Saturday, 11 June 2011

Trojan.Ransom (porno-rolik.avi.exe)



This trojan blocker ( MD5: c0332779b2db6a98b372adcb0c0ad2b5 ) prevents all software execution.
To remove the Trojan (and unlock windows), infected users need to enter a valid serial number.
According to VirusTotal, only 2 AntiVirus detect it: http://www.virustotal.com/file-scan/report.html?id=bf94c53e3879f890c9700ffb85904b5e6686b1a6ba2bff6ee9abb22a6f2d1e91-1307772215


Number to Call: 9037075298
Code to unlock Windows: TRAVKA


Samples grabbed with MAD before the domain shutdown ~
6/9/2011 - 12:48:48 PM - 3338A0693BD2A67572D442283EA7A46E_porno-rolik2.avi.exe.ViR
6/9/2011 - 1:50:30 PM - 3134037127C2B40E6126CBA089443711_porno-rolik2.avi.exe.ViR
6/9/2011 - 2:51:48 PM - B5345E9158DB44BFEBE0B3B4EB301CE1_porno-rolik2.avi.exe.ViR
6/9/2011 - 3:53:02 PM - DB8EA75D885B30639F791CC0C9DE6E97_porno-rolik2.avi.exe.ViR
6/9/2011 - 4:54:10 PM - FF281AE99F2CDB14408440D41E84E112_porno-rolik2.avi.exe.ViR
6/9/2011 - 5:55:17 PM - 59E5AE2874045CC143F5A5FCD30276D1_porno-rolik2.avi.exe.ViR
6/9/2011 - 6:56:25 PM - CBF3A8551E0BB7B776C3894C4069B8F8_porno-rolik2.avi.exe.ViR
6/9/2011 - 7:57:42 PM - 52D69D8D9CA51AE6688BD5BF27DB20BA_porno-rolik2.avi.exe.ViR
6/9/2011 - 8:59:03 PM - 8063AA17661667A030CC79B2C75464F4_porno-rolik2.avi.exe.ViR
6/9/2011 - 10:00:23 PM - A435DBBEACFA3AE07CE85D465E205310_porno-rolik2.avi.exe.ViR
6/9/2011 - 11:01:41 PM - 147D7F769F43E243CEE799ECF2C1C2ED_porno-rolik2.avi.exe.ViR
6/10/2011 - 12:02:56 AM - A7B63092F28BE6E3D6994DF336124077_porno-rolik2.avi.exe.ViR
6/10/2011 - 1:04:11 AM - 8DFE9088C1A0E673175C050B6B8FA9A0_porno-rolik2.avi.exe.ViR
6/10/2011 - 2:05:26 AM - F78A88D765A83DE15541FF0812F1F412_porno-rolik2.avi.exe.ViR
6/10/2011 - 3:06:40 AM - EB2FB7E1BBDF007BFE0C33C4961711E9_porno-rolik2.avi.exe.ViR
6/10/2011 - 4:07:54 AM - 9891654BAE6E36EF17CEE5733415D9D3_porno-rolik2.avi.exe.ViR
6/10/2011 - 5:09:10 AM - 3847E453747E01670C9CB531D4D9C080_porno-rolik2.avi.exe.ViR
6/10/2011 - 6:10:20 AM - 165EC330403FC4DE08B669A288579786_porno-rolik2.avi.exe.ViR
6/10/2011 - 7:11:33 AM - 24327F83BF8AD4C97E83B99C345FEC12_porno-rolik2.avi.exe.ViR
6/10/2011 - 8:12:55 AM - D8F4110340C9B0BB509387DEC53101E1_porno-rolik2.avi.exe.ViR
6/10/2011 - 9:14:17 AM - C5E2A85372DBC2841C81728E431E7BDE_porno-rolik2.avi.exe.ViR
6/10/2011 - 10:15:40 AM - 72D02A48A658C029A1B34E4FA6B45BF7_porno-rolik2.avi.exe.ViR
6/10/2011 - 11:17:00 AM - C836AF77E6DDCEA8D609FD6D21FB9FEA_porno-rolik2.avi.exe.ViR
6/10/2011 - 12:18:20 PM - 86448F71B21540F40350AE6D92040E01_porno-rolik2.avi.exe.ViR
6/10/2011 - 1:19:42 PM - FC10292D19A55656B41844FA8EA97F6C_porno-rolik2.avi.exe.ViR
6/10/2011 - 2:21:04 PM - C54E2BFFA75BC9C9778B84B7813A6383_porno-rolik2.avi.exe.ViR
6/10/2011 - 3:16:02 PM - C0332779B2DB6A98B372ADCB0C0AD2B5_porno-rolik2.avi.exe.ViR
6/10/2011 - 4:17:39 PM -  Timeout
6/10/2011 - 5:19:04 PM -  Timeout
6/10/2011 - 6:20:28 PM -  Timeout
6/10/2011 - 7:21:51 PM -  Timeout
6/10/2011 - 8:23:15 PM -  Timeout
6/10/2011 - 9:24:39 PM -  Timeout
6/10/2011 - 10:26:03 PM -  Timeout
6/10/2011 - 10:50:08 PM -  Timeout

Pornoplayer variant.
Already noticed on the past: here (28 May 2k11) ~ here (4 Jun 2k11) ~ here (9 Jun 2k11)

1 comment: