system back to the preliminary condition. In most circumstances, the ransom note will turn up when the customer reboots the COMPUTER after the system has actually already been harmed.

Win64/Rozena.HQ distribution networks.

In numerous corners of the globe, Win64/Rozena.HQ expands by jumps as well as bounds. Nevertheless, the ransom money notes and tricks of extorting the ransom money amount may vary depending upon particular regional (regional) settings. The ransom money notes and also methods of obtaining the ransom money amount may vary depending on certain neighborhood (regional) settings.

Ransomware injection

As an example:

    Faulty alerts regarding unlicensed software program.

    In specific areas, the Trojans usually wrongfully report having detected some unlicensed applications enabled on the sufferer’s tool. The sharp then demands the customer to pay the ransom.

    Faulty declarations concerning unlawful material.

    In countries where software program piracy is much less popular, this technique is not as reliable for the cyber scams. Conversely, the Win64/Rozena.HQ popup alert may wrongly declare to be originating from a law enforcement institution and will report having situated youngster pornography or various other unlawful information on the gadget.

    Win64/Rozena.HQ popup alert may falsely assert to be obtaining from a legislation enforcement establishment and also will certainly report having located child porn or various other prohibited information on the tool. The alert will similarly include a need for the individual to pay the ransom money.

Technical details

File Info:

crc32: 17394220
md5: 9c0ad3e4c47f4d031ad92050e6c748c4
name: 9C0AD3E4C47F4D031AD92050E6C748C4.mlw
sha1: c9be51162fd34fd37b265c4e63762aca6afd4a08
sha256: 5914b620d919c2740a15cc3ca446bc512b3df4074efd1bee771f60a0a691fb48
sha512: c5fee88b53ecf0986e319b386e1a59a3b53a144206851caf9cd47ce73913fd114129004e484ca4bb70e9e99ea1fdefba2d03f672f1a87113bd83a147bb4df27e
ssdeep: 1536:0Pc/iO9vi1sdBKbQqD5cGY/1do7PBhdZB85lt:0PI5u/+1K3u5lt
type: PE32+ executable (console) x86-64, for MS Windows

Version Info:

0: [No Data]

Win64/Rozena.HQ also known as:

GridinSoft Trojan.Ransom.Gen
K7AntiVirus Riskware ( 0040eff71 )
ALYac Trojan.GenericKD.31269407
Cylance Unsafe
Zillya Trojan.Shelma.Win32.6584
BitDefender Trojan.GenericKD.31269407
K7GW Riskware ( 0040eff71 )
Cybereason malicious.4c47f4
Symantec Trojan.Gen.2
ESET-NOD32 a variant of Win64/Rozena.HQ
Kaspersky Trojan.Win32.Shelma.roe
Alibaba Trojan:Win32/Shelma.4aaa9166
MicroWorld-eScan Trojan.GenericKD.31269407
Tencent Win32.Trojan.Shelma.Htcc
Ad-Aware Trojan.GenericKD.31269407
Sophos Generic PUA MJ (PUA)
Comodo Malware@#27dvdwp9vzcc4
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition Artemis!Trojan
FireEye Trojan.GenericKD.31269407
Emsisoft Trojan.GenericKD.31269407 (B)
Jiangmin Trojan.Shelma.bkx
Webroot W32.Trojan.GenKD
eGambit Trojan.Generic
Microsoft PUA:Win32/Presenoker
Arcabit Trojan.Generic.D1DD221F
AegisLab Trojan.Win32.Shelma.4!c
GData Trojan.GenericKD.31269407
AhnLab-V3 Trojan/Win32.Shelma.C3119087
McAfee Artemis!9C0AD3E4C47F
MAX malware (ai score=85)
VBA32 Trojan.Shelma
Panda Trj/CI.A
TrendMicro-HouseCall TROJ_FRS.VSNTKC20
Rising Trojan.Shelma!8.1A3D (CLOUD)
Ikarus SuspectFile
Fortinet W64/Rozena.Y!tr
Qihoo-360 Win32/Ransom.DogHousePower.HgEASQ0A

How to remove Win64/Rozena.HQ virus?

Unwanted application has ofter come with other viruses and spyware. This threats can steal account credentials, or crypt your documents for ransom.
Reasons why I would recommend GridinSoft1

There is no better way to recognize, remove and prevent PC threats than to use an anti-malware software from GridinSoft2.

Download GridinSoft Anti-Malware.

You can download GridinSoft Anti-Malware by clicking the button below:

Run the setup file.

When setup file has finished downloading, double-click on the setup-antimalware-fix.exe file to install GridinSoft Anti-Malware on your system.

Run Setup.exe

An User Account Control asking you about to allow GridinSoft Anti-Malware to make changes to your device. So, you should click “Yes” to continue with the installation.

GridinSoft Anti-Malware Setup

Press “Install” button.

GridinSoft Anti-Malware Install

Once installed, Anti-Malware will automatically run.

GridinSoft Anti-Malware Splash-Screen

Wait for the Anti-Malware scan to complete.

GridinSoft Anti-Malware will automatically start scanning your system for Win64/Rozena.HQ files and other malicious programs. This process can take a 20-30 minutes, so I suggest you periodically check on the status of the scan process.

GridinSoft Anti-Malware Scanning

Click on “Clean Now”.

When the scan has finished, you will see the list of infections that GridinSoft Anti-Malware has detected. To remove them click on the “Clean Now” button in right corner.

GridinSoft Anti-Malware Scan Result

Are Your Protected?

GridinSoft Anti-Malware will scan and clean your PC for free in the trial period. The free version offer real-time protection for first 2 days. If you want to be fully protected at all times – I can recommended you to purchase a full version:

Full version of GridinSoft

Full version of GridinSoft Anti-Malware

If the guide doesn’t help you to remove Win64/Rozena.HQ you can always ask me in the comments for getting help.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)


  1. GridinSoft Anti-Malware Review from HowToFix site:
  2. More information about GridinSoft products:

About the author

Robert Bailey

Security Engineer. Interested in malware, reverse engineering, white ethical hacking. I like coding, travelling and bikes.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.