Home Malware Programs Ransomware Threat Finder Ransomware

Threat Finder Ransomware

Posted: May 18, 2015

Threat Metric

Threat Level: 10/10
Infected PCs: 2
First Seen: May 18, 2015
OS(es) Affected: Windows

The Threat Finder Ransomware is a file encrypting Trojan used to deprive you of access to your PC and its data before demanding its victims pay Bitcoin fines equivalent to roughly 300 USD. The Threat Finder Ransomware doesn't include self-distributing functions in and of itself, but other threats may install the Threat Finder Ransomware, including Trojans malware experts link to compromised Flash advertising networks. As with many, equivalent threats, removing the Threat Finder Ransomware after its installation may require both dedicated anti-malware tools and additional steps for avoiding its system lockdown, but does not require paying its ransom.

The Threat that's Finding Your Files

The Threat Finder Ransomware, sometimes abbreviated as Threatfin, is a Trojan that disguises its components as system files (of the DL or DLL formats) within your temporary files folder. While the Threat Finder Ransomware can't distribute itself, the Threat Finder Ransomware utilizes additional threats, such as the downloader Bedep, for this purpose. Once the Threat Finder Ransomware gains access to your computer, the Threat Finder Ransomware makes several changes, all aimed at acquiring new victims, and their finances, for its ransomware campaign.

Symptoms of a Threat Finder Ransomware infection that malware experts can confirm may include:

  • When Windows loads, the Threat Finder Ransomware may generate a borderless pop-up window. This pop-up contains a warning message of a variable format informing you that your files have been encrypted (or coded to prevent them from being read). Most warning messages also may warn you against restarting your computer or taking any steps to disinfect it.
  • The Threat Finder Ransomware's centerpiece attack is its ability to encrypt files, which the Threat Finder Ransomware chooses by searching for files of popular formats, such as JPG, PPT, DOC or XLS. The Trojan includes most standard Microsoft Office, image, text and spreadsheet-related file formats in this list. The Threat Finder Ransomware encrypts files matching its specifications, making them unreadable.
  • The Threat Finder Ransomware also may create a backdoor wireless connection, through which the Threat Finder Ransomware may download other threats, receive instructions or transfer files collected from your PC.

The Threat Finder Ransomware's warning messages, regardless of their variances, always demand that the victim pay a Bitcoin ransom before the Trojan returns their file data to normal. As with most such cases, malware researchers see no benefit to paying this ransom, which includes no guarantee of following through on the theoretical decryption process.

Finding Your Way out of Problems with the Threat Finder Ransomware

Besides using anti-malware products to protect your PC from threats that could install the Threat Finder Ransomware, this file encryptor is most directly circumvented with the help of safe, methodical file backups. File backups stored on removable devices or online cloud servers should be unaffected by the Threat Finder Ransomware's attacks, which target the infected PC's hard drive. Blocking advanced browser content, such as scripts or unsafe advertisement networks, also can hinder attempts by Trojans like Swifti to install the Threat Finder Ransomware onto your machine.

Although the names of the Threat Finder Ransomware's components are, so far, consistent between versions, the Threat Finder Ransomware does make the effort of hiding its files in difficult-to-search locations like the Temp folder. While these folders are scanned by PC security tools easily, manual examinations of the hundreds or thousands of files routinely found in such temporary locations may be impractical. As malware experts usually recommend, automated anti-malware defenses can provide the simplest protection from the Threat Finder Ransomware even when its encryption attacks aren't immediately reversible.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%TEMP% \ie2.dll File name: %TEMP% \ie2.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%TEMP% \reg.dll File name: %TEMP% \reg.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
1.jpg File name: 1.jpg
Mime Type: unknown/jpg
Group: Malware file
2.jpg File name: 2.jpg
Mime Type: unknown/jpg
Group: Malware file
3.jpg File name: 3.jpg
Mime Type: unknown/jpg
Group: Malware file
4.jpg File name: 4.jpg
Mime Type: unknown/jpg
Group: Malware file
5.jpg File name: 5.jpg
Mime Type: unknown/jpg
Group: Malware file
HELP_DECRYPT.html File name: HELP_DECRYPT.html
Mime Type: unknown/html
Group: Malware file
%TEMP% \crypto_bot.log File name: %TEMP% \crypto_bot.log
Mime Type: unknown/log
Group: Malware file

Related Posts

Loading...