Saturday 5 February 2011

Trojan.Ransom (flash_player.exe)



This trojan blocker ( MD5: 4f424f6814308f99460cb37e0ebac5fc ) prevents all software execution.
To remove the Trojan (and unlock windows), infected users need to enter a valid serial number.

Difference detection rates with sample:
[4/43 (9.3%)] Original: http://www.virustotal.com/file-scan/report.html?id=a8c3b0bc220b27bf0e928b5b1215e51a3779a160668dcafec8ba8b319472ec39-1296913566
[8/43 (18.6%)] UPX removed: https://www.virustotal.com/file-scan/report.html?id=cf7143eebe409f279a4060e0d7dcb0d430b1510dee2877d282a06669a922d48f-1296913356
[14/42 (33.3%)] UPX + VB packer removed (full unpack): https://www.virustotal.com/file-scan/report.html?id=c060b781d0bc58393edeaa987ef48e5e6740110f48f4331e0c08c37ad30af4f2-1296913368


Number to Call: 8-903-531-67-23 ~ 89035316723
Number to Call: 8-967-134-23-68 ~ 89671342368
Number to Call: 8-967-128-72-78 ~ 89671287278
Number to Call: 8-903-243-46-27 ~ 89032434627
Number to Call: 8-905-572-65-15 ~ 89055726515
Number to Call: 8-967-134-23-66 ~ 89671342366
Number to Call: 8-965-283-41-37 ~ 89652834137
Number to Call: 8-967-208-68-71 ~ 89672086871
Number to Call: 8-903-243-53-55 ~ 89032435355
Number to Call: 8-965-427-03-71 ~ 89654270371
Code to unlock Windows: izvini


This ransomware was also noticed here (18 Aug 2k10) ~ here (17 Dec 2k10) ~ here (27 Dec 2k10) ~ here (12 Jan 2k11) ~ here (14 Jan 2k11) ~ here (21 Jan 2k11) ~ here (23 Jan 2k11) ~ here (1 Feb 2k11) ~ here (3 Feb 2k11) ~ here (4 Feb 2k11) ~ here (4 Feb 2k11)

If you have a trouble for typing the serial please follow this

No comments:

Post a Comment