Geekly articles weekly

Banner de Ransomware - Execute, No Mercy

«Windows — » Windows. – , ESET DR Web, BIOS .

? , , Trojan.WinLock , .

Banner de ransomware

?


- 1989 . , . . . SMS-, “ ” 2007 .

Trojan.Winlock () — , . -. 2009-2010 , . 2010 . , Trojan.Winlock , , - .

. (Trojan.Winlock 19 .) 10 . 2 , . , Windows 300 – 1000 , .

– WebMoney, . , “” , … - .

Trojan.Winlock


. – “” . – . – , , , – Adobe Flash . , , — .

, Trojan.Winlock 3 :

  1. , .
  2. , .
  3. , Windows , , , – .

, , .

Trojan.Winlock


Trojan.Winlock :

-[...\Software\Microsoft\Windows\CurrentVersion\Run] 'svhost' = '%APPDATA%\svhost\svhost.exe'
-[...\Software\Microsoft\Windows\CurrentVersion\Run] 'winlogon.exe' = '<SYSTEM 32>\winlogon.exe'

, :

  • %APPDATA%\svhost\svhost.exe

:

  • <SYSTEM 32>\winlogon.exe
  • %WINDIR%\explorer.exe
  • <SYSTEM 32>\cmd.exe /c """%TEMP%\uAJZN.bat"" "
  • <SYSTEM 32>\reg.exe ADD «HKCU\Software\Microsoft\Windows\CurrentVersion\Run» /v «svhost» /t REG_SZ /d "%APPDATA%\svhost\svhost.exe" /f

:

  • %WINDIR%\Explorer.EXE

:

:

  • %APPDATA%\svhost\svhost.exe
  • %TEMP%\uAJZN.bat

'' :

  • %APPDATA%\svhost\svhost.exe

:

  • ClassName: 'Shell_TrayWnd' WindowName: ''
  • ClassName: 'Indicator' WindowName: ''

. 1-.


. Dr.Web , , . (. . ) .

Serviço de desbloqueio DRWeb

2. Dr.Web


— Trojan.Winlock, .

ESET, 400 000 , , — Kaspersky WindowsUnlocker.

3. –


, - , , - . Windows , Live CD.

, USB-. BIOS. , , CD- .

F2, – DEL/DELETE, (F1, F8, F10, F12…, Ctrl+Esc, Ctrl+Ins, Ctrl+Alt, Ctrl+Alt+Esc .). , . BIOS .

BIOS, “” – “”, “+” “–“, ”F5” ”F6”.

AntiWinLockerLiveCD


, - – “ ” AntiWinLockerLiveCD .

logotipo do programa
:

  • ;
  • ;
  • WindowsXP userinit.exe, taskmgr.exe;
  • ;
  • Trojan.MBR.lock;
  • . , AntiWinLocker LiveCD / USB .

:

  • ;
  • ;
  • ;
  • ;
  • (HiJack);
  • HOSTS ;
  • , (Userinit, taskmgr, logonui, ctfmon);
  • (.job) AutorunsDisabled;
  • Autorun.inf ;
  • ( WinPE).

AntiWinLocker LiveCD – , . LiveCD, Lite – FreeCommander, , , .

– , , . .

:

AntiWinLockerLiveCD ISO, CD - , ” ”, “ Windows” – “” CD-. .

site do desenvolvedor

  • / BIOS (. );
  • LiveCD .

janela do programa

  • ;
  • Professional Lite. (Lite) ;
  • , Windows ( ), , .

, ( ).

””/” ”.

. .

vĂ­rus encontrados

, . Shell, . , ”” Windows . .

remoção de banner ransomware
:

  • ;
  • ;
  • ;
  • TestDisk;
  • AntiSMS.

AntiWinLockerLiveCD .
, , C: D:\Documents and Settings\ \Local Settings\Temp ( Windows XP) : D:\Users\ \AppData\Local\Temp ( Windows 7). , , .

comece

Trojan.Winlock, , , . , , – , , , .


, , , ! — , , ! , .

, .

, .

/ LiveCD (LiveUSB), ().

, . «» .

.

— , . (VirtualBox .). .

. .
, — !

iCover

, iCover . , , , , .).

Source: https://habr.com/ru/post/pt382627/

More articles:


All Articles