Thanks to Lawrence for the sample.
This trojan blocker (SHA1: 567953b3562465587d3b1c8360868d0a6bacde73 and 3f7c516fc06f84b806e2ab677442fc1e3d927364 ) prevents all software execution.
To remove the Trojan (and unlock windows), infected users need to enter a valid serial number.
Ref: 0012140809940
Phone: +16464816878
Mail: security116@gmail.com
Unlock code: 76557152140071780302280
2nd version:
Ref: 0012140809940
Phone: +16464816878
Mail: security116@gmail.com
Unlock code: aes987156
Do you know of a way to get the password for files encrypted by this infection so they can be extracted? I'm assuming this is a ACCDFISA variant, so it's not actually encrypting the files, just putting them in password protected RARs.
ReplyDeleteI'd already removed the infection by the time that this was posted, but am unable to recover the files at the moment.
i had that thanks, keep posting.!!!
ReplyDelete@Anonymous, i will re-have a look i've looked very fastly the sample and see that was the good password and i've stopped here.
ReplyDeleteThe good rar password is probably stored also inside
Need help with unlock code on first screen. It is askiking for a password - my reference number is 0011369418614 Any help would be appreciated ,,, will check back here..
ReplyDeletei have been wondering what forums do you find this kind of stuff on i would like to be able to test what you do on them.
ReplyDelete