Trojan-Ransom.Boot.Seftad.a
From Total Malware Info
The description for Trojan-Ransom.Boot.Seftad.a was created during beta-test of «Malware description on demand» service. Learn more about at: www.dnt-lab.com/en/services .
|
Trojan-Ransom.Boot.Seftad.a
|
|
|
Last edited: |
10.6.2011 |
It is a trojan that disables a personal computer in order to obtain a ransom for re-enabling. It is Windows application (PE-EXE files). It is 49,664 bytes in size. It is writer in C++.
Payload
Right after the start, the trojan appends a special code to the Main Boot Record of Microsoft Windows. Then, the trojan restart the system.
Thus, during the boot, the user will see the following message:
Your PC is blocked. All the hard drives were encrypted. Browse www.safe-data.ru to get an access to your system and files. Any attempt to restore the drives using other way will lead to inevitable data loss !!! Please remember Your ID: 773921, with its help your sign-on password will be generated. Enter password:
The user is asked to pay a ransom via a website in order to get the code to decrypt data on hard-drives. Actually, the trojan doesn’t encrypt data, it blocks proper boot-up only.
Removal Instructions
If your computer wasn’t protected with an antivirus program and was infected with this malicious program, perform the following actions to remove it:
- Enter the password: aaaaaaciip. The trojan will restore original Master Boot Record.
- Perform full system scan with an antivirus program.
Can't find a description for a specific malware?
You can order a description for any computer malware, virus, trojan or worm.
You can order a description for any computer malware, virus, trojan or worm.
