Reveton.N malware – Safe Mode included.

2013.01.31

Reveton.N malware quite known recently, it’s Ransomeware that lock Your PC and demand money.

See Microsoft Encyclopedia for screenshots and some details about it.

interesting is, that most of  removal instructions that Google found start from Boot in “Safe mode”

And my sample from 2 days ago infect victim in way, that in “Safe mode” nice window that demand money, reappear (!)

Ok, how?

Simple, actually. It inject itself into WMI service, as ServiceDLL both in ControlSet001 and ControlSet003

Local path of DLL is victim current %TEMP% folder

So, updated cleanup instructions for Reveton.N malware:

1. Reboot and press F8, choose “Safe mode with command prompt” and boot with Your current user

2. In command prompt (black window) type in

cd %TEMP%

and press Enter

then type in

del /q *.dll

and press Enter

type in

shutdown /r /f /t 00

press Enter

Computer will restart

3. Download proper antivirus and clean Your computer with it from all other malware You have on Your PC. 

Stay Safe!

D.L.

 

 

 

 

Tags :     
trackback

Leave a comment