Jump to content

Trojan.Ransom (flash_player.exe)

Guest Xylitol

By Guest Xylitol
in General Windows PC Help

 Share

Recommended Posts

Guest Xylitol

Guest Xylitol

Posted
Posted

From crank69: http://forums.malwarebytes.org/index.php?s...st&p=362259

Unapcke.PNG

dxdx.GIF

This trojan blocker ( MD5: 2aa7a8655507885237094b84f69c81fe ) prevents all software execution.

To remove the Trojan (and unlock windows), infected users need to enter a valid serial number.

flashplayer.PNG

Number to Call: 8-903-452-26-2600 ~ 8903452262600

Code to unlock Windows: 16342131

Run MBAM, to remove the infection.

This ransomware was know on the past, with a wierd GUI (18 August 2k10)

ransom.PNG

Note for reverse engineers: upx + a lame custom packer in vb

the rest is crap, registry key in \SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

So this one normally appear also in safe mode.

i2nhaw.png

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.