Sunday 13 February 2011

Trojan.Ransom (flash_player.exe)


Disguised as fake QuickTime update.

This trojan blocker ( MD5: b6c2268c9d808cf7363c818383b1de74 ) prevents all software execution.
To remove the Trojan (and unlock windows), infected users need to enter a valid serial number.
According to VirusTotal, the sample is detected by 4 Antivirus ~ https://www.virustotal.com/file-scan/report.html?id=dda049d2c4cc770bb232a1896c3dddb2869e3fe4f30d177056d90bdd91fc275c-1297591167


Number to Call: 8-905-574-75-40 ~ 89055747540
Number to Call: 8-965-391-97-01 ~ 89653919701
Number to Call: 8-965-241-71-49 ~ 89652417149
Number to Call: 8-965-304-54-43 ~ 89653045443
Number to Call: 8-906-715-18-79 ~ 89067151879
Number to Call: 8-903-507-45-86 ~ 89035074586
Number to Call: 8-965-317-12-02 ~ 89653171202
Number to Call: 8-963-973-33-02 ~ 89639733302
Number to Call: 8-963-650-79-68 ~ 89636507968
Number to Call: 8-965-340-10-25 ~ 89653401025
Code to unlock Windows: kall


This ransomware was also noticed here (18 Aug 2k10) ~ here (17 Dec 2k10) ~ here (27 Dec 2k10) ~ here (12 Jan 2k11) ~ here (14 Jan 2k11) ~ here (21 Jan 2k11) ~ here (23 Jan 2k11) ~ here (1 Feb 2k11) ~ here (3 Feb 2k11) ~ here (4 Feb 2k11) ~ here (4 Feb 2k11) ~ here (5 Feb 2k11) ~ here (7 Feb 2k11) ~ here (10 Feb 2k11) ~ here (12 Feb 2k11)

If you have a trouble for typing the serial please follow this

No comments:

Post a Comment