Trojan.Ransomgerpo

Posted: April 11, 2011

Trojan.Ransomgerpo Description

Trojan.Ransomgerpo is a Trojan variant of ransomware, or malware that holds your computer hostage. After infecting your PC, Trojan.Ransomgerpo will do Trojan.Ransomgerpo's best to prevent any and all significant functions, only relinquishing Trojan.Ransomgerpo's iron grip on your system after you purchase an unlock code. Trojan.Ransomgerpo will also make other alterations to your system, such as changing your desktop to a threatening message. Rather than spending your earnings on an unlock code, you should try to remove Trojan.Ransomgerpo by using appropriate anti-malware software. Purchasing the code and allowing Trojan.Ransomgerpo to remain on your PC is a high-level security risk as well as a waste of your money.

Don't Give in to the Trojan.Ransomgerpo's Ransom Scam

By corrupting the Windows Registry with entries to enable Trojan.Ransomgerpo's own startup as well as to disable other applications, Trojan.Ransomgerpo attempts to take total control over your computer. This isn't an infection you need to worry about hiding itself – Trojan.Ransomgerpo will show its presence plainly by changing your desktop to the following message:

Die offizielle Mitteilung der Bundeskriminalamt
Achtung!
Ein Vorgang illegaler Aktivitaten wurde erkannt.
Das Betriebssystem wurde im Zusammenhang mit Verstossen gegen die Gesetze der Bundesrepublik Deutschland gesperrt! Es wurde folgender Vertoss festegestellt: Ihre IP Adresse lautet mit dieser IP wurden Seiten mit pornografischen Inhalten, Kinderpornographie, Sodomie und Gewalt gegen Kinder aufgerufen.
Auf Ihrem Computer wurden ebenfalls Videodateien mit pornografischen Inhalten, Elementen von Gewalt und Kinderpornografie festgestellt!
Es wurden auch Emails in Form von Spam, mit terroristischen Hintergr?nden, verschickt. Diese Sperre des Computers dient dazu, Ihre illegalen Aktivitaten zu unterbinden.

Translated from German, this message claims to have found child pornography and other violations of German law on your PC. Of course, Trojan.Ransomgerpo has no means of detecting any illegal files on your computer and isn't related to official German law enforcement in any way.

While Trojan.Ransomgerpo is infecting your computer you will find that many different functions and programs are inaccessible or dysfunctional. Trojan.Ransomgerpo itself tells you that you can restore normal operation of your computer by entering a purchasable unlock code. Purchasing this code is unwise, since Trojan.Ransomgerpo will put your finances and identity information into serious risk.

Saving Your PC from Trojan.Ransomgerpo

Avoiding initial infection by Trojan.Ransomgerpo is preferable to having to deal with it after Trojan.Ransomgerpo is on your PC. If you're running Windows 2K, 9x, Vista or Windows 7 your computer is in danger of infection, so you should take appropriate precautions. Staying away from dangerous websites, downloading files only from trusted sources and keeping your browser security high will prevent most forms of Trojan infection from reaching you.

Because Trojan.Ransomgerpo alters your Registry in ways that are difficult to undo manually with no other damage occurring as a result, you should try to procure and use anti-malware scanners to remove Trojan.Ransomgerpo. Trojan.Ransomgerpo places startup entries into the Registry and thus will always run when you use a normal boot.

However, you can use Safe Mode to avoid Trojan.Ransomgerpo from booting, in cases where a less advanced variant is attacking your PC. For more advanced types of Trojan.Ransomgerpo infections, you may need to run a boot from a peripheral device such as a USB thumb drive. Either way, scanning with the best anti-malware software available will remove Trojan.Ransomgerpo and restore your computer to perfect health.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %PROGRAM_FILES%\ Trojan.Ransomgerpo\ Trojan.Ransomgerpo

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "%CurrentFolder%\[ORIGINAL THREAT FILE NAME].exe"HKEY_CURRENT_USER\Software\tetris\"level" = "[BINARY DATA]"HKEY_CURRENT_USER\Software\tetris\"phone" = "[RANDOM CHARACTERS]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\"Debugger" = "calc.exe"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "%CurrentFolder%\[ORIGINAL THREAT FILE NAME].exe"

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Trojan.Ransomgerpo may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Trojans Trojan.Ransomgerpo

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.