MalwareDisasters is a division of MalwareIntelligence. In the same test information is captured about the behavior of malicious code, and also offering the necessary countermeasures to mitigate the malicious actions in question.

12.15.2009

LockScreen. Your computer is infected by Spyware!!!

LockScreen is a trojan designed to block access to the operating system as a primary resource using the fear factor.

First, when activated displays a warning about an alleged infection caused by spyware, inciting to buy an antispyware which is really other malicious code. On the other hand, states that "if not eliminate spyware from the system in three hours, will be formatted".

Thus, the user victim of this malicious code will be forced to take extreme measures to try to access the operating system, or accept the purchase of a false solution to get the unlock key.

This activity is typical of the concept ransomware, which produces the "kidnapping" of the operating system or part thereof, but through more complex processes which usually involves some encryption algorithm and the "payment" (usually money) to obtain the unlock key.

Although malware isn't a complex, currently has a low detection rate, being detected only by 11 antivirus companies a total of 41, as shown in the report of VirusTotal.

Technical Data
MD5: f3a7d1054e79dda8e8a16901d95770e1
SHA1: c1887445b1fd5d89f61e638231d554c5bcff49ab
File size: 32768 bytes
Packer: -

Countermeasure
Restart the computer in Safe Mode Errors (by pressing the F8 key during startup) and delete the file "benimserverim.exe" which is hosted in the Windows folder.

Then clean the system registry by removing the key "benimAnahtar" from HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

In case you can not restart the computer in Safe Mode Errors, another alternative is to restart the computer and for the moment, after the inception of the desktop is displayed, quickly press the Ctrl + Alt + Del to access the Task Manager and end the process called "Project1".

Then delete the file "benimserverim.exe" hosted in the WINDOWS folder and the registry key "benimAnahtar" found at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

Or... the password required to unlock the system is DosyaYolu.

Malware Disasters Team

0 comentarios:

Post a Comment