Reveton | A new Trojan attacks the European continent

Ransomware

What is ransomware?

Ransomware

It is a type of malware virus such as Reveton that may penetrate your operating system during your clicks on various websites or spam mails. A ransomware can do many things to your computer that include encrypting your files, folders, media etc., locking you out of your computer and modifying your operating system’s operational sequence that will trouble your interface while you interact with the PC.

Introduction to Reveton Ransomware

It can be referred to as a virus that will infect your computer system by the moment it enters. It will lock you out and a note will be displayed on your computer screen seeking ransom in exchange of lock removal.

Reveton Ransomware

A lock screen will display on your screen. The content in the message will claim to be a communication with the intelligence/ judicial agency of your country. It will claim to have you locked out of your computer system. Following which there will be a ransom that has to be paid to the developers via encrypted mail-address that they provide us with. Until you pay the ransom they asked, in form of gift vouchers or other payment coupons, you will be barred from entering into your system.

The developers of these virus programs are smart to give the user a selected email to reply. This smartness makes them untraceable and hence, they continue to keep on doing this treacherous act.

Detect Reveton Virus

The message that is displayed on the fabricated lock screen will accuse you of breaking laws regarding the use of porn websites. It may also accuse you of downloading copyrighted material or distributing them. Following this allegation they will threaten you to pay the fine or else face trial or even go to jail. To pay the fine they will recommend you to purchase gift cards or payment vouchers and give them the coupon’s identification number.

 

Threat Summary     

Name Reveton Rnasomware
Category Malware
Type Ramsomware
Affected Operating System Windows
a.k.a. Trojan:W32/Reveton

 

Threat Behavior

While you visit various websites or click on certain spam mails this virus enters your computer and will infect its functioning in the following manner:

  • A screen locker will be displayed on your screen by the moment you log into your Windows. It will pretend to be an encryption by government agency. The ransom-note will further state that a fine must be paid for some unauthorized or excessive downloading copyrighted material.
  • The message will display the name of the law enforcement agency depending upon the computer’s IP address.

Distribution of Revton!

It is distributed by various methods such as:

  • Third-party downloads
  • Compromised websites or servers
  • Spam mails

How to remove Reveton Virus

Reveton virus can be removed from your system by following these two steps:

  1. Restarting your system in Safe Mode with Networking
  2. Restoring your system files and settings

1.  Start in Safe Mode with Networking-

To restart the system to Safe Mode with Networking,  if already switched ON then follow the below steps:

Windows 7/ Vista/ XP

  1. Click on Windows icon present in the lower left corner of the computer screen.
  2. Select and click  Restart.
  3. When the screen goes blank, Keep tapping  F8  Key until you see the Advanced Boot Options window.
  4. With the help of arrow keys on keyboard, Select Safe Mode with Networking  option from the list and press the Enter Key. The system will then restart to Safe Mode with Networking.

5 Click on the username and enter the password (if any).

Windows 10 / Windows 8

  1. Press and hold the Shift Key and simultaneously click on the windows icon present in the lower left corner of your computer screen.
  2. While the Shift key is still pressed click on the Power button and then click on Restart.
  3. Now select Troubleshoot → Advanced options → Startup Settings.
  4. When the Startup Settings screen appears which is the first screen to appear after restart, select and click on Enable Safe Mode with Networking. The system will then restart to Safe Mode with Networking.
  5. Click on the username and enter the password.

2. Restore your system files and settings

Method 1 using Control Panel

  1. Click on the ‘Start’ button on the taskbar. This will open the Start menu.
  2. Click on the ‘Control Panel’ button in the Start menu. This will open the control panel window.
  3. In the Control Panel window, click on the ‘View by:’ button on the top right. Select the Large Icon option
  4. In the control Panel window click on the ‘Recovery Icon’. This will open a window that will ask ‘Restore the computer to an earlier point in time’.
  5. Click on the ‘Open system restore’ button. This will open the ‘system restore ’window where you need to click on the Next Button.
  6.  Select the restore point that is prior the infiltration of ………………. After doing that, click Next.
  7. This will open the ‘Confirm your restore point’ dialog box. Click on Finish button. This will restore your system to a previous restore point before your system was infected by Reveton.

OR

Method 2 using Command Prompt

  1. Type cmd in the search box and click on the command prompt to open the Command Prompt window. box and clicking on it.
  2. Once the Command Prompt window shows up, enter cd restore and click Enter.(Ensure that you in the system32 directory of Windows folder in C Drive)
  3. Now type rstrui and press Enter again.
  4. When a new window shows up, click Next and select your restore point that is prior the infiltration of Trojan:W32/ Reveton. After doing that, click Next.
  5. This will open the ‘Confirm your restore point’ dialog box. Click on Finish button. This will restore your system to a previous restore point before your system was infected by Reveton.

OR

  1. Type ‘Rstrui’ in the search box present on the task bar. This will open the System restore dialog box.

Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.

Tips to prevent your computer system from getting infected –

  1. Keeping the Operating System Updated- In order to remain protected and avoid such infections, it is recommended to keep your Operating System updated by enabling the automatic update on your system. The systems with outdated or older versions of Operating System become an easy target for the attackers.
  2. Resist clicking on spam emails – One of the major techniques used for malware distribution is forwarding spam emails to the user. The system gets infected as soon as the user clicks on the attachment. These mails appear to be genuine, so be aware and resist falling for these tricks.
  3. Keep an eye on third party installations- It is quite important that you take due care while installing any third party applications for they are major source of such infections. Such malware programs come bundled with the free applications thereby requiring the user to remain cautious.
  4. Regular periodical backup- In order to keep your data and files safe, it is recommended to take regular back up of all your data and files either on an external drive or cloud.
  5. Use Anti-Virus Protection- We strongly recommend the use of antivirus protection/internet security in your PC like Hitman Pro and Vipre so that it remains safe.
  6. Enable the Ad Blocker/Popup Blocker in your browser- Enabling the popup blocker/ ad blocker in your chosen browser will help you to stay protected from annoying adware.
Virus Removal Guidelines