Win32.Tescrypt

No Comments

Threat Name: Ransom. Win32/Tescrypt

Threat category: Ransomware

Installation: This threat is dropped by the following viruses:

  • Exploit:SWF/Axpergle
  • Exploit:JS/Neclu
  • JS/Fiexp
  • JS/Anogre

Files dropped by this threat:

  • %APPDATA%\key.dat
  • %APPDATA%\wcpfgmt.exe
  • %desktopdirectory%
  • CryptoLocker.lnk
  • HELP_TO_DECRYPT_YOUR_FILES.TXT
  • HELP_TO_DECRYPT_YOUR_FILES.BMP
  • HELP_TO_SAVE_FILES.bmp
  • HELP_TO_SAVE_FILES.txt

Threat Actions:

This threat will modify some file extensions by adding the following to the file extension.: .ecc or .ezz

It will also create the following mutexes:

  • AMResourceMutex2
  • dslhufdks3
  • VideoRenderer

To learn what a mutex is, visit this section of the official Microsoft site.

This virus will also display the following pop up window requesting payment of a ransom. DO NOT pay the requested ransom.

Tescryptimage

 

How to Remove this Threat?

1. The first thing we recommend when infected by a ransomware threat is to  attempt using Windows Restore. Using a restore point will return your computer to the state it was at the restore point date without affecting your files, only installed programs are affected (including some threats that were installed since).

2. If using Windows Restore fails, run your antivirus software, virus definitions are regularly updated by security companies. Although hackers and cyber criminals creating malware are always one step ahead, security companies are not far behind.

3. If you do not have an antivirus software, we highly recommend you get one, being properly protected is of growing importance since we now use the internet for financial transactions.

ThreatSupport.Com was created to help computer users protect against online threats. We provide security advice, threat removal support as well as security software solutions. We also publish useful links that may help our visitors learn about computer security

Foud this useful? Use these icons to share it

TS_box_B_250x
Automatically Remove Threats 

To Remove Threats, download our software: Threat Support Anti-Malware. This tool is engineered to remove viruses, malware as well as PUP (Potentially Unwanted Programs). Scanning is free to ensure the threat you wish to remove can be detected, full functionality for a period of 6 months requires purchase at a cost of $39.97 USD.

Join Us on Social Media!

About us and this blog

This blog is aimed at giving general information to our visitors regarding computer security threats. Feel free to browse through our articles for information. If you need to remove threats, we recommend trying our tool to see if the threat you wish to remove can be detected.

Trojan Viruses – Basic Manual Removal Guide

Nearly all regular computer users know about Trojan horse viruses and their effect on computers. A Trojan virus is basically…
CONTINUE READING

What are Rootkits?

Originally used in the 1990s to target UNIX operating systems, a rootkit is a special type of malicious software that…
CONTINUE READING

What are Hacktools and How to Remove Them

Hacktool viruses are tools specially designed and used by hackers (or unauthorized users) to spread malicious Trojans, worms, siffers and…
CONTINUE READING

What Are Exploits And How to Remove Them

Currently ranked as 48th in the world of online malware, an exploit is malicious software that commands to ‘exploit’ any…
CONTINUE READING