Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Thursday, October 13, 2011

Trojan.MBRlock, Внимание! Ваш компьютер заблокирован

Tell your friends:
Trojan.MBRlock is a very disturbing piece of malicious code which infects the master boot record (MBR) and prevents Windows from starting. Known as ransomware, this virus demands to purchase a license from the cyber criminal to restore access. The key difference between this ransowmare and another notorious infection defined as Trojan.Winlock is that the Trojan.MBRlock loads up before Windows and prevents it from starting whereas the Trojan.Winlock infection allows Windows to run but blocks access once your operating system has fully loaded. If you have multiple operating systems installed on your machine, Trojan.MBRlock will block each of them.

Trojan.MBRlock is usually distributed through the use of fake adult websites but cyber criminals can potentially infect your computer through other means, or even trick you into downloading the malware. We all know that viruses and malicious software are nasty things that can do all sorts of damage to your machine. Any attempt to restore the MBR using standard MBR recovery tools may lead to data loss. Besides, re-installing Windows won't help either because it doesn't fix the MBR. Resetting system time won't help too. Both, the original MBR and the unlock code are usually encrypted.

In a typical Trojan.MBRlock ransomware scenario you'll get a message alerting that your were watching certain types of prohibited pornography. The message text may display in both English and Russian. However, I stumble upon Russian ransomware a lot more often then other examples of such malicious software. Here's an example of what the fake Trojan.MBRlock message looks like:
Внимание! Ваш ПК заблокирован за просмотр и распространение порнографии с участием несовершеннолетних, элементами насилия, зоофилии. Для разблокировки, Вам необходимо оплатить штраф в размере 500 рублей в любом терминале оплаты.
Выберите на экране терминала категорию "Электронные деньги", "Webmoney" и т.д.
Найдите эмблему платежной системы WebMoney.
Найдите номер R кошелька (12 цифр) - 079030161849
Внесите сумму 500 рублей. Внимание: учитывайте комиссию терминала.
По завершению оплаты, на выданном терминалом чеке оплаты, Вам будет выдан персональный код, после ввода которого, Ваш ПК будет автоматически разблокирован. Любые попытки разблокировки, без оплаты и ввода персонального кода, приведут к уничтожению операционной системы.

Very often Trojan.MBRlock infections share certain characteristics: phone numbers, short codes, WebMoney and cash-in points. There are numerous web pages where you can enter the phone number and the short code given by the Trojan.MBRlock ransomware to get the unlock code. There's a chance that security vendors have already tested this ransomware and debugged the unlock code. Here are some websites that will hopefully help you to unlock your computer:
We will keep this post updated with latest unlock codes as well. Updated: 12/20/2011

Phone numbers: 89067983134, 89653751844
Unlock code: 9786775

MTC number: 89162609465
Unlock code: n7856tbt*&^n

WebMoney: 079030161849
Unlock code: 00043176

Phone number: 86572225665
Unlock code: XerVam

You can leave a comment below or just email us and request the unlock code, however, we can't promise you that we will actually find it.

To remove the Trojan.MBRlock ransowmare manually, you should use either Dr.Web® LiveCD/LiveUSB or Kaspersky Rescue Disk 10 CD/USB.

Dr.Web® LiveCD
Step-by-step Installation Guide in English
Как это работает? (По русски)

Dr.Web® LiveUSB
Step-by-step Installation Guide in English
Как это работает? (По русски)

Kaspersky Rescue Disk 10 CD/DVD
How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?
Как записать Kaspersky Rescue Disk 10 на CD/DVD и загрузить с него компьютер?

Kaspersky Rescue Disk 10 USB
How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?
Как записать Kaspersky Rescue Disk 10 на USB-носитель и загрузить с него компьютер?

Both tools are completely free and very well documented, however, if you still can't figure out how to run Dr.Web® LiveCD or Kaspersky Rescue Disk 10 USB, please leave a comment below and we will do our best to guide you through the installation process. Good luck and be safe online!

A few more examples of Trojan.MBRlock ransomware:

Share this information with your friends:


Anonymous said...

Computer will not start up and comes up with a message stating must text Ukash voucher code to phone number 07574298851.
Can you help?

Admin said...

Sorry, we do not have the unlock code for this phone number at the moment. Please use Dr.Web® LiveCD or Kaspersky Rescue Disk 10 CD to remove this virus from your computer.

Anonymous said...

Do you have the code for the moneypak one that asks you to send the moneypak code to No phone number or bank numbers are provided!

Thank You!

Admin said...

Unfortunately, we do not have it yet.

Anonymous said...

The ransomware has locked up my computer for the past 3 days. Tried both the Kaspersky and DrWeb, but can't get my computer to boot from either a USB drive or a rescue CD.

Any other suggestions? I'm about to erase everything and start over.

Anonymous said...

I was able to boot to DrWeb LiveCD with no problem while working to remove ransomware. Don't forget to change boot device priority in bios to give priority to CD drive or flash drive that has the DrWeb software.

Anonymous said...

Hello to all.
I did the following.
After the message appears press Ctrl+Shift+Esc to start the Windows Task Manager and then kill the proccess. In my PC it was Installer_pornplayer.exe
After that the message disappear. The problem is i could not see my desktop but when i pressed the Windows start menu button it worked. I was able to browse all my PC and programs and install Kaspersky Virus Removal Tool from a flash drive and it did a great job.
It worked for me. I hope it will help for you too.