We've had a number of people contacting us with queries about 'Kaspersky Lab Antivirus Online' after their computer showed them this message:
The short answer is: it's certainly nothing to do with us! It's actually the payload of a primitive piece of ransomware, Trojan-Ransom.Win32.SMSer. The Trojan installs itself to the Windows directory, and shows this message when the computer is rebooted.
Mobile Trojans, which send SMS messages to premium pay numbers; fake antivirus software, which finds ‘infections’ on your computer that you’ll have to pay to have cured; Trojan ransomware, which prevents infected systems from functioning normally and demands money in return for restoring functionality.
All these types of malware get regular coverage and we’re seeing (and writing about them) on an ever more frequent basis.
And now we’ve got a sort of three-in-one, a nasty little program called Trojan.Win32.KillProc.am. So far, we’ve seen three variants of this, and two of them get detected under a different name - Trojan-Ransom.Win32.BHO.a and .b.
This Trojan is a Browser Helper Object which attacks Internet Explorer. If your machine is infected, you’re going to get a less than pleasant surprise. Instead of showing you your favourite sites, your browser will start to load part of Microsoft’s Russian site – the part devoted to antipiracy and legitimate software.