New variant of ransomware through porn sites II
A new variant of this malware is In-the-Wild. It spreads through pornographic websites. When the user clicks on any of the images that presents the page to view the video course, an alert box warns about the need to install the Flash Player 10 application and offers the download of executable called flash_player.exe course (f26c45393af03e80a40ea06aafb01c63).
Like the case previously presented in this blog, this is a ransomware that displays a window with pornographic content.
As usual in this type of malicious code in order to eliminate the annoying image, requests to send a text message SMS rate (3381) to a specific phone number (84234321)
In addition, constantly opening a website with pornographic content is also hosted at IP address 77.247.179.176
In addition, constantly opening a website with pornographic content is also hosted at IP address 77.247.179.176
Countermeasures
Delete the following processes:
- plugin.exe
- watcher.exe
Delete the following registry key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Module > c:\documents and settings\all users\media\plugin.exe
Or unlock with the following code: 19282736
Related information
Copyright violation: copyrighted content detected
Dangerous trojans, keyloggers and Spyware detected in you computer!!!
Another very active SMS Ransomware
SMS Ransomware for Windows In-the-Wild
Desktop Hijack by Internet Security 2010. Your System Is Infected!
LockScreen. Your computer is infected by Spyware!!! Ver más