Trojan.Ransomlock!gen4
Posted: November 2, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 31 |
| First Seen: | November 2, 2011 |
|---|---|
| OS(es) Affected: | Windows |
Trojan.Ransomlock!gen4 is a behavioral (or 'heuristic') identification label that's applied to certain types of Trojans. Variants of Trojan.Ransomlock!gen4 are capable of different attacks, but probable threats that SpywareRemove.com malware experts have noted include frozen operating systems, fake warning messages for criminal activity, fake infection alerts, the installation of other forms of harmful software and attempts to steal money or personal information (including bank-related info). Despite the high level of harm that Trojan.Ransomlock!gen4 can cause, Trojan.Ransomlock!gen4 is only capable of attacking Windows-based computers. Recent Trojan.Ransomlock!gen4 attacks have focused on spreading Trojan.Ransomlock!gen4 via spam e-mail messages about Muammar Gaddafi's passing, and SpywareRemove.com malware experts encourage you to avoid interaction with e-mail links from unusual sources to protect your PC from Trojan.Ransomlock!gen4.
Trojan.Ransomlock!gen4: a Generalized Danger with a Timing-Specific Lure
Even though Trojan.Ransomlock!gen4 has been a danger to Windows computers for some time now, recent events have conspired to give Trojan.Ransomlock!gen4 a new way of infecting your PC. Much like Mal/Behav-103, BKDR_EXDEPH.A and BKDR_IRCBOT.DAM, Trojan.Ransomlock!gen4 uses spam e-mail messages to spread itself, while claiming to be a movie link that depicts the demise of dictator Muammar Gaddafi. Although SpywareRemove.com malware experts have found that Trojan.Ransomlock!gen4 spam e-mail does contain genuine footage of this event, the links that are provided also include an installer for Trojan.Ransomlock!gen4 which launches itself without permission.
Brazilian Internet-goers are especially in danger of being targeted by this Trojan.Ransomlock!gen4 attack, since most Trojan.Ransomlock!gen4 spam messages have focused on that country. Naturally, the content isn't in English, although a translation has been provided below, along with a transcription of the original subject line:
Subject: Novo video nao divulgado por ter imagens fortes mostra Kadhafi pedindo misericordia de joelhos e seus guardas sendo executados
Subject: New video not released due to disturbing images, shows Gadhafi asking for mercy on his knees and his guards being executed.
Ironically, the link accesses Korean websites (specifically, subdomains of noticias.removed.co.kr) to install Trojan.Ransomlock!gen4.
Recovering from a Trojan.Ransomlock!gen4 Attack and Putting This Deadly Genie Back into Its Jar
Like most Trojans, Trojan.Ransomlock!gen4 will try to avoid detection, and you should use appropriate anti-malware applications to find and remove Trojan.Ransomlock!gen4. Your security programs may also detect Trojan.Ransomlock!gen4 by one of its aliases, which include TrojanDownloader:Win32/Cutwail.BE, Trojan-Banker.Win32.Qhost.mmu and Mal/EncPk-AAT. Trojan.Ransomlock!gen4 can attack most versions of Windows, such as Windows 2K, XP, NT and Server 2003.
Risks from Trojan.Ransomlock!gen4 attacks can vary due to the nature of the Trojan itself, as well as due to instructions that Trojan.Ransomlock!gen4 may receive from control servers. SpywareRemove.com malware experts forewarn against the following possibilities:
- Having Windows locked and being unable to access any meaningful programs or functions. This is usually accompanied by some form of request for money (which is the 'ransom' part of the 'ransomlock' moniker). Under no circumstances should you pay this fee instead of deleting Trojan.Ransomlock!gen4 with suitable security software.
- Having security and anti-malware programs blocked. Methods of working around this Trojan.Ransomlock!gen4 attack include using a Safe Mode boot, booting from a USB device or renaming the program file to a generic file name like 'explorer.exe.'
- Experiencing browser hijacks that create pop-ups or redirect your browser to unsafe websites.
- Noticing the presence of unusual and malicious types of software, such as fake AV programs, spyware programs, worms or viruses.
- Experiencing a loss of private data (such as passwords or account login names) to hackers who will use this information for criminal purposes.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 93.18 KB (93184 bytes)
MD5: 8e54e1114970a8d84c7829b51c940602
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 3, 2011
file.exe
File name: file.exeSize: 93.18 KB (93184 bytes)
MD5: 4995ececfe3ae4d11811937fb8ab6442
Detection count: 83
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 3, 2011
file.exe
File name: file.exeSize: 64 KB (64000 bytes)
MD5: 3c4cb6a9788425f925ac83a1c22679bf
Detection count: 82
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 3, 2011
file.exe
File name: file.exeSize: 93.18 KB (93184 bytes)
MD5: 1537605d30a16ad517a5a1d38850e020
Detection count: 81
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 3, 2011
file.exe
File name: file.exeSize: 93.18 KB (93184 bytes)
MD5: c7d2f52e65230f31fab086d607bf86fd
Detection count: 69
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 3, 2011
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.