Don't Copy From This Blog...
If you've got a warning from a program called Antivirus XP Hard Disk Repair v9, saying that your computer was infected with Trojan.Agent.ARVP then I'm afraid your PC has contracted a new variant of Trojan.MBRlock ransomaware. Like all the previous versions, this virus rewrites the master boot record (MBR) and demands a ransom before the system is restored to its original condition. So, as you can tell this is not a regular "hijack the Desktop" type of infection where you can get around by opening Task Manager in some sneaky way. You cannot boot into Windows from this. Usually, you can debug ransomware and find the activation key or password to unlock your computer but if you are at this point it's not going to happen. This new version of Trojan.MBRlock gathers detailed hardware information and generates a unique HDDKey. Once you have your unique HDDKey you can complete the license activation form at http://www.antivirusharddiskrepair.ru. The password will be sent to your registered e-mail address within one business day. Cyber criminals are constantly placing new spins on old scams with the goal of you into thinking that a virus has compromised your data. You shouldn't pay for this bogus Antivirus XP Hard Disk Repair ransomware.Here's what the Antivirus XP Hard Disk Repair v9 warning looks like:
Antivirus XP Hard Disk Repair v9
Your PC was infected with Trojan.Agent.ARVP. This is a computer virus created
especially to delete information from PCs of business competitors. Probably one
of your participated in this act, which was aimed to damage or even ruin your
company.
All exciting information was encoded with resistant crypto algorithm EAS-256
which is impossible to decode with common methods. Reinstalling the operating
system will lead to DELETION OF ALL INFORMATION irretrievably.
Our company specialists succeeded in identification of vulnerable places in the
working algorithm of Trojan.Agent.ARVP virus and uploaded to your PC the special
version of Antivirus XP HardDiskRepair v9 so that you could have a chance to
recover your files. Our program received important HDDKey, which is urgently
important for decoding of the disks.
To cure your PC and decode all your disks you have to purchase the license for
Antivirus Hard Disk Repair v9 antivirus product and send us your HDDKey though
the license registration form.
Decoding the password will apply AMAZON cloud technologies and vulnerabilities
in the crypto algorithm EAS-256.
We require from one to twenty four hours to decode the password from your disks.
The password will be sent to your E-mail address.
License activation: http://www.antivirusharddiskrepair.ru/04762/
If the web-site is not available try again in several hours.
Well, the most scariest part is probably the crypto algorithm EAS-256 used to encode your files. But don't worry. It doesn't encrypt your files. This was made to scare you into thinking that your computer is messed up. Hopefully, you can remove the Trojan.MBRlock manually or use the Trojan.MBRlock keygen to generate the password. The folks at DrWeb lab have created a free keygen mbrlock16keygen.exe.
You can also use their web unblocker http://vms.drweb.com/mbrlock16+keygen/
HDDKey: 01FC70011070FB07
Password: zz1
Manual Trojan.MBRlock removal guide: http://spywareremovalx.blogspot.com/2011/10/trojanmbrlock.html
Don't forget to run a full system scan with your anti-virus software, once the fake warning is gone!
Associated Antivirus XP Hard Disk Repair, Trojan.MBRlock files and registry values:
Files:
- %APPDATA%\temp_sys.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '
\userinit.exe,%APPDATA%\temp_sys.exe'
0 comments:
Post a Comment