|Detected||Feb 22 2011 15:44 GMT|
|Released||Feb 22 2011 22:03 GMT|
|Published||Apr 26 2011 11:27 GMT|
This malicious program demands a ransom in exchange for the content of an encrypted archive, which users believe contains a file that they need. It is a Windows application (PE EXE file). It is 1 114 654 bytes in size. It is written in Delphi.
As a rule, the malware is downloaded by the user from the Internet in the guise of a self-extracting archive containing the file that the user needs. Once launched, the malware displays a window with the following content:
After the "Unpack" button is pressed, the malware imitates the process of extracting the file. At a certain stage, this process stops and the user is prompted to enter a code to continue extracting. To obtain the code, it is necessary to select a country and send an SMS to the short number specified:
Rules For complaints Ratespoint to the following resources, respectively:
http://zip***z.ru/rules/ http://he***pfilez.ru/ http://www.a1ag***tor.ru/main/abonent
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
This type of Trojan modifies data on the victim computer so that the victim can no longer use the data, or it prevents the computer from running correctly. Once the data has been “taken hostage" (blocked or encrypted), the user will receive a ransom demand.
The ransom demand tells the victim to send the malicious user money; on receipt of this, the cyber criminal will send a program to the victim to restore the data or restore the computer’s performance.