Monday, 23 May 2011

Trojan.Ransom "System plugin at address 0x00874324 got critical error"

I've view this tweet yesterday:

He got this infection on a netbook.
I've started to search the sample with Google, finally i've found someone who seem have it.
After a talk, he got the MD5, but not the sample (i'll do the same)
The MD5 belong to an older version (error 0x00874324) on the sample and i've checked the text, it's static.
I mean the error offset is not composed of random letters/nums.
@sefrinaldi was infected by another version (0xE4783995) a repack i think (according to the date of and the post date in twitter)
So if someone have a MD5 (or the sample) of the latest version.. keep me in mind \o_


This trojan blocker ( MD5: 93a501498b2ac4a046785ec64822a3c5 ) prevents all software execution.
To remove the Trojan (and unlock windows), infected users need to enter a valid serial number.

Poor French translation.

Number to Call: 0088213090413
Number to Call: 00261221000186
Number to Call: 0037190100546
Number to Call: 0088213240069
Number to Call: 0025270701161
Number to Call: 00263778289408
Code to unlock windows: 27496

Relatively easy.

No comments:

Post a Comment