[Win32:Virut]

Sorry for late reply.

Please extract attachment, copy file to C:\ , press Win + R and write :

Code: Select all

rundll32 "C:\roper0dun.exe",FQ10

[Win32:Virut]

Trojan:Win32/Reveton

Sample is here: http://www.kernelmode.info/forum/viewto ... 526#p14526

[Ommenator]

This is the same infection posted by TeamRocketOps on June 28. I'm posting these in case you wish to compare the files for commonalities. Infect in the same way:
- Drop the .exe to %temp% (this is where it appears in the wild).
- Drop ctfmon.lnk to the startup folder. I altered it's properties with the %temp% variable so it will work on any Windows computer. In the wild the path appears as a literal.
- The .pad file is not really necessary since it will be created in the Common App Data folder when the .exe is run.

https://www.virustotal.com/file/703f1b9 ... 341961945/

MD5: aab13a145892ba07df443a9fb89ec1c8

[dumb110]

Ransom.Reveton in attach!

[dumb110]

Trojan.Winlock.5600
https://www.virustotal.com/file/b85ea8f ... /analysis/

Trojan:Win32/Reveton.F
https://www.virustotal.com/file/f88233e ... /analysis/

Ransom
https://www.virustotal.com/file/5faf764 ... /analysis/

Trojan.Winlock.6387
https://www.virustotal.com/file/0a381f9 ... /analysis/

All Attached!

Enjoy! :lol:

[dumb110]

2 more trojan ransom crap!! :)

SHA-1
47837159703ef7e25966b2a429ff93d0a65eb5ca
3462bb3952b96c33686e87c9614f33bcb890bbc9

[Cody Johnston]

Fresh Reveton

US FBI version

MD5: a607cd936e23e25f184dda624ec6270b

VT 6/41
https://www.virustotal.com/file/f9ddfd7 ... 343154681/

[Win32:Virut]

Reveton - version with not working video recording

https://www.virustotal.com/file/3d6fe6b ... /analysis/

[Blaze]

Belgian ransomware. (FCCU)

[Cody Johnston]

Fresh Reveton

This one renames rundll32.exe to 'lsass.exe' and placed in appdata.

VT 3/42
https://www.virustotal.com/file/063345f ... /analysis/