Re: help, metropolitan police scam!!!

54 views
Skip to first unread message

dirty boy

unread,
Nov 5, 2012, 8:46:45 PM11/5/12
to FreeFixer User Forum
Ps could i have downloaded this by using someone elses wireless conection, becose i was on a puplic network when this happend

On Tue, Nov 6, 2012 at 1:24 AM, helpmeplease <dirtyb...@gmail.com> wrote:
Hi everybody, please could someone tell me which files i need to
remove to get this Scam off my computer and up and running again,
thanks.

helpmeplease

unread,
Nov 5, 2012, 8:24:52 PM11/5/12
to FreeFixer User Forum

Roger Karlsson

unread,
Nov 6, 2012, 5:20:11 AM11/6/12
to freefix...@googlegroups.com
Hello,

Microsoft's Thread Encyclopedia has a page about for the scam, which lists the files that should be removed:

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Reveton#techdetails_link

Quote:
"When run, some variants of Trojan:Win32/Reveton copy themselves to your computer using the following naming scheme:

%ALLUSERSPROFILE%\Application Data\<reverse string of the filename>.<reverse string of extension name>

for example, if the original file name is "malware.dll", the copy's name is "erawlam.lld".

Note: %ALLUSERSPROFILE% refers to a variable location that is determined by the malware by querying the operating system. The default location for the All Users Profile folder for Windows 2000, XP, and 2003 is "C:\Documents and Settings\All Users\Application Data". For Windows Vista and 7, the default location is "C:\ProgramData\Application Data".

Some variants of Trojan:Win32/Reveton create the following shortcut file in the Windows startup folder to ensure the trojan loads every time you log on:

<startup folder>\ctfmon.lnk, detected as Trojan:Win32/Reveton!lnk

Note: <startup folder> refers to a variable location that is determined by the malware by querying the operating system. The default installation location for the Startup folder for Windows 2000, XP, and 2003 is "%USERPROFILE%\Start Menu\Programs\Startup". For Windows Vista and 7, the default location is "%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup".

Manually clicking the shortcut will also run the trojan.

In some older variants of Trojan:Win32/Reveton, the trojan creates a shortcut file with the file name "<random file name>.dll.lnk"."


Did this help you to remove malware?

/Roger
--
You received this message because you are subscribed to the Google Groups "FreeFixer User Forum" group.
To post to this group, send email to freefix...@googlegroups.com.
To unsubscribe from this group, send email to freefixer-for...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/freefixer-forum?hl=en.

Reply all
Reply to author
Forward
0 new messages