Reveton

Posted: August 14, 2012

Reveton Description

Reveton Screenshot 1Reveton is a ransomware Trojan that hijacks your browser to display a fake legal alert while Reveton also locks down your computer. Because Reveton's pop-up alerts often use country-specific references to various legal agencies, Reveton may appear legitimate at first glance, but Reveton simply is a way for criminals to milk money out of PC users by accusing them of random crimes. Standard pop-up alerts from Reveton are recognizable members of the widespread 'Ukash Virus' family, which SpywareRemove.com malware experts have noted are especially common in Europe, although other countries overseas have also been affected by Reveton attacks. Due to its automatic startup and system-locking behavior, Reveton must be disabled before you can access anti-malware programs that could remove Reveton, although deactivating Reveton isn't necessarily as difficult as one would assume (as noted further in this article).

Don't Be Intimidated by Reveton's Crooked Cops

Once Reveton is launched, Reveton can be noticed by the pop-up window that Reveton generates to cover your desktop, including the Windows taskbar. This makes it impossible for you to access shortcuts, as well as the overall Windows interface, while Reveton is open, and attempts to navigate through Reveton's pop-up window will also fail (the pop-up is an image with the URL bar disabled).

The exact image that Reveton displays in this Window will change with the IP address of your PC as Reveton attempts to find a match for your country of origin. Examples of pop-up variants that SpywareRemove.com malware researchers have noticed from Reveton include:

Besides displaying basic law enforcement-related imagery and your IP address, Reveton's pop-ups will claim that your PC is involved in illegal file-trafficking or media-viewing activities. This excuse gives Reveton a semi-plausible reason for blocking access to your computer, although SpywareRemove.com malware researchers emphasize that Reveton is unaffiliated with any form of real law enforcement.

Where Reveton's Fake Warnings Ultimately Lead

Reveton's warning messages are used strictly to frighten you into transferring a 'fee' through Ukash, Paysafecard or similar financial services. Since the fees and other legal penalties that Reveton levies against you are completely fraudulent, SpywareRemove.com malware analysts can never recommend any course of action other than finding a way to delete Reveton with all your money intact.

Removing Reveton will require that you disable Reveton's startup exploit, which is viable through a Safe Mode boot or, in extreme cases, booting your OS from a USB drive. Competent anti-malware products should experience no real difficulty in deleting Reveton once Reveton has been prevented from launching in the first place.
Reveton Screenshot 2

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Reveton may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

Registry Modifications


The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: 'Userinit' = '\userinit.exe, %Documents and Settings%\[UserName]\Application Data\temp_sys.exe'HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\¬Software\¬Microsoft\¬Windows\¬CurrentVersion\¬Internet Settings\-Zones\¬0HKEY_CURRENT_USER\¬Software\¬Microsoft\¬Internet Explorer\¬MainHKEY_CURRENT_USER\¬Software\¬Microsoft\¬Windows\¬CurrentVersion\¬Policies\¬SystemHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Win32\Trojan:Win32/Reveton.A

Related Posts

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.