Posted 20 October 2011 - 04:12 PM
Got a computer here which is infected with what appears to be a new variant of the ‘Die echtheit Ihrer Windows-Kopie’ ransomware infection. The old infection appears to be removed by using the code QRT5T5FJQE53BGXT9HHJW53YT. This one comes up with a 'Ungultige Aktivierungsschlussel' message when typing that code, which I have to assume means "Unable to Activate!" or something similar.
The screen refers to identification number 36578, website www.code-microsoft.org, and telephone 09001770999, which appears to all be different from the previous variants of the infection.
Further, the computer is likely infected with the Security Sphere 2012 infection, which was the start of everything, apparently. But that one seems like an easy removal. This one, not quite so much.
It's obvious that it's just an overlay on Windows, because you can CTRL-ALT-DEL and click on "Task Manager" and see it blink for a second, or hit the Start key on the keyboard and see the start menu flash up. I'm going to pull the drive and scan from another system, but before taking it apart, didn't know if there was a known code that may be working with this one.