Win32/Weelsof
Posted: June 11, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 9 |
First Seen: | May 30, 2012 |
---|---|
Last Seen: | December 12, 2020 |
OS(es) Affected: | Windows |
Weelsof is a ransomware family consisting of Police Trojans and similar threats that display fake legal alerts. Although different versions of Weelsof Trojans are years-old in distribution, recent attacks have provided possible evidence of renewed infection methods that target potential airline customers. For deleting Weelsof and similar Trojans, malware experts recommend standard security protocols for disabling their warning messages, after which a suitable anti-malware product should be able to remove this threat.
Buying a Flight with Trojans Aboard
Weelsof consists of a variety of members, such as the previously-examined Trojan.Weelsof.C, all of which display consistent standards for their attacks. Although some Weelsof warning messages may claim to be able to encrypt files on your computer, malware analysts have not seen any such functions from Weelsof Trojans. Instead, Weelsof blocks access to your computer by locking the Windows desktop and displaying a warning message referencing various legal institutions (which are variable, according to the region of the infected PC).
The most recent Weelsof Trojans circulate themselves in e-mail spam that disguised their installers as printable documentation confirming a ticket purchase with Delta Airlines. In at least one such attack, evidence has been corroborated to confirm that the victim intended to travel to the destination cited in the Trojan's e-mail message. These details may be indicative of other security breaches elsewhere, even before the opening of this file attachment.
As per usual ransomware attacks, Weelsof blocks any access to other programs or files until its demands are met, which involve the transfer of cash via vouchers.
Taking the Wheels Off of the Weelsof Ransom Tactic
Weelsof's last campaign has been ongoing for over a month, but PC users can continue to protect themselves by enacting the same standards malware researchers have recommended versus similar Windows locker Trojans. You should treat with high suspicion any seemingly 'official' e-mail messages that recommend your opening file attachments. Even apparently harmless files, such as text documents, may include embedded exploits for installing Weelsof.
Most anti-malware products with good database management should be able to detect variants of Weelsof, which is a thoroughly identified and well-researched family of threats. If your anti-malware products become blocked by Weelsof, restart your PC in Safe Mode or use a recovery USB device to disable Weelsof's startup routine. Because of Weelsof's penchant for using random file names and hiding its files in Windows directories, manually deleting Weelsof is discouraged for the potential damage Weelsof may cause to your OS.
In all attacks by Trojans that purport to be a part of a law enforcement agency, you should be able to identify the obvious warning signs and respond appropriately. Legitimate legal institutions never will request a money transfer through cash vouchers or Bitcoins (a secondary option for some forms of ransomware), nor will they lock your computer via desktop pop-ups.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 55.29 KB (55296 bytes)
MD5: f49fc1655ca682701f00c7a5adbb18f1
Detection count: 85
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 19, 2012
file.exe
File name: file.exeSize: 53.76 KB (53760 bytes)
MD5: c713c6579d06b2be04a69a6466c9951b
Detection count: 83
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 19, 2012
file.exe
File name: file.exeSize: 56.83 KB (56832 bytes)
MD5: abd3efc8bea05e078be5e3a572ea44ec
Detection count: 82
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 19, 2012
%ALLUSERSPROFILE%\irrmnwmw.exe
File name: irrmnwmw.exeSize: 53.24 KB (53248 bytes)
MD5: 796ec572bd1c868aa1ef63568287b5c9
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: June 19, 2012
%WINDIR%\jattcfwvdyrfwcjjrfej.exe
File name: jattcfwvdyrfwcjjrfej.exeSize: 65.53 KB (65536 bytes)
MD5: 900daa26ac0561998998cdbfbfaae4e4
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: June 19, 2012
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.