[rkhunter]

LOL! Reveton, GEMA, German and French at least.

[Maxstar]

LOL! Reveton, GEMA, German and French at least.

In the Netherlands (holland) and also Belgium are these trojan.ransoms massively active, but I don't have a full working sample yet. But I have cached some files from infected machines.

Code: Select all

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"Load"="C:\\Users\\GEBRUI~1\\LOCALS~1\\Temp\\msyelu.exe"

mskabad.bat
https://www.virustotal.com/file/0ed9ca5 ... 332522702/

msyelu.exe
https://www.virustotal.com/file/0ed9ca5 ... 332522771/

[rkhunter]

Interesting...
Seems some Reveton also shows various covers in depend of your IP-location.

[rkhunter]

Reveton

MD5: 914832EF0E457082FC140F489C92442D
2/40

[rkhunter]

Ransom collection:

- FakePoliceAlert
- French
- GEMA/German/Ransirac
- WindowsSecurity
- Some portion of Reveton

http://narod.ru/disk/44868816001.7f58ad ... e.zip.html

[rkhunter]

Fresh Reveton

MD5: A2D784AF10D1A11F1BF05CBCF847B02B
https://www.virustotal.com/file/3c848a6 ... /analysis/

[rkhunter]

One more fresh Reveton

MD5: A68530DAB223F080E594EED06ECEFC44
https://www.virustotal.com/file/4b6e218 ... /analysis/

[rkhunter]

Reveton

MD5: 102D1B7727CE748F7F0D9AE11639715C
https://www.virustotal.com/file/06e9914 ... /analysis/

[rkhunter]

:D http://blogs.technet.com/b/mmpc/archive ... veton.aspx

[thisisu]

Is this Reveton?
https://www.virustotal.com/file/1a243bb ... 335126696/