Kovter Ransomware

Kovter Ransomware Description

Kovter Ransomware Image 1The Kovter Ransomware is a malware threat that carries out a common Police Ransomware scam in order to steal money from unsuspecting computer users. The Kovter Ransomware is a relatively new Police Ransomware Trojan, first detected in 2013 in the wild. Like most Police Trojans, the Kovter Ransomware displays a fake message from the police intending to trick the victim into paying a 'penalty' in order to stay away from jail time. Like other Police Rasomware, the Kovter Ransomware has a Winlocker component that allows the Kovter Ransomware to block access to the infected computer. However, the main reason why the Kovter Ransomware has attracted the scrutiny of malware researchers is because this malware infection uses a unique tactic in order to scare inexperienced computer users into parting with their money.

The Kovter Ransomware Uses an Approach that Sets It Apart from Other, Similar Threats

One of the reasnos whythe Kovter Ransomware has quickly become a severe threat to computers is that the Kovter Ransomware collects data from the victim's Web browser that the Kovter Ransomware then uses to scam the computer user more effectively. Rather than displaying a generic message, like other Police Rasomware Trojans, the Kovter Ransomware can craft its message with data from the victim's online history and web browsing habits in order to scare the computer user with specific information in its Police Ransomware message. There's a Kovter Ransomware variant that displays a fake message from the United States Department of Homeland Security, the FBI and the United States Department of Justice. The messages claim that the victim had downloaded illegal content on the Internet and that the infected computer was used to distribute this content.

The main aspect of the Kovter Ransomware attack that sets the Kovter Ransomware apart from similar Police Ransomware threats is that its ransom message also includes data such as the victim's IP address and a URL that supposedly contains the 'illegal content' found on the victim's computer. The Kovter Ransomware scans the victim's web browser history for websites containing pornographic material. If a website in the Web browser's history matches one of the websites in this threat's list, the Kovter Ransomware will claim that the source of the illegal content was that particular website. Otherwise, the Kovter Ransomware chooses a pornographic website at random. Computer users that have visited websites with pornographic content may then be alarmed to find the website that they visited in the Kovter Ransomware's message, making this threat's message more believable.

Infected with Kovter Ransomware? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Kovter Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of Kovter Ransomware outbreaks and other threats from global to local level.

File System Details

Kovter Ransomware creates the following file(s):
# File Name Size MD5 Detection Count
1 %LOCALAPPDATA%\60770\c3655.bat 431 3b1ed34a26477222dbddafc31b54fee9 84
2 %ALLUSERSPROFILE%\Dados de aplicativos\Fonts-Adv\Dir-New.cpl 1,889,792 6a97e3cc5aee03350666d8749995c77d 2
3 %LOCALAPPDATA%\KB[RANDOM NUMBER]\KB[RANDOM NUMBER].exe N/A

Registry Details

Kovter Ransomware creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
Software\Win_32

Site Disclaimer

2 Comments

  • Evelyn Dowdy:

    I installed spyhunter on my computer, the ransomware has completely taken it over. It has ruined 4 computer towers and one laptop in less than a year, at first I couldn’t understand why I kept getting such bad viruses, then I realized someone was hacking my computer. I believe that it is a company I bought a computer from, and haven’t finished paying for it, I can’t they keep trashing computers, and I feel i now owe them nothing. My personal information has been violated, they have even tapped my phones and monitered my movements and friends (my contact list). I can’t do anything on my computer,they have taken over everything. Almost everything in the computer has Trend Micro logo on it, so if i try to open something i either get that or denied excess. I just got it out of the shop, I can recover it or restore it, at this point.

  • Roy Gibbs:

    I am very pleased with spyhunter as it is the first program that I have been able to contact and tell them the problems and they have acted upon it straight away. I had 3 malware problems and they cleared them for me very quickly.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 14 + 6 ?