This malicious program demands a ransom in exchange for the content of an encrypted archive, which users believe contains a file that they need. It is a Windows application (PE EXE file). It is 1 114 654 bytes in size. It is written in Delphi.
As a rule, the malware is downloaded by the user from the Internet in the guise of a self-extracting archive containing the file that the user needs. Once launched, the malware displays a window with the following content:
After the "Unpack" button is pressed, the malware imitates the process of extracting the file. At a certain stage, this process stops and the user is prompted to enter a code to continue extracting. To obtain the code, it is necessary to select a country and send an SMS to the short number specified:
Rules For complaints Ratespoint to the following resources, respectively:
http://zip***z.ru/rules/ http://he***pfilez.ru/ http://www.a1ag***tor.ru/main/abonent
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
- Use Task Manager to terminate the Trojan process.
- Delete the original Trojan file (its location will depend on how the program originally penetrated the infected computer).
- Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).