How to deal with malware belonging to the family Trojan-Ransom.Win32.Digitala

tag:Trojan-Ransom

0 0

Malware belonging to the family Trojan-Ransom.Win32.Digitala (Get Accelerator, Digital Access, Get Access, Download Manager v1.34) compromises systems to demand a ransom. Malware belonging to the family Trojan-Ransom.Win32.Digitala blocks access to the Internet and displays a message about breach of a license agreement. The message contains a demand to send a SMS with a certain code to a certain number in order to unblock access to the Internet.

The family Trojan-Ransom.Win32.Digitala has several types of blockers:

Digital Access
Get Accelerator
Get Access
Download Manager v1.34
Ilite Net Accelerator

It is highly probable that the invader will be displaying messages in Cyrillic!

Please find the examples below:

Digital Access

Get Accelerator
Get Access
Download Manager v1.34

Signs of infection

This malware can penetrate computers either through user's actions or silently:

This malware can penetrate user computers through user's actions. For example, a user can initiate installation of an allegedly legal program claiming to be Digital Access. When such “disguised” program is run, it displays a license agreement. By agreeing with this license agreement, the user allow to infect the system.
It can also invade without user's participation with aid of other malicious programs (Get Access) by self-downloading and performing a silent installation.

It will then display a message demanding to send a SMS in order to receive an activation code which would permit to activate the installed software.
The message may be displayed immediately or within 6 hours.
Within 5 minutes after displaying that message, the malware will force a PC reboot and block access to the Internet.
It will create a new folder named {ffffffff-F03B-4b40-A3D0-F62E04DD1C09} in the system registry (path HKEY_LOCAL_MACHINE->SOFTWARE->Microsoft->Windows->Current Version->Uninstall) containing uninstaller path.
The value of the variable "UninstallString" is srored in the field Data.

How this malicios program invades a system:

installation of a hidden service (its file can be found in C:\Windows\System32);
installation of a rootkit to hide its files (its file can be found in C:\Windows\System32). A rootkit is a program or a suite of programs designed to obscure the fact that a system has been compromised.
deletes its installer;
sends a report (about installation, activation, and deactivation) to the owner's server;
if there is no network or network has a specific configuration, the malicious program fails to install in the system, outputs an error and deletes its installer.

How to receive a copy of the malicious program on an infected system:

open the command line console:

in Windows XP: go to Start > Run, type in

previous12 3 Next

previous:How to disinfect computer from the virus I-Worm.Nimda?
previous:How to eliminate Trojan-Ransom.Win32.Rector

Virus Source from:http://www.securelist.com/

New articles

I-Worm/Bugbear.C Download the remover rmbugbear.exe and run it on infected computer. Then restart your PC normally and run the AVG Complete Test. If the infected computer is co...Downloader.Stubby.A - Trojan RDownload and run the remover rmstubby.exe on the infected computer....Conficker Worm (Win32 DownadupDownload file rmdndup.exe Then run the tool for removal of infected files. The tool will automatically scan all available discs and will try to heal the ...ZbotKiller-Trojan-Spy.Win32.ZbAt present Kaspersky Lab analysts detect wide spread of Trojan programs of Trojan-Spy.Win32.Zbot family. These programs are used by cyber-criminals to steal any...TDSSKillerHow to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?...

Hot Articles

How to deal with malware belonging to the family Trojan-Ransom.Win32.Digitala

Computer Virus Clounds