Friday, 9 December 2011

Encryption virus: Ransomware targeting Italian people



Another new winlock, spread with Blackhole.


This winlock encrypt 1000 files and call the gate.
/encvir/gate.php
/encvir/logs/installs.log
/encvir/logs/vouchers.log


786 infected users (according to logs) and that will continue to grow.

Even the gate is lame:


For know wich files was encrypted you can look on regedit:
HKEY_CURRENT_USER\Software\Encryption Virus\Files

No comments:

Post a comment