FBI warns of widespread malware that locks down victims' computers.

[De Master Yoda]

http://www.iconocast.com/08-10-2012/...-computers.php

Reveton's fake FBI warnings demand that users pay to unlock their systems By Lee Bell Fri Aug 10 2012, 12:51



THE UNITED STATES Federal Bureau of Investigation (FBI) has alerted the public about a virus named Reveton that issues fake FBI warnings demanding infected victims pay to unlock their computers.

Reveton is described as "drive-by" malware due to its ability to activate and install itself when users visit a compromised web site. Unlike most viruses, it doesn't need to install a file or attachment.

Once it has infected a victim's PC, Reveton then locks their computer, saying the user is in violation of US federal law.

"The bogus message goes on to say that the user's Internet address was identified by the FBI or the Department of Justice's Computer Crime and Intellectual Property Section as having been associated with child pornography sites or other illegal online activity," the FBI said in a statement.

"To unlock their machines, users are required to pay a fine using a prepaid money card service."

The Internet Crime Complaint Centre (IC3) has said that it is getting "inundated with complaints" regarding the virus. Donna Gregory who oversees a team of cyber crime experts declared that "some people have actually paid the so-called fine".

The FBI first warned of the virus in May and has since been tracking its progress.

One victim who wrote to the IC3 said that they received the pop-up message while browsing the Internet and found "no way to close it".

"The window was labelled FBI and said I was in violation of one of the following: illegal use of downloaded media, under-age porn viewing, or computer-use negligence," the unnamed victim said.

"It listed fines and penalties for each and directed me to pay $200 via a MoneyPak order. The page said if the demands were not met, criminal charges would be filed and my computer would remain locked on that screen."

The IC3 warns that if you are a victim of the Reveton virus, you should not pay any money or provide any personal information and should immediately contact a professional to remove it from your computer.

"Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background," warned the IC3. "File a complaint and look for updates about the Reveton virus on the IC3 website." µ

FBI page about this virus.http://webcache.googleusercontent.co...8YGYAQ&ct=clnk

[De Master Yoda]

Courtesy of f-secure.

http://www.f-secure.com/v-descs/troj..._reveton.shtml

Trojan:W32/Reveton

Category: Malware
Type: Trojan
Platform: W32
Summary
Trojan:W32/Reveton is a Ransomware application. It fraudulently claims to be from a legitimate law enforcement authority and prevents users from accessing their infected machine, demanding that a 'fine' must be paid to restore normal access.
Disinfection

Manual Removal Instructions

Press Ctrl-O (the letter O, not the number zero).
From the prompted "Open" dialog box, type:

c:\windows\system32\cmd.exe.

Note: For Windows 7, it will prompt you whether you want to download and execute the file; you can press "Run" to continue.

In the command prompt displayed, type in one of the following commands, depending on your operating system:

For Windows XP:

Type cd %USERPROFILE%\Start Menu\Programs\Startup

For Windows 7:

Type cd %USERPROFILE%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup


From the same command prompt, type:

del *.dll.lnk

Finally, reboot the machine. You can do so by using this command:

shutdown -r -t 0

Note: These steps will disable the malware, but the trojan's main DLL (see Installation below) may still remain on the machine; this file can be removed by using F-Secure Anti-Virus.

Additional Details

Trojan:W32/Reveton is a variant in a family of ransomware applications that have been targeting European users in the last few weeks.

After the trojan successfully infects a machine, it will prevent the user from accessing the Desktop and will display a fraudulent message alleging that the system was locked by a local law enforcement authority; the specific authority mentioned varies depending on the affected user's location, though most of the samples we have seen mainly mentioned various European authorities.

The general activities of this malware, including screenshots showing the warning messages displayed by the trojan, can be seen in our Labs Weblog post discussing this topic:

Police Themed Ransomware Continues


Installation

Upon execution, it will create the following file:

On Windows XP
%USERPROFILE%\Start Menu\Programs\Startup\<reveton_filename>.dll.lnk
On Windows 7
%USERPROFILE%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\<reveton_filename>dll.lnk

[De Master Yoda]

Remove Trojan:Win32/Reveton.A (Removal Guide), How To Remove Trojan:Win32/Reveton.A

http://www.cleanpcguide.com/remove-t...in32reveton-a/


Details from Cleanpcguide.com. as above.