Ransomware posing as Microsoft

We’ve found yet another malware piece, this time it is a ransomware to take some of your money. Once you get infected (you can receive it in a number of different ways, most likely via spam messages and P2P), your computer is restarted. What for? Well, the malware installs itself to run every time your computer is started. And at the very beginning, just after you log in, it will show you the following screen:

With my English an Spanish knowledge I was able to understand what it was saying in German, but I translated it just in case. The threat is clear: your Microsoft Windows authenticity could not be verified, you need to have it fixed, which is just a 100€ payment. They give you the payment instructions and before saying goodbye they let you know that in case you don’t pay you’ll lose access to the computer and will lose all your data, as well as that the district attorney’s office has already your IP address and that you’ll be prosecuted in case you fail to pay the 100€ in 48 hours.

Well, that would scare anyone that doesn’t know this is a ransomware attack. When you go to the website announced in the previous screen, this is what you get:

Once you enter the code given in the first screen, you are redirected to another web where you can fill all your data, so they can charge you with 100€… to start with. Once you have sent them your data, they tell you you’ll get an activation code within 24 hours when they have confirmed that your credit card is working. Well, for all of you that wouldn’t like to pay anything to these bastards, this is the code you can use to deactivate it:

QRT5T5FJQE53BGXT9HHJW53YT

Doing that your computer will be restarted and the registry key created by this malware (detected as Ransom.AN) will be removed, as well as the malware file. Anyway, once you know you’ve been infected with a piece of malware you don’t know how many you may have there, so it is worth giving a try to our free Panda Cloud AntiVirus.

Related News

25 Responses

Leave a Reply
  1. Steve
    Sep 08, 2011 - 05:39 AM

    Looks remarkably like a MS product key. To what?

    Reply
  2. Hume
    Oct 02, 2011 - 08:46 AM

    Hi
    my daughter has the virus at her PC. Unfortunetaly, We code QRT5T 5FJQE53BGXT9HHJW53YT doesn’t work. Do we have o put another code?
    Thanks in advance for your help.
    All the Best,

    Reply
    • Luis Corrons
      Nov 30, 2011 - 11:23 AM

      It could be a different version, the best thing is to install Panda Cloud Antivirus (www.cloudantivirus.com) and remove it. In case it causes you any problems to do that, start the computer in safe mode in first place.

      Reply
  3. Mor
    Oct 04, 2011 - 04:42 PM

    The deactivation “key” doesn’t help. What should I do?

    Reply
    • Luis Corrons
      Nov 30, 2011 - 11:22 AM

      It seems to be a different version, the best thing is to install Panda Cloud Antivirus (www.cloudantivirus.com) and remove it. In case it causes you any problems to do that, start the computer in safe mode in first place.

      Reply
  4. Natalja
    Oct 06, 2011 - 07:56 AM

    the code is invalid…and now?

    Reply
    • Luis Corrons
      Nov 30, 2011 - 11:22 AM

      It may be a different version, the best thing is to install Panda Cloud Antivirus (www.cloudantivirus.com) and remove it. In case it causes you any problems to do that, start the computer in safe mode in first place.

      Reply
  5. Feat
    Oct 29, 2011 - 02:46 PM

    QRT5T5FJQE53BGXT9HHJW53YT dont works anymore for actual version is this malware , fix it plz

    Reply
    • Luis Corrons
      Nov 30, 2011 - 11:21 AM

      It will be a different version, the best thing is to install Panda Cloud Antivirus (www.cloudantivirus.com) and remove it. In case it causes you any problems to do that, start the computer in safe mode in first place.

      Reply

Trackbacks/Pingbacks

  1. Microsoft themed ransomware variant spotted in the wild | ZDNet
  2. Windows ransomware poses as Microsoft | Gadgets Geekly
  3. How to prevent & remove Ransom.AN Ransomware?
  4. Microsoft Themed Ransomware | JukeBox Deli
  5. How to prevent & remove Ransom.AN Ransomware? « MyTechGod
  6. New trojan masquerades as Microsoft enforcement-ware | Technology News - Computers, Internet, Invention and Innovation Tech from News247
  7. ste williams » New trojan masquerades as Microsoft enforcement-ware
  8. ste williams » New trojan masquerades as Microsoft enforcement-ware
  9. Trojan holds Microsoft users at ransom. | Orbits IT Support in Cardiff and South Wales
  10. Anonymous
  11. maccad» New trojan masquerades as Microsoft enforcement-ware
  12. New trojan masquerades as Microsoft enforcement-ware - News Feed Centre
  13. Fake Microsoft Scams | Daves Computer Tips
  14. The Rise of the Ransomware | PandaLabs Blog
  15. Wirus udający policyjny komunikat | Zaufana Trzecia Strona
  16. IT Secure Site » Blog Archive » The Rise of the Ransomware

Leave a Reply

Your email address will not be published. Required fields are marked *

COPYRIGHT 2014 PANDA SECURITY