As you may already know ransomwares are too dangerous for your systems. Thea are very nasty and do nothing good to your machine. If you see in front of you the message saying that Your computer is locked for violating the Law of Great Britain it means you have this new ransomware. It also means that your computer is blocked and you will not have the possibility to unblock it until you pay certain sum of money.
This ransomware creates the files:
- %LOCALAPPDATA%\[random].exe
- %COMMONAPPDATA%\[random].exe
- %LOCALAPPDATA% = %USERPROFILE%\Local Settings\Application Data
- %COMMONAPPDATA% = %ALLUSERSPROFILE%\Application Data
- %LOCALAPPDATA% = %USERPROFILE%\AppData\Local
- %COMMONAPPDATA% = %ALLUSERSPROFILE%\Application Data
1. Launch your PC in Directory Services Restore Mode or Debugging Mode. 2. Remove the parameter AutoRun in the registry key HKCU\Software\Microsoft\Command Processor 3. Change the parameter value Shell in the registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon на Explorer.exe 4. Remove the parameter value DisableTaskMgr in the registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System 5. Reboot your PC in the normal mode. 6. Launch the reputable anti-virus solution to clean your computer from potentially insecure malicious objects.
SOURCE: http://www.deletemalware.net/new-ransomware-spreads-through-great-britain/
No comments:
Post a Comment