MalwareDisasters is a division of MalwareIntelligence. In the same test information is captured about the behavior of malicious code, and also offering the necessary countermeasures to mitigate the malicious actions in question.

3.13.2010

Dangerous trojans, keyloggers and Spyware detected in you computer!!!

This is a new variant of ransomware that is In-the-Wild with, so far, a poor detection rate, the report from VirusTotal. Only 9 of 42 detected by antivirus engines.

It's a technique used by some scareware aggressive to try to "compel" the victims to "buy" the alleged antivirus solution is, in fact, the scareware.

In this case, the malware is hidden under a file called avlck.exe (md5: 04cb597a4ffddfbae9a76cde53833ab7). When run blocking access to the system screen showing the image above position which is expressed in an alleged problem of infection.

In that instance the malware connects to the site


Make a copy of itself into the Windows System folder under the name myserv.exe, and a reference in the registry Run key.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
KeyMy c:\windows\myserv.exe 

Countermeasures

Restart in Safe Mode and delete the file myserv.exe found in the Windows folder.
Delete the reference KeyMy (c:\windows\myserv.exe) located in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Unlock the system to any of the following keys:

PozisyonAyarla
HerZamanUstte

Related information
SMS Ransomware for Windows In-the-Wild
LockScreen. Your computer is infected by Spyware!!!

0 comentarios:

Post a Comment

Subscribe to: Post Comments (Atom)