Friday, April 13, 2012
WindowsSecurity (Ransom Trojan) - 04.13.2012 - Analysis and Removal
Creates this registry value:
points to the malicious that was run.
Creates a bad value under this key:
Look for a value similar to: "S112106111" which points to the malicious file that was run.
Main objective is to delete the one malicious file you ran. For example I ran a file from my desktop called be65d.exe. I would need to delete this file before I am able to get into Windows again.