I got this one when it was new on the wild but not maked a blog entry.
And i've view this post.. so it's time :)
This trojan blocker ( MD5: 1a0f12cc7736b07fb153733c7494d76e ) prevents all software execution.
To remove the Trojan (and unlock windows), infected users need to enter a valid serial number.
output.exe VirusTotal: https://www.virustotal.com/file-scan/report.html?id=5c368108517de7cf09e9614ef205cf49b13b384b49d5456316f3b1a2fe19b9ec-1303456070
The main executable modify your MBR and launch a reboot procedure, when rebooted you see this:
It says after three days the unlock is not possible, but it's alway possible.
That just a way to scare user and push them to call the service.
For unlock your computer, enter any 14 chars (or more) serial.
Just after having typed Enter (al = 0d in key code), it check the lenght of your serial (value in DI) and that all.
The original MBR is not lost.
When a valid serial is entered, the infected part is gone
Merci Ange ;)