Monday, 27 June 2011

Trojan.Ransom (porno-rolik.avi.exe)


Older servers and variantes are now down.

But still no time for love, 25 locs just respawned.
fortunately code to call and stuff are everywhere identical.

This trojan blocker ( MD5: 1d88ac0fe9d0b0e3849d7845751f02db ) prevents all software execution.
To remove the Trojan (and unlock windows), infected users need to enter a valid serial number.


Number to Call: 9651893615
Number to Call: 9057861831
Number to Call: 9057266356
Number to Call: 9670671085
Code to unlock Windows: PROJECT


MBAM detect most of samples.
315/400 >> 78.75 %
Congratz.

Pornoplayer variant.
Already noticed on the past: here (28 May 2k11) ~ here (4 Jun 2k11) ~ here (9 Jun 2k11) ~ here (11 Jun 2k11) ~ here (12 Jun 2k11) ~ here (12 Jun 2k11) ~ here (13 Jun 2k11) ~ here (20 Jun 2k11) ~ here (21 Jun 2k11) ~ here (21 Jun 2k11) ~ here (21 Jun 2k11) ~ here (22 Jun 2k11) ~ here (23 Jun 2k11) ~ here (24 Jun 2k11) ~ here (24 Jun 2k11) ~ here (24 Jun 2k11) ~ here (24 Jun 2k11) ~ here (24 Jun 2k11) ~ here (24 Jun 2k11) ~ here (25 Jun 2k11) ~ here (26 Jun 2k11)

No comments:

Post a comment