Trojan:Win32/Ransom.DU
Trojan:Win32/Ransom.DU is a dangerous Trojan that blocks the infected computer users from accessing their desktop. Trojan:Win32/Ransom.DU creates a window that masks the entire desktop of the corrupted machine, implying that the computer has been included in illegal activities on the web. The created window poses as a warning message that is sent by the German Federal Police. To block the computer user from accessing their desktop, the window is created in such a way so that it is set above all non-topmost windows and should stay above them, even when the window is deactivated. When on a PC, Trojan:Win32/Ransom.DU makes system changes and show pop-up warning messages. The bogus warning messages asks you to pay 100 Euros via Ukash or PaySafeCard to unlock the computer. If your computer has been corrupted by Trojan:Win32/Ransom.DU, you should uninstall it immediately after detection.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %WINDIR%\ System32\ drivers\ cdrom.sys | |
| 2. | %WINDIR%\ System32\ drivers\ redbook.sys | |
| 3. | jashla.exe | |
| 4. | %WINDIR%\ System32\ drivers\ netbt.sys | |
| 5. | mahmud.exe | |
| 6. | %ALLUSERSPROFILE%\ Application Data\ hniYtlAmoTCQf.exe | |
| 7. | %SystemDrive%\ Users\ pociu76\ AppData\ Roaming\ mahmud.exe |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.