Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New ‘Die echtheit Ihrer Windows-Kopie’ variant?


  • Please log in to reply
No replies to this topic

#1 Zeromus-X

Zeromus-X

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 20 October 2011 - 04:12 PM

Got a computer here which is infected with what appears to be a new variant of the ‘Die echtheit Ihrer Windows-Kopie’ ransomware infection. The old infection appears to be removed by using the code QRT5T5FJQE53BGXT9HHJW53YT. This one comes up with a 'Ungultige Aktivierungsschlussel' message when typing that code, which I have to assume means "Unable to Activate!" or something similar.

The screen refers to identification number 36578, website www.code-microsoft.org, and telephone 09001770999, which appears to all be different from the previous variants of the infection.

Further, the computer is likely infected with the Security Sphere 2012 infection, which was the start of everything, apparently. But that one seems like an easy removal. This one, not quite so much.

It's obvious that it's just an overlay on Windows, because you can CTRL-ALT-DEL and click on "Task Manager" and see it blink for a second, or hit the Start key on the keyboard and see the start menu flash up. I'm going to pull the drive and scan from another system, but before taking it apart, didn't know if there was a known code that may be working with this one.

Thanks!

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users