A forum for reverse engineering, OS internals and malware analysis 

Trojan.MBRlock

Forum for analysis and discussion about malware.

Re: bootkitlock2

 #11849  by Tigzy
 Mon Feb 27, 2012 5:53 pm
Could you dump more sectors of the disk, please? Something like this command under Linux
Here (Thanks to Xylitol)
pass: infected
(2.45 KiB) Downloaded 61 times
t is also possible to patch the sector you posted so then every password will match (even bare ENTER keypress without any password) if you wish...
No please, only need to know the algorithm used to find the password needed. Even if the author has its own private algorithm, it must be found in the MBR...

Hi EP_X0FF ;)
That looks like your sample indeed.

Re: bootkitlock2

 #11885  by EP_X0FF
 Wed Feb 29, 2012 2:17 am
Quads wrote:Hmmm, some sort of way to get money from people with this infecting their systems??

http://www.coolstudio.net/?tag=bootkitlock-gen32

Quads
I think this was posted by author of this crapware in ridiculous attempt to take some money from idiots in another way.

Re: Trojan.MBRlock

 #12647  by rkhunter
 Thu Apr 12, 2012 12:50 pm
Trend Micro catched lulz
Ransomware Takes MBR Hostage http://blog.trendmicro.com/ransomware-t ... r-hostage/
We have encountered a ransomware unlike other variants that we have seen previously. A typical ransomware encrypts files or restricts user access to the infected system. However, we found that this particular variant infects the Master Boot Record (MBR), preventing the operating system from loading.
:facepalm:
  • 1
  • 6
  • 7
  • 8
  • 9
  • 10
 Return to “Malware”