# Ransom Virus



## 1stopgeekshop (Jul 6, 2010)

In the past week, I've seen 2 of these "ransom" virus' come through my shop. I was curious if any other tech's have seen them.

Basically when the machine boots up, you're locked out of everything, no admin, no keyboard, no mouse. BIOS works but that does not matter.

There is a window that explains the computer is being held for ransom and if the $20.00 ransom is not paid, files will be deleted off the hard drive.

The hostage must pay $20.00 via western union in order for the machine to be released.

the fix was simple... boot into hirens and run combofix, then removed the drive and plugged drive into test machine and ran the usual anti-virus software.

My question is has anyone else seen this yet... I've seen two in a week.

Thanks geeks! Jason


----------



## Concordedly (Jul 6, 2010)

Not personally, but I have read articles. It originally came about in 06, then in 08 and there have been some more recent articles Apr 2010. Some demanding payment for 'violation of copyright laws' based on your browsing history, etc. Most articles reference that these are japanese and/or russian made. (Distributed via P2P)


----------



## softe (Jul 7, 2010)

i have not seen or heard of this, very strange, prob came from an email you opened or website you visited, porn sites maybe? strange never the less


----------



## Fira (Jul 7, 2010)

Please if safe and you, anyone else wishes to download 
http://www.kaspersky.com/anti-virus_trial that should help.


----------



## 1stopgeekshop (Jul 7, 2010)

*RE: Thanks.*

yeah i found it strange that i had 2 machines in a week come in with it...

Concordedly: i think this one is russian given the wording in the text...

Softe: nope, not me...lol... these are customers machines... (i own a repair shop)

Fira: thanks but i got it with hirens, combofix, mbam and avira...

Thanks for replying everyone... ill keep the forum posted... looks like there may be another wave coming around...


----------



## tlarkin (Jul 7, 2010)

If it is like the ones I read, they use encryption and with out the password your data is toast.  I also read that a lot of the widely circulated ones all have known passwords so the fixes that fix them should release your data from the encryption, unless it is a new breed which has a different passkey.


----------



## PohTayToez (Jul 7, 2010)

I haven't seen this particular one, but "ransomware" is pretty common.  Usually it's not so direct, and displays itself as a fake antivirus program that is detecting lots of viruses on your computer, but you need to buy the full version to remove them.


----------



## Concordedly (Jul 7, 2010)

PohTayToez said:


> I haven't seen this particular one, but "ransomware" is pretty common.  Usually it's not so direct, and displays itself as a fake antivirus program that is detecting lots of viruses on your computer, but you need to buy the full version to remove them.



Those are the kind my mom gets... All the time... 

This is completely different. It prevents boot of OS and goes directly into this pay us or all your data will be lost scenario.


----------



## tremmor (Jul 8, 2010)

this post is spam. read it all.


----------



## johnb35 (Jul 8, 2010)

tremmor said:


> this post is spam. read it all.



Huh?


----------

