Skip to content

Ransomware, Part 1

January 11, 2013

I’ve gotten a call earlier today from a friend because his computer has been locked by “The United States Department of Justice”.  In addition to that “The United States Department of Justice” demands computer owner to pay $300 to unlock the computer “avoid other legal consequences”.

First and foremost, The United States Department of Justice does not run such operation.

This is a ransomware. It replaces Windows 7 shell with its own executable file. Booting the computer to plain “Safe Mode” or” Safe Mode with Networking” will load the malicious executable. Instead, boot to “Safe Mode with Command Prompt” and manually remove the malicious software.

I’ll describe what I did in the next post.


No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: