Reveton

Reveton is a ransomware Trojan that hijacks your browser to display a fake legal alert while Reveton also locks down your computer. Because Reveton’s pop-up alerts often use country-specific references to various legal agencies, Reveton may appear legitimate at first glance, but Reveton simply is a way for criminals to milk money out of PC users by accusing them of random crimes. Standard pop-up alerts from Reveton are recognizable members of the widespread ‘Ukash Virus‘ family, which SpywareRemove.com malware experts have noted are especially common in Europe, although other countries overseas have also been affected by Reveton attacks. Due to its automatic startup and system-locking behavior, Reveton must be disabled before you can access anti-malware programs that could remove Reveton, although deactivating Reveton isn’t necessarily as difficult as one would assume (as noted further in this article).

Don’t Be Intimidated by Reveton’s Crooked Cops

Once Reveton is launched, Reveton can be noticed by the pop-up window that Reveton generates to cover your desktop, including the Windows taskbar. This makes it impossible for you to access shortcuts, as well as the overall Windows interface, while Reveton is open, and attempts to navigate through Reveton’s pop-up window will also fail (the pop-up is an image with the URL bar disabled).

The exact image that Reveton displays in this Window will change with the IP address of your PC as Reveton attempts to find a match for your country of origin. Examples of pop-up variants that SpywareRemove.com malware researchers have noticed from Reveton include:

• Guardia di Finanza Ransomware, from Italy.
• The Scotland Yards Ukash Virus from the United Kingdom.
• Bundespolizei National Cyber Crimes Unit Ransomware from Germany.
• Cuerpo Nacional de Policia Virus from Spain.
• Polícia de Segurança Pública Portuguese Virus from Portugal.
• Poliisi Tietoverkkorikos Tutkinnan Yksikkö Ransomware from Finland.

Besides displaying basic law enforcement-related imagery and your IP address, Reveton’s pop-ups will claim that your PC is involved in illegal file-trafficking or media-viewing activities. This excuse gives Reveton a semi-plausible reason for blocking access to your computer, although SpywareRemove.com malware researchers emphasize that Reveton is unaffiliated with any form of real law enforcement.

Where Reveton’s Fake Warnings Ultimately Lead

Reveton’s warning messages are used strictly to frighten you into transferring a ‘fee’ through Ukash, Paysafecard or similar financial services. Since the fees and other legal penalties that Reveton levies against you are completely fraudulent, SpywareRemove.com malware analysts can never recommend any course of action other than finding a way to delete Reveton with all your money intact.

Removing Reveton will require that you disable Reveton’s startup exploit, which is viable through a Safe Mode boot or, in extreme cases, booting your OS from a USB drive. Competent anti-malware products should experience no real difficulty in deleting Reveton once Reveton has been prevented from launching in the first place.

Reveton Automatic Detection Tool (Recommended)

Technical Details

Registry Modifications

• The following newly produced Registry Values are:
  HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: 'Userinit' = '\userinit.exe, %Documents and Settings%\[UserName]\Application Data\temp_sys.exe'HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\¬Software\¬Microsoft\¬Internet Explorer\¬MainHKEY_CURRENT_USER\¬Software\¬Microsoft\¬Windows\¬CurrentVersion\¬Internet Settings\-Zones\¬0HKEY_CURRENT_USER\¬Software\¬Microsoft\¬Windows\¬CurrentVersion\¬Policies\¬SystemHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Win32\Trojan:Win32/Reveton.A

Home Malware ProgramsRansomware Reveton