HmBlocker

Posted: October 3, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	2

First Seen:	March 12, 2012
OS(es) Affected:	Windows

HmBlocker is a variant of Police Ransomware that was first seen in 2010. By blocking your computer with an alert that includes a pornographic image, HmBlocker not-so-gently encourages you to send a premium text message to a specified number, supposedly to unlock your computer. While HmBlocker claims to have the legal authority to do these things, SpywareRemove.com malware researchers stress that HmBlocker is a form of illegal and malicious software that should be circumvented and then removed with a qualified anti-malware scanner. Since HmBlocker's ransom message is often presented in Cyrillic script, Russian PC users may, in particular, need to protect themselves from HmBlocker and understand how to delete HmBlocker safely.

HmBlocker: When Manly Love Becomes Your Immediate Concern

The basic scam behind HmBlocker is similar to that of other 'police' types of ransomware Trojans: HmBlocker locks down your computer with a pop-up that claims that your PC has been used for online crimes (in this case, viewing supposedly illegal types of pornography) and then requests that you contact a premium number via Short Message Service to remove the pop-up. Instead of using the ornate nationality-keyed trappings of more modern ransomware than itself, HmBlocker instills panic in its victim by displaying a side image of two men in an intimate position. SpywareRemove.com malware experts recommend that victims of HmBlocker attacks remain calm and avoid wasting money on calling the proffered number, which is unnecessary for HmBlocker's removal.

HmBlocker uses Registry changes to guarantee that Windows will launch HmBlocker automatically, and HmBlocker's installation reboots the computer immediately. Combined with HmBlocker's screen-locking pop-up, these traits prevent victims from doing anything with their computer until HmBlocker is disabled and, hopefully, removed.

SpywareRemove.com malware experts also note that samples of HmBlocker tend to utilize the Cyrillic script that's typical of Russia and Eastern Europe countries (former members of the Soviet Union). Residents of these countries should consider their computers somewhat more at risk of HmBlocker attacks than PC users in other regions, with malicious Russian-based websites being a top means of infection (via browser exploits and fraudulently-labeled downloads).

Getting Your PC Clean of HmBlocker and Its Adult Imagery

There are various means of preventing HmBlocker from launching itself even after HmBlocker is installed. However, for ease of use, SpywareRemove.com malware experts recommend that you load a clean OS onto a USB device and start your PC from your USB drive. This will load an OS without using the HmBlocker-compromised Registry and allow you to access your computer without HmBlocker's pop-up alert appearing.

After you've disabled HmBlocker, the next step is the easiest: use anti-malware software of your choice to remove HmBlocker, whose structure includes multiple EXE files. Registry changes should also be removed by appropriate software, since any inappropriately-deleted Registry entries can damage various programs or your operating system.

HmBlocker

Threat Metric

HmBlocker: When Manly Love Becomes Your Immediate Concern

Getting Your PC Clean of HmBlocker and Its Adult Imagery

Leave a Reply