Trojan.MBRlock is usually distributed through the use of fake adult websites but cyber criminals can potentially infect your computer through other means, or even trick you into downloading the malware. We all know that viruses and malicious software are nasty things that can do all sorts of damage to your machine. Any attempt to restore the MBR using standard MBR recovery tools may lead to data loss. Besides, re-installing Windows won't help either because it doesn't fix the MBR. Resetting system time won't help too. Both, the original MBR and the unlock code are usually encrypted.
In a typical Trojan.MBRlock ransomware scenario you'll get a message alerting that your were watching certain types of prohibited pornography. The message text may display in both English and Russian. However, I stumble upon Russian ransomware a lot more often then other examples of such malicious software. Here's an example of what the fake Trojan.MBRlock message looks like:
Внимание! Ваш ПК заблокирован за просмотр и распространение порнографии с участием несовершеннолетних, элементами насилия, зоофилии. Для разблокировки, Вам необходимо оплатить штраф в размере 500 рублей в любом терминале оплаты.
Выберите на экране терминала категорию "Электронные деньги", "Webmoney" и т.д.
Найдите эмблему платежной системы WebMoney.
Найдите номер R кошелька (12 цифр) - 079030161849
Внесите сумму 500 рублей. Внимание: учитывайте комиссию терминала.
По завершению оплаты, на выданном терминалом чеке оплаты, Вам будет выдан персональный код, после ввода которого, Ваш ПК будет автоматически разблокирован. Любые попытки разблокировки, без оплаты и ввода персонального кода, приведут к уничтожению операционной системы.
Very often Trojan.MBRlock infections share certain characteristics: phone numbers, short codes, WebMoney and cash-in points. There are numerous web pages where you can enter the phone number and the short code given by the Trojan.MBRlock ransomware to get the unlock code. There's a chance that security vendors have already tested this ransomware and debugged the unlock code. Here are some websites that will hopefully help you to unlock your computer:
- http://support.kaspersky.com/viruses/deblocker
- http://www.drweb.com/unlocker/index?lng=en
- http://virusinfo.info/deblocker/
Phone numbers: 89067983134, 89653751844
Unlock code: 9786775
MTC number: 89162609465
Unlock code: n7856tbt*&^n
WebMoney: 079030161849
Unlock code: 00043176
Phone number: 86572225665
Unlock code: XerVam
You can leave a comment below or just email us and request the unlock code, however, we can't promise you that we will actually find it.
http://deletemalware.blogspot.com
To remove the Trojan.MBRlock ransowmare manually, you should use either Dr.Web® LiveCD/LiveUSB or Kaspersky Rescue Disk 10 CD/USB.
Dr.Web® LiveCD
Step-by-step Installation Guide in English
Как это работает? (По русски)
Dr.Web® LiveUSB
Step-by-step Installation Guide in English
Как это работает? (По русски)
Kaspersky Rescue Disk 10 CD/DVD
How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?
Как записать Kaspersky Rescue Disk 10 на CD/DVD и загрузить с него компьютер?
Kaspersky Rescue Disk 10 USB
How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?
Как записать Kaspersky Rescue Disk 10 на USB-носитель и загрузить с него компьютер?
Both tools are completely free and very well documented, however, if you still can't figure out how to run Dr.Web® LiveCD or Kaspersky Rescue Disk 10 USB, please leave a comment below and we will do our best to guide you through the installation process. Good luck and be safe online!
A few more examples of Trojan.MBRlock ransomware:
Share this information with your friends:
0 comments:
Post a Comment