Variant: TROJ_RANSOM.QOWA [Trojan Ransomware]
Operating Systems Affected: Windows 2000, Windows 9x, Windows Me, Windows NT, Windows Server, Windows XP, Windows Vista, Windows 7
TROJ_RANSOM.QOWA is the latest ransomware trojan that has been detected by Trend Micro. The malware threat is consistently on the rise and getting to be more destructive by the day than the previous variant of the trojan.
Ransomware is computer malware which holds a computer system, or the data it contains, hostage against its user by demanding a ransom for its restoration. [source: Wikipedia.org]
Once your system is infected with the Trojan ransomware, it displays an image as shown above which locks the user’s desktop thus preventing access to the computer. At the same time, the malware provides a paid access number to dial for sms communication. Don’t send any sms to the listed number! Don’t be scammed by this ransomware blackmail!
Step by step manual removal guide:
• Disable system restore [Windows XP and ME]
• Boot from Windows Installation CD
• Remove the Windows Install CD
• Restart Windows and boot under normal mode
• Navigate and restore the original registry value:
{Disclaimer: Registry modification is done at your own risk!}
• Update Anti-Virus Definiton files
• Run an Anti-Virus full system scan
• Re-enable system restore [Windows XP and ME]
• Restart the computer