[Xylitol]

xxx_video_85140.avi.exe winlock
https://www.virustotal.com/file-scan/re ... 1294984249

[Xylitol]

another video_XXXXX.avi.ExE
https://www.virustotal.com/file-scan/re ... 1295123475
dunno the unlock code

[EP_X0FF]

Offtopic post about Windows load order moved to separate thread

[EP_X0FF]

Porno Media Module (Adult Ban, sub family or lockers)

remembers me this http://forum.sysinternals.com/trojan-ra ... 22054.html

Crap drops to %Documents and Settings%\All Users\Media (XP)



http://www.virustotal.com/file-scan/rep ... 1295197172

Unblock, two stages:

1. 28527548
2. 35676549

Or kill it with help of any non standard taskmanager.




In attach both original and unpacked.

[xhandsome]

"see archive comment for password" ?
I don't know how to get the password, Please guide for me how to get the pass word,
thanks

[nullptr]

"see archive comment for password" ?
I don't know how to get the password, Please guide for me how to get the pass word,
thanks

Depends on what archive app you use, but for the archives in question the pw is xylibox

[EP_X0FF]

Thread split.

All Lock Em All related discussion moved to Trojan.Winlock - Lock Em All thread.

[EP_X0FF]

Thread split, BlueTrash and Homoblocker discussion moved to special separate topic. This was done because both lockers constantly updating - changing hardcoded unblock keys. There is no need to post them again and again (because they are nothing new except codes), as in fact all what required - tel number, unblock code, VT report (if available) and malware source (if available).

[EP_X0FF]

Thread split.

Delphi pornoblocker (virtual keyboard) stuff moved to dedicated topic

[mrbelyash]

pass-virus

http://forum.drweb.com/index.php?s=&sho ... t&p=497480