Brief Introduction of Trojan:Win32/Reveton
Trojan:Win32/Reveton has been confirmed as ransom Trojan gang that scam money through screen lock and cutting off Internet connection. Most of victims suffering from this kind of malicious Trojan and its variant could do nothing but pay for a fine obediently and reluctantly to get their computers restore.
This Trojan is usually installed in computer system by a drive-by download that victims automatically download malware from the Internet without knowledge. Some victims may agree to agreement without reading carefully so that malware take advantage of vulnerability of web system and download malware automatically with no permission when they browse a website. In other ways, Trojan:Win32/Reveton may enter in computer when victims open a compromised webpage or it likely comes along with image or file attachments of junk mails. When it successfully arrives in computer system, it appears as DLL files with random name and creates a shortcut under Windows Startup folders.
Once this malicious Trojan runs, it will cut down the connection of the Internet and cease the running programs. Whereafter, it pops up a full-screen warning and locks computer screen. In that alert, it claims that victims have been violating the one of the laws that propagating files illegally, viewing pornographic contents of children or infected with malware which leads to illegal access initiated from computer without consent. It menaces sufferers to pay for fine of $100 to $300 on Ukash or MoneyPak voucher in expire to unlock computer; if not, the sufferers will be prosecuted for cybercrime out of the payment deadline. Sufferers almost convinced that, for the Trojan present as legitimate institutions that showing the logo in the screen warning like Metropolitan Police, FBI, German Federal Police, Australian Federal Police, Canadian Police Association or other authorities, and get access to webcam to take victims’ photo. So it is also called metropolitan virus by victims. The vicious Trojan has the ability to change various languages and the related institutions to tricked users pursuant to the IP address of computer, which has overwhelmed in many European, Australian and American computer users.
Sufferers should not believe in the fake massage and waste money for paying the fee, because in many case victims’ computers were still unrecovered even though they paid money again and again. Not only scamming money, but it also opens for the hackers to steal banking account and other personal information through paying activity. What is more dangerous is that it changes the startup settings and installs other malware or virus.
It will display pop-ups and slow down the running speed. At the end, the computer will crash down. The best way to deal with this Trojan is to remove it as early as detect it. We recommend to use manual method to eliminate Trojan:Win32/Reveton because some security program can scan it but fail to remove it.
How to Remove Trojan:Win32/Reveton from PC
Step One: Reset to Safe Mode with Networking
For Window 7/Vista users:
1. Reboot computer then constantly press F8 key till it enters Windows Advanced Options screen.
2. Select Safe Mode with Networking with the arrow key then press Enter.
For Windows 8 users:
1. Hold Win key and C key and click Settings in the right.
2. Click Power button, then hold on Shift key and click Restart.
3. Chose Troubleshoot and click on Advanced option in the next screen.
4. Choose Windows Startup Settings and click on Restart button in the next screen.
5. Press F5 key to choose Enable Safe Mode with Networking.
Step Two: Stop Related Process from Task Manager
Enter Task Manager window.
For Win xp/7/vista:
Press Del+Alt+Ctrl keys and select Task Manager.
For Win 8:
1. Type “task manager” in search blank.
2. Click on Processes tab and select the related process then click End process/task.
Step Three: Show Hidden Files
1. Open the Control Panel and click on the Appearance and Personalization then the Folder
2. Click on the View tab. Put a check before the item: Show hidden files, folders and drives. Remove the default check before the item: Hide protected operating system files (Recommended).
3. Click on the OK button to save the changes.
4. Find and deleted all the related files.
Step Four: Remove Registry Entries
Click on the Start button and hit the Run Command Box, type “regedit” in the search bar and press the Enter key. (For Windows 8 OS, type “regedit” in the App search bar, then open the Registry Editor in the search results.)
Find and delete the registry entries of Trojan:Win32/Reveton in the Registry Editor.
3. Close Registry Editor and restart computer.
Since Trojan:Win32/Reveton has been severely assaulting so many target computer around the world since early this year, numbers of innocent victims were tricked to spend their money in the bogus warning to unlock their computers. However, it didn’t work but promote the Trojan creators to gain more filthy lucre through web ransom. And more computers probably fell into crash and legitimate authorities lost reliance to public. Users should keep vigilant for suspicious files from freeware and shareware, consider carefully when reading agreement and advance the protection level for computer in case of attacking by malware, Trojan, worms or other threat. If being infected, users should not be panic there is solution to it instead of making concession to cybercrime.