Krotten
Encyclopedia
The Krotten Trojan is a computer trojan
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...

/ransomware
Ransomware (malware)
Ransomware is computer malware which holds a computer system, or the data it contains, hostage against its user by demanding a ransom for its restoration.- Operation :...

 which disables almost every program in the Windows-based computer.

Symptoms

When the infected file is run, it displays a message in German
German language
German is a West Germanic language, related to and classified alongside English and Dutch. With an estimated 90 – 98 million native speakers, German is one of the world's major languages and is the most widely-spoken first language in the European Union....

. Then, the account has normal appearance, but most programs are disabled. C:\Windows is encrypted, but if the user logs off and logs on again, the desktop wallpaper is shifted, the icons are hidden, and the Start menu has no shortcuts. An interesting effect is that if Windows Explorer
Windows Explorer
This article is about the Windows file system browser. For the similarly named web browser, see Internet ExplorerWindows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface...

 or Internet Explorer
Internet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...

 are loaded, it cannot be closed. The clock is changed to say a OOE in German. Command Prompt
Command Prompt
Command Prompt is the Microsoft-supplied command-line interpreter on OS/2, Windows CE and on Windows NT-based operating systems...

 is not disabled, although Regedit is, and the system is almost unusable.

Removal

Most antivirus software can clean this infection, and there are also specialist tools available: http://www.securelist.com/en/descriptions/old99185

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK