QWCiPhErEd Trojan
Posted: May 8, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 54 |
| First Seen: | May 8, 2012 |
|---|---|
| OS(es) Affected: | Windows |
QWCiPhErEd Trojan is a popular alias for a ransomware Trojan that typically is detected by official labels like TROJ_RANSOM.CYEA, Trojan.Gpcoder.G or Troj/Ransom-FM. QWCiPhErEd Trojan acquires its nickname from its habit of encrypting files on your PC to make them unusable and then identifying these files with the added suffix '.QWCiPhErEd' that's appended to each file name. If you attempt to open a QWCiPhErEd Trojan-encrypted file, you'll be given a pop-up alert that informs you that you should transfer 50 Euros to acquire a decryption key. SpywareRemove.com malware analysts discourage this, however, since QWCiPhErEd Trojan's criminals partners aren't guaranteed to follow through on their word, and since QWCiPhErEd Trojan, as malicious software, should be disabled and deleted as soon as possible, in any case. Unfortunately, QWCiPhErEd Trojan's encryption has been identified as exceptionally advanced, and restoring encrypted files from a backup is ultimately a more practical solution than attempting to break QWCiPhErEd Trojan's encryption code.
Eyeballing the Chains That QWCiPhErEd Trojan Wraps Around Your Files
The QWCiPhErEd Trojan can be acquired by various methods, including malicious website-based drive-by-downloads or as part of a payload that's dropped by other forms of harmful software. Regardless of how QWCiPhErEd Trojan gets to your computer in the first place, QWCiPhErEd Trojan's initial attacks consist of encoding a wide range of file types on your hard drive to make them unusable. Some of the popular file types that SpywareRemove.com malware analysts have found QWCiPhErEd Trojan to target include:
- Text documents (such as .txt, .doc or .docx).
- Image files (such as .jpg, .jpeg, .png or .gif).
- Audio and movie files (such as .mp4, .flv, .mpg or .avi).
- Archives (such as .rar or .zip).
- CD emulation files (AKA .iso files).
If you try to launch any of these files, QWCiPhErEd Trojan will launch a pop-up message as follows:
Attention!!!
The files on your machine are disabled for viewing, copying and duplicating video elements of p–n and gay p–n. To unlock you need to pay a fine of 50 euros. For this purpose, any terminal pay or buy a Ukash voucher Paysafecard on that amount. More sites http://.[URL Removed] http://www.[URL Removed]
Please send the voucher by e-mail tenagliamirella@gmail.com.
In the case of payment of an amount equal to the penalty in return you will receive an unlock code. It must be entered in the field. After unlocking you must remove all materials that contain elements of violence and porn. In the case of non-payment, all data on your personal computer will be permanently blocked. You have 5 attempts to enter code.
All questions on tenagliamirella@gmail.com
SpywareRemove.com malware researchers emphasize that QWCiPhErEd Trojan doesn't originate from any type of legitimate legal authority and has no ability to detect the pornographic activities that QWCiPhErEd Trojan claims to be the cause of your computer's lock down. Unfortunately, QWCiPhErEd Trojan's encryption uses advanced RSA techniques that can't be broken easily, and your best bet for recovering your files is simply to delete QWCiPhErEd Trojan with good anti-malware software and then restore your files from a backup.
How to Safely Flush Out a QWCiPhErEd Trojan Ransom from Your PC
Because QWCiPhErEd Trojan changes the Windows Registry during its installation, the safest means of removing QWCiPhErEd Trojan is to use an anti-malware product that can inspect and delete QWCiPhErEd Trojan's components without damaging your operating system. On the bright side, for PC users who prefer non-Windows platforms, QWCiPhErEd Trojan is a Windows-specific PC threat, and can be disabled or avoided entirely by using a different brand of operating system.
Modern versions of Windows are also effectively immunized to QWCiPhErEd Trojan attacks, as QWCiPhErEd Trojan is only capable of infecting Windows 2K, XP and Server 2003. If you're unable to run appropriate security programs to remove QWCiPhErEd Trojan while QWCiPhErEd Trojan is open, SpywareRemove.com malware experts can recommend a variety of solutions to stop QWCiPhErEd Trojan from launching, including using Safe Mode and booting from a removable hard drive.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.