Kaspersky WindowsUnlocker sau cum scapi de Trojan Ransom

Daca atunci cand pornesti calculatorul este afisat un banner solicitand trimiterea unui sms la un anume numar de telefon, inseamna ca PC-ul tau este infectat cu un malware special: troianul Ransom (vezi poza de mai jos). Acest tip de infectie restrictioneaza accesul la Windows si solicita o rascumparare (ransom) pentru a reda functionalitatea calculatorului.

troian ransom

Pentru a scapa de acest troian puteti folosi Kaspersky WindowsUnlocker. Acest utilitar va fi lansat cand calculatorul este pornit de pe discult Kaspersky Rescue Disk 10 si functioneaza in modul grafic, dar si in modul text.

Cum procedati pentru DEVIRUSARE ?

1. Descarcati imaginea .iso cu produsul si puneti-o pe un disc (CD\DVD) sau stick USB – folositi optiunea “Burn image”: http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/kav_rescue_10.iso

2. Restartati calculatorul si asigurati-va ca are setata unitatea CD\DVD ca prima optiune de bootare. Introduceti discul creat anterior si selectati “Kaspersky Rescue Disc. Graphic Mode”.

kaspersky rescue disc

3. Apoi dupa incarcarea programului Kaspersky, apasati butonul “K” din coltul stanga jos si selectati butonul Terminal. Scrieti windowsunlocker si apasati EnterUlterior selectati optiunea 1 – Unblock Windows.

unblock windows

4. In cele din urma apasati din nou butonul “K” si selectati “Kaspersky Rescue Disk”. Efectuati o scanare completa a sistemului.

Daca aveti probleme in a urma ghidul, puteti gasi informatii mai detaliate pe site-ul Kaspersky.

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

14 responses to “Kaspersky WindowsUnlocker sau cum scapi de Trojan Ransom”

  1. alex

    Puteti sa imi dati cateva detalii despre ce se intampla in pc-ul meu? Mi-au aparut pop-up-uri incontinuu timp de cateva minute de la kaspersky.

  2. Emilia

    Foarte folositor!Multumim!

  3. mike

    ce inseamna, – folositi optiunea “Burn image” ?

  4. alex

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:30:04 PM, on 1/30/2012
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2012avp.exe
    C:Program Files (x86)Yahoo!Messengerymsgr_tray.exe
    C:Program Files (x86)Internet ExplorerIELowutil.exe
    C:Program Files (x86)Operaopera.exe
    C:UsersalexAppDataLocalOperaOperatemporary_downloadsHiJackThis.exe

    R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ro/
    R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
    R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
    R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
    R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
    F2 – REG:system.ini: UserInit=userinit.exe
    O2 – BHO: IEVkbdBHO – {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} – C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2012ievkbd.dll
    O2 – BHO: link filter bho – {E33CF602-D945-461A-83F0-819F76A199F8} – C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2012klwtbbho.dll
    O4 – HKLM..Run: [AVP] “C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2012avp.exe”
    O4 – HKLM..Run: [AdobeCS5.5ServiceManager] “C:Program Files (x86)Common FilesAdobeCS5.5ServiceManagerCS5.5ServiceManager.exe” -launchedbylogin
    O4 – HKCU..Run: [Messenger (Yahoo!)] “C:Program Files (x86)Yahoo!MessengerYahooMessenger.exe” -quiet
    O8 – Extra context menu item: Add to Anti-Banner – C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2012ie_banner_deny.htm
    O9 – Extra button: &Virtual Keyboard – {4248FE82-7FCB-46AC-B270-339F08212110} – C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2012ievkbd.dll
    O9 – Extra button: URLs c&heck – {CCF151D8-D089-449F-A5A4-D9909053F20F} – C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2012klwtbbho.dll
    O10 – Unknown file in Winsock LSP: c:windowssystem32vsocklib.dll
    O10 – Unknown file in Winsock LSP: c:windowssystem32vsocklib.dll
    O11 – Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O13 – Gopher Prefix:
    O16 – DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} – http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_2_1_0.cab
    O17 – HKLMSystemCCSServicesTcpip..{F0B1A3D9-4D87-475E-924C-252FE44D8B50}: NameServer = 89.44.80.3 89.39.166.1
    O23 – Service: Kaspersky Anti-Virus Service (AVP) – Kaspersky Lab ZAO – C:Program Files (x86)Kaspersky LabKaspersky Internet Security 2012avp.exe
    O23 – Service: CNG Key Isolation (KeyIso) – Unknown owner – C:Windowssystem32lsass.exe (file missing)
    O23 – Service: Distributed Transaction Coordinator (MSDTC) – Unknown owner – C:WindowsSystem32msdtc.exe (file missing)
    O23 – Service: NVIDIA Display Driver Service (nvsvc) – Unknown owner – C:Windowssystem32nvvsvc.exe (file missing)
    O23 – Service: Protected Storage (ProtectedStorage) – Unknown owner – C:Windowssystem32lsass.exe (file missing)
    O23 – Service: Security Accounts Manager (SamSs) – Unknown owner – C:Windowssystem32lsass.exe (file missing)
    O23 – Service: Print Spooler (Spooler) – Unknown owner – C:WindowsSystem32spoolsv.exe (file missing)
    O23 – Service: Software Protection (sppsvc) – Unknown owner – C:Windowssystem32sppsvc.exe (file missing)
    O23 – Service: Virtual Disk (vds) – Unknown owner – C:WindowsSystem32vds.exe (file missing)
    O23 – Service: VMware Authorization Service (VMAuthdService) – VMware, Inc. – C:Program Files (x86)VMwareVMware Playervmware-authd.exe
    O23 – Service: VMware DHCP Service (VMnetDHCP) – VMware, Inc. – C:Windowssystem32vmnetdhcp.exe
    O23 – Service: VMware USB Arbitration Service (VMUSBArbService) – VMware, Inc. – C:Program Files (x86)Common FilesVMwareUSBvmware-usbarbitrator64.exe
    O23 – Service: VMware NAT Service – VMware, Inc. – C:Windowssystem32vmnat.exe
    O23 – Service: Volume Shadow Copy (VSS) – Unknown owner – C:Windowssystem32vssvc.exe (file missing)
    O23 – Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) – Unknown owner – C:Windowssystem32WatWatAdminSvc.exe (file missing)
    O23 – Service: Block Level Backup Engine Service (wbengine) – Unknown owner – C:Windowssystem32wbengine.exe (file missing)
    O23 – Service: @%SystemRoot%system32wlmswlms.exe,-1 (WLMS) – Unknown owner – C:Windowssystem32wlmswlms.exe (file missing)
    O23 – Service: WMI Performance Adapter (wmiApSrv) – Unknown owner – C:Windowssystem32wbemWmiApSrv.exe (file missing)


    End of file – 5312 bytes
    Am internet de la RDS cu user si parola. Inainte cu 5 minute termiasem de descarcat un torrent cu Adobe Dreamweaver pe care l-am scanat cu kaspersky si era clean. Acele pop-up-uri mi-au aparut toate in decursul a 5 minute. Tin sa mentionez ca in decursul zilei de ieri am scanat tot hdd-ul si era clean.

  5. mike

    @radu mersi,

    daca folosesc stick usb, pot boota de pe el asa cum e salvat fisierul iso ?

  6. alex

    Ma ajuta va rog frumos si pe mine cineva cu problema mea de mai sus?

  7. [Solutie] Un Exploit Java deosebit de periculos se raspandeste pe internet

    […] Daca ati avut nesansa de a va infecta inainte de a face modificarea de mai sus, cititi mai multe despre troianul ransomware si metoda pentru devirusare AICI. […]

  8. WindowsCluj

    Foarte bun este si BDRemoval_Trojan_Ransom_IcePol Zilele trecute am devirusat un laptop cu acel program de la Bitdefender

  9. daniel nicolae

    salut am si eu o problema recent am incercat sa decarc un program dar ce am descarca de fapt cred ca este un virus pe la jumatatea descarcarii mi sa oprit si sa stins,folosesc laptop,de aseamenea folosesc avast free,de cate ori accesez google imi apare ca am virus,iam dat si scan boot dar nu imi gaseste nimic.ma poti ajuta sau trebuie sa i schimb windowsul daca poti trimitemi un email . b.daniel91@yahoo.com mersi

Leave a Reply