Home Malware Programs Trojans QWCiPhErEd Trojan

QWCiPhErEd Trojan

Posted: May 8, 2012

Threat Metric

Threat Level: 9/10
Infected PCs: 54
First Seen: May 8, 2012
OS(es) Affected: Windows

QWCiPhErEd Trojan is a popular alias for a ransomware Trojan that typically is detected by official labels like TROJ_RANSOM.CYEA, Trojan.Gpcoder.G or Troj/Ransom-FM. QWCiPhErEd Trojan acquires its nickname from its habit of encrypting files on your PC to make them unusable and then identifying these files with the added suffix '.QWCiPhErEd' that's appended to each file name. If you attempt to open a QWCiPhErEd Trojan-encrypted file, you'll be given a pop-up alert that informs you that you should transfer 50 Euros to acquire a decryption key. SpywareRemove.com malware analysts discourage this, however, since QWCiPhErEd Trojan's criminals partners aren't guaranteed to follow through on their word, and since QWCiPhErEd Trojan, as malicious software, should be disabled and deleted as soon as possible, in any case. Unfortunately, QWCiPhErEd Trojan's encryption has been identified as exceptionally advanced, and restoring encrypted files from a backup is ultimately a more practical solution than attempting to break QWCiPhErEd Trojan's encryption code.

Eyeballing the Chains That QWCiPhErEd Trojan Wraps Around Your Files

The QWCiPhErEd Trojan can be acquired by various methods, including malicious website-based drive-by-downloads or as part of a payload that's dropped by other forms of harmful software. Regardless of how QWCiPhErEd Trojan gets to your computer in the first place, QWCiPhErEd Trojan's initial attacks consist of encoding a wide range of file types on your hard drive to make them unusable. Some of the popular file types that SpywareRemove.com malware analysts have found QWCiPhErEd Trojan to target include:

  • Text documents (such as .txt, .doc or .docx).
  • Image files (such as .jpg, .jpeg, .png or .gif).
  • Audio and movie files (such as .mp4, .flv, .mpg or .avi).
  • Archives (such as .rar or .zip).
  • CD emulation files (AKA .iso files).

If you try to launch any of these files, QWCiPhErEd Trojan will launch a pop-up message as follows:

The files on your machine are disabled for viewing, copying and duplicating video elements of p–n and gay p–n. To unlock you need to pay a fine of 50 euros. For this purpose, any terminal pay or buy a Ukash voucher Paysafecard on that amount. More sites http://.[URL Removed] http://www.[URL Removed]
Please send the voucher by e-mail tenagliamirella@gmail.com.
In the case of payment of an amount equal to the penalty in return you will receive an unlock code. It must be entered in the field. After unlocking you must remove all materials that contain elements of violence and porn. In the case of non-payment, all data on your personal computer will be permanently blocked. You have 5 attempts to enter code.
All questions on tenagliamirella@gmail.com

SpywareRemove.com malware researchers emphasize that QWCiPhErEd Trojan doesn't originate from any type of legitimate legal authority and has no ability to detect the pornographic activities that QWCiPhErEd Trojan claims to be the cause of your computer's lock down. Unfortunately, QWCiPhErEd Trojan's encryption uses advanced RSA techniques that can't be broken easily, and your best bet for recovering your files is simply to delete QWCiPhErEd Trojan with good anti-malware software and then restore your files from a backup.

How to Safely Flush Out a QWCiPhErEd Trojan Ransom from Your PC

Because QWCiPhErEd Trojan changes the Windows Registry during its installation, the safest means of removing QWCiPhErEd Trojan is to use an anti-malware product that can inspect and delete QWCiPhErEd Trojan's components without damaging your operating system. On the bright side, for PC users who prefer non-Windows platforms, QWCiPhErEd Trojan is a Windows-specific PC threat, and can be disabled or avoided entirely by using a different brand of operating system.

Modern versions of Windows are also effectively immunized to QWCiPhErEd Trojan attacks, as QWCiPhErEd Trojan is only capable of infecting Windows 2K, XP and Server 2003. If you're unable to run appropriate security programs to remove QWCiPhErEd Trojan while QWCiPhErEd Trojan is open, SpywareRemove.com malware experts can recommend a variety of solutions to stop QWCiPhErEd Trojan from launching, including using Safe Mode and booting from a removable hard drive.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to QWCiPhErEd Trojan may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.