Friday 11 March 2011

Trojan.Ransom - Windows license locked!


This trojan blocker ( MD5: 9a6f87b4be79d0090944c198a68012b6 ) prevents all software execution.
To remove the Trojan (and unlock windows), infected users need to enter a valid serial number.

This Ransomware is distributed with fake update site or share site.
here in French, Fake firefox update (Firefox_update.exe):


Firefox explorer:

Fake google sharing (file35820289892.exe):


Fake scanner page (WindowsWebSecurity.exe):

Who is really failed:

Ransomware downloaded:


Number to Call: 00261221000183 ~ +261221000183
Number to Call: 002392216469 ~ +2392216469
Number to Call: 002392216464 ~ +2392216464
Number to Call: 00261221000181 ~ +261221000181
Number to Call: 00881935211841 ~ +881935211841
Number to Call: 0088213090406 ~ +88213090406
Number to Call: 002392216368 ~ +2392216368
Number to Call: 004525970180 ~ +4525970180
Code to unlock Windows: 1351236




3 comments:

  1. La bonne vieille méthode oldschool :)

    Nice vidz au passage, toujours un plaisir de regarder.

    ReplyDelete
  2. thanks, i dont know why but for some reason this version of "Install_Flash-Player.exe" show me nothing and i've found nothing in the code simmilar to the older version is this a ransomware or another type of malware
    threatexpert:
    http://www.threatexpert.com/report.aspx?md5=444add4b6ce69529ad069a0e6279be6b

    ReplyDelete
  3. Muito obrigado pela ajuda. Aqui no Brasil meu irmão passou por um grande constrangimento. Algum filho da puta copiou esse vírus aqui e mudou a tela, falando que o computador tinha acessado conteúdo pornográfico e por isso tinha sido bloquado e os dados enviados para a polícia. Detalhe que ele pegou esse vírus quando mandou pesquisar no google "mapamundi" e clicou na terceira imagem, daí apareceu a atualização do google chrome e baixou o vírus. Muito obrigado e parabéns pela dica muito importante que me ajudou bastante!

    ReplyDelete