Variant: Trojan.Ransomlock.F
Operating Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
WARNING!
You surfed gay porn videos for three hours.
The free viewing time has expired.
To pay for the service, you need to make an online payment through the Beeline system to 9646280479 for the amount of $400 USD.
Upon receipt of the payment you will be given an activation code.
Enter it in the box below and press Enter.
[message shown above is a Russian to English translated text from the actual Trojan.Ransomlock.F pop up screen image]
Trojan.Ransomlock.F is a newly discovered Trojan horse (December 20, 2010) that locks PC user’s desktop thus making it unusable. First, the malware adds a registry value to make itself load up every time Windows boots up. Once it’s activated it will stop running programs and processes making the operating system unstable. Then, it will disable the keyboard and mouse functionalities. Finally, it then displays the image with a message in Russian context and a lewd picture at the bottom right portion of the image.
Follow the listed steps below to remove Trojan.Ransomlock.F infection:
• Disable system restore (Windows ME and Windows XP users only)
• Boot to Safe Mode with Networking (press the F8 key before the Windows Logo appears then choose safe mode with networking → hit enter → and login on an account with Administrator credentials)
• Show hidden files and folders (My Computer → Tools → Folder Options → View Tab → Tick show hidden folders, files and drives → Untick hide operating systems files → OK)
• Navigate and Delete the Trojan.Ransomlock.F file
%UserProfile%\15886941\15886941.exe
• Navigate and Delete the Trojan.Ransomlock.F added registry key (Start → run → regedit → navigate and delete the listed registry entry)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”15886941″ = “%UserProfile%\15886941\15886941.exe
• Update anti-virus definition files
• Run a full anti-virus system scan
• Re-enable System Restore (Windows ME and Windows XP users only)
• Restart the computer