Saturday, April 07, 2012

Tobfy - Germany (Ransom Trojan) - 04.07.2012 - Analysis and Removal

Hijacks HKCU\Software\Microsoft\Windows\CurrentVersion\Run
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "(Default)" "" "" "File not found: C:\Documents and Settings\thisisu\Desktop\badfile.exe"
Does not extract any additional files (runs from itself only)
Locks you out of Windows including Safe Modes - Use boot CD or slave hard drive to fix
Delete the one bad exe you downloaded and executed and you should be back in Windows :)

VT - Thanks to rkhunter for uploading sample and thanks to Kafeine for proper classification

No comments:

Post a Comment