Here is a screenshot of what the misleading "System plugin at address 0x00874324 got critical error" looks like:
Update, 3:55 a.m. PDT: a new variant of this Trojan has been released. The fake warning is pretty much the same as it was before, only the error text is different: "System process at address 0xE4783995 have just crashed, please follow these steps to deactivate it from your system." We will post the new code as it becomes available. Meanwhile, please follow the alternate removal instructions.
Update, 5:40 a.m. PDT: yet another version of this Trojan Ransomware. Fraudulent error text: "System process at address 0x3BC3 have just crashed, please follow these steps to deactivate it from your system."
More about the scam:
"This is an international number via satellite. It is very difficult to counter this phenomenon because these numbers are beyond the laws of Switzerland, "says Caroline Sauser, spokesman for the Federal Office of Communications (Ofcom). "The number is 0088 213 affiliated with the company Telespazio, but there is no evidence that the company is behind the scam. Indeed, Telespazio acquires thousands of numbers in the block, it is very likely that it then distributes them to different customers."
"System plugin at address 0x00874324 got critical error" removal instructions:
1. You can use this code to unlock your computer:
2. If the above code doesn't work, please follow the general Ransomware removal guide.
3. You can repair your computer if you have Windows CD. Video tutorials:
- http://www.youtube.com/watch?v=KNOQ0sCYY8s (Windows XP)
- http://www.youtube.com/watch?v=fHrgIAdc_Co (Windows Vista/7, choose Startup Repair from the Windows recovery menu)
- Kaspersky Rescue Disk 10 (CD/DVD version, USB device version)
- Dr.Web LiveCD
- AVG Rescue CD
- Avira AntiVir Rescue System
6. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
Associated "System plugin at address 0x00874324 got critical error" files and registry values:
Files:
Windows XP:
- C:\Documents and Settings\[UserName]Application Data\svchost.exe
- C:\Documents and Settings\[UserName]Application Data\delself.bat
- C:\Documents and Settings\[UserName]Application Data\svchost.tmp_time
- C:\ProgramData\svchost.exe
- C:\ProgramData\delself.bat
- C:\ProgramData\svchost.tmp_time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit= "
0 comments:
Post a Comment