Wednesday, 18 May 2011
Your Windows has been blocked - Ransomware targeting american people
This trojan blocker ( MD5: 0193afae6bd74de23d3bc1aec15bcacb ) prevents all software execution.
To remove the Trojan (and unlock windows), infected users need to enter a valid serial number.
Number to call: 1-800-255-5227
ANDI RAZVAN SIMION
STR. DACIA 73
Unfortunaly there is no way for unlock the computer with a generic serial.
1) Restart your pc
2) Before the Windows XP splash screen, press the F8 key to enter the Windows Advanced Options Menu and choose: Safe Mode
3) Type 'regedit' in the console and go here:
You will see a key named "explorer.exe" with this path:
4) Now you know the location, just remove the key "explorer.exe" with a right click
5) Now go to the folder:
and delete "explorer.exe"
6) Reboot your computer.
Note for malware analysts: The ransomware do a network activity for defind the receiver.