Categories: Ransomware
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".
This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.
Visible Symptoms:
Files in system folders:
[%COMMON_DESKTOPDIRECTORY%]\WinSecureAv.lnk
[%PROFILE_TEMP%]\is-69GNC.tmp\ga6plicense.ini
[%PROFILE_TEMP%]\is-69GNC.tmp\gfl.exe
[%PROFILE_TEMP%]\is-69GNC.tmp\License_4_1.rtf
[%PROFILE_TEMP%]\is-69GNC.tmp\_isetup\_shfoldr.dll
[%COMMON_DESKTOPDIRECTORY%]\WinSecureAv.lnk
[%PROFILE_TEMP%]\is-69GNC.tmp\ga6plicense.ini
[%PROFILE_TEMP%]\is-69GNC.tmp\gfl.exe
[%PROFILE_TEMP%]\is-69GNC.tmp\License_4_1.rtf
[%PROFILE_TEMP%]\is-69GNC.tmp\_isetup\_shfoldr.dll How to detect WinSecureAv:
Files:
[%COMMON_DESKTOPDIRECTORY%]\WinSecureAv.lnk
[%PROFILE_TEMP%]\is-69GNC.tmp\ga6plicense.ini
[%PROFILE_TEMP%]\is-69GNC.tmp\gfl.exe
[%PROFILE_TEMP%]\is-69GNC.tmp\License_4_1.rtf
[%PROFILE_TEMP%]\is-69GNC.tmp\_isetup\_shfoldr.dll
[%COMMON_DESKTOPDIRECTORY%]\WinSecureAv.lnk
[%PROFILE_TEMP%]\is-69GNC.tmp\ga6plicense.ini
[%PROFILE_TEMP%]\is-69GNC.tmp\gfl.exe
[%PROFILE_TEMP%]\is-69GNC.tmp\License_4_1.rtf
[%PROFILE_TEMP%]\is-69GNC.tmp\_isetup\_shfoldr.dll
Folders:
[%APPDATA%]\WinSecureAv
[%COMMON_PROGRAMS%]\WinSecureAv
[%PROGRAM_FILES%]\WinSecureAv
[%PROGRAM_FILES_COMMON%]\WinSecureAv
Registry Keys:
HKEY_CURRENT_USER\software\winsecureav
HKEY_LOCAL_MACHINE\software\winsecureav
Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\products
HKEY_LOCAL_MACHINE\software\products
Removing WinSecureAv:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.Also Be Aware of the Following Threats:
No comments:
Post a Comment