If infected, Window is blocked by ransomware.
To use window, user have to pay for getting key to release locked window.
For using window without threats of this ransomware, we hope this post will be helpful to you.
2. Spreading path and symptoms of infection
Ransomwares can be spread via vulnerable web site, attatched file on e-mail, instant messenger, and SNS(Social Network Services).
If infected, it "LOCKS" window and doesn’t allow using window without certain steps such as following figures.
We can find the form to input 10 digits key which will be received after paying certain amount of money.
This locking window will not be removed on rebooting.
3. How to respond
We will let you know how to remove and treat this ransomware.
◆ How to treat
1) Press "F8" on booting and starting window with “safe mode”.
2) On windows, "Start" -> "Run" -> "regedit"
3) Remove registry information on following path.
- Name : [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- Data : C:\Documents and Settings\(user account)\Application Data\Microsoft\explorer.exe
4) Move following path and remove malicious file.
- Path : C:\Documents and Settings\%username%\Application Data\Microsoft
- File Name : explorer.exe
5) Reboot to complete treatment
4. How to prevent
This kind of ransomware can damage not only data but financially.
Since it has big possibilities to emerge various variants, users have to prevent from this malicious ransomware with this following “Security management tips”.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function such as malicious file stated above and runs responding system 24 hours against various security threats.