Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!

Trojan.MBRBlock

From Malware Wiki

(Redirected from Trojan.MBRlock)

Jump to: navigation, search

Notresponsiblesymbol.pngThis page contains either a download link to the malware or is a malicious website that is still active. Malware Wiki shall bear NO responsibility for any damage that you may cause to your machine by running the download or going to the site.

MBRBlock
S4.PNG
TypeRansomware
Date2016
PlatformMicrosoft Windows
File TypeWin32 PE executable (.EXE)
This box: view  talk  edit

Trojan.MBRBlock is a ransomware program that claims itself to be a trojan.

Payload

Once ran, if when the computer is restarted it shows a message.

The message is usually in Russian, but when Joel of Vinesauce did a video called "Windows 8 Destruction" and got an alternative version of Trojan.MBRBlock called "Videoxxx.avi.exe", Rougeamp also made a video on it, a user by the name of Макс «Llama» Ламычев translated the text to be:

"Your computer has been blocked for playing, copying and distributing videos with pedophilic child porn and homosexual porn elements. 
To remove this block, you have to pay a 500 RUB (17 loafs in white bread equivalent) fine. 
To do that, you must transfer the funds to the "Beeline" (cell phone operator) phone number (89645098055) using any instant payment terminal. 
If you transfer 500 RUB or more, you will find the unlock code on the bottom of the receipt. 
You need to enter it in the bottom field of the screen. 
After unlocking you must delete all materials with violence or pedophilic elements from your PC. 
However if you do not pay, all data will be wiped from your PC."

Other versions exist as well, with different colors and different messages.

This is also a scam and is not run by the government. If it really was from the government, they would just arrest the user and use their hard drive as evidence.