Trojan.Ransomgerpo
Trojan.Ransomgerpo is a computer-ransoming Trojan that targets German PC users. Trojan.Ransomgerpo locks up the infected PC, and Trojan.Ransomgerpo displays all of Trojan.Ransomgerpo's warnings and alerts in German. Trojan.Ransomgerpo will ask you to pay money to unlock your PC, which you probably wouldn't be able to do even if you wanted to, because of the payment method required. Nonetheless, you should not pay the ransom, and you don't need to pay it, either.
Table of Contents
What Trojan.Ransomgerpo is, and what it Wants
Trojan.Ransomgerpo is, as the name obviously states, a Trojan. Trojan.Ransomgerpo gets into your computer by being disguised within something else, so that you will download Trojan.Ransomgerpo without knowing it. In Trojan.Ransomgerpo's case, after Trojan.Ransomgerpo is downloaded, the Trojan hides some of its files within folders labeled for the game Tetris, so it is possible that Trojan.Ransomgerpo hides in freeware game downloads. Once the Trojan is on your computer, it drops the files that it needs, and it makes some changes to the registry. Those changes go into effect the next time you start Windows, so that will be when you first find that your computer is locked. Trojan.Ransomgerpo is able to lock your computer by editing the Winlogon registry key, which is the first thing that Windows automatically runs, in order to determine what rights you have as a user. By editing Winlogon so that Winlogon calls the Trojan's files, Trojan.Ransomgerpo tells Windows which actions you are authorized to take on your computer – and essentially, Trojan.Ransomgerpo tells Windows to take away all of your permissions and your ability to access things.
The main symptom of Trojan.Ransomgerpo is Trojan.Ransomgerpo's lock screen, which will appear as soon as Windows starts. Translated into English, it comes out to roughly this:
Official Communication from the Federal Criminal Police Office
Federal Police
Warning!
A history of illegal activity was detected.
The operating system has been blocked in connection with infringement of the laws of the Federal Republic of Germany! Following Vertoss, it was found that your IP address viewed this IP page with pornographic content, accessing child pornography with bestiality and violence against children. This video content containing pornography, elements of violence and child pornography has also been found on your computer.
There were also emails in the form of spam, with terrorist [unintelligible] sent. This serves to lock the computer to stop their illegal activities.
To unlock the computer, you are required to pay a penalty of 100 Euros. The payment must be made within 24 hours. If the payment is not received in the allotted time, your hard disk will be irrevocably formatted.
Payment is made by a Ukash coupon code in the amount of 100 Euros. To submit the payment, please enter the acquired code in the payment box, and please print a copy and click OK.
In case of a system error, send the code to [email address].
Upon receipt of payment within 24 hours, your computer will be re-opened.
Why You Don’t Need to Worry About Trojan.Ransomgerpo’s Demands
As you can see, this malware specifically claims to represent the German government, which wouldn't be much of a threat for anyone who lives outside of Germany. Furthermore, the requested form of payment is Ukash, a kind of voucher that can be bought with cash, which has a code that can then be used to purchase things online. Ukash is available in several countries around the world, but it is not available within the United States. The lock screen includes some information on which retailers sell Ukash vouchers, and all of them are chains in Germany. So Trojan.Ransomgerpo doesn't want your credit card number, and if you live in the United States, you wouldn't even be capable of paying the ransom anyway, because you can't purchase a Ukash voucher.
Needless to say, Trojan.Ransomgerpo is not affiliated with the German government, and no government would go about policing Internet content or collecting fines in the way that the lock screen proposes. Also, Trojan.Ransomgerpo doesn't scan the history of the infected computer, and Trojan.Ransomgerpo can't detect whether or not any specific kind of file, video or not, is on your computer, let alone determine a video file's content. So don't panic; the German government does not think that you have illicit videos on your computer! Remove the malware, and you'll be fine.
File System Details
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | %PROGRAM_FILES%\ Trojan.Ransomgerpo\ Trojan.Ransomgerpo |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.