Delete a banner using Kaspersky WindowsUnlocker
Today, the removal of ransomware viruses has become somewhat more complicated than before - many time-tested methods do not work. For example, now it’s unlikely that you can unblock a…

Continue reading →

Removing SMS viruses
Recently, viruses that require sending SMS have become a very popular and profitable type of money withdrawal from cybercriminals. As a result of this, a lot of varieties of SMS…

Continue reading →

E-Wallet Protection
When comparing the degree of protection of client programs of payment systems Yandex.Money and Webmoney, it turned out that the latter offers more reliable means of protecting client data. However,…

Continue reading →

Removing SMS viruses

Recently, viruses that require sending SMS have become a very popular and profitable type of money withdrawal from cybercriminals. As a result of this, a lot of varieties of SMS viruses have appeared. There are not only viruses that require SMS for viewing porn sites, but also disguise for installing and updating programs, locking the system due to unlicensed use, and so on and so forth. The whole variety of varieties in the form of screenshots can be observed here, for example.

ransomware sms virus

Another problem is that an infected user, going to a friend to search the Internet for a solution to his problem, stumbles across the network to describe particular cases of his misfortune. And given that the development and dissemination of this focus continues, there are more and more options for these particular solutions every day.

Therefore, in this article I will not describe an example of a solution to one type of SMS virus, but I will describe the principle of operation and the main characteristics of the entire group. But first, I’ll talk about some reckless steps that users take in similar situations.

Pay – note that when paying, even if everything goes well, all the malicious software will remain on your computer. Who knows how it is written, it can be re-triggered in a week after payment. In addition, the cost of SMS upon payment is usually 50-100% more than the declared.
Find an unlock code – there are code generators on the websites of developers of leading anti-virus solutions (Kaspersky, Doctor Web and others). Again, after unlocking, you can calm down, and the virus software has not gone away, the information window just disappeared.
Reinstall the system – and after a couple of days again catch a similar virus. So you can reinstall around the clock. This is not an option. You must be able to solve the problem. And reinstalling is the same as fighting domestic rodents, burning a house. Illogical, isn’t it?
Now more about SMS viruses. What, in fact, have to deal with? The reason you constantly see a virus message about sending SMS is that the graphic shell of the system is broken. Everything that you see (icons, folders, etc.) is drawn by a special system program. On windows, this is the explorer.exe system process. And SMS virus is a debugger of this process.

The database of the system (where everything is written that relates to the operation of the system and programs) is the windows registry. There is a Shell parameter in the registry. It says what program is responsible for rendering the graphical environment. After infection, this entry is most often edited. SMS virus prescribes itself in Shell instead of explorer.exe.

Modified Shell Registry Entry

Click on the image to see the full screenshot and pay attention to the location of the debugger (control program) and its name.

The debugger itself (the body of the SMS virus) is copied to various places, but most often to the system32 or Temp system folders, as well as temporary folders in user profiles. User folders are located at:

C: / Documents and Settings / User

Paths to the above folders:

C: / WINDOWS / system32
C: / WINDOWS / Temp
User / Local Settings / Temp
User / Local Settings / Application Data / Temp

In some cases, SMS virus installs specific software on the computer, which is displayed in the list of installed programs and is located in the Program Files folder. It is also registered in autorun and starts with the system. Functions, in addition to broadcasting a banner, can be different from blocking a call to the task manager to blocking input devices. The startup folder is located in the user folder at:

User / Main menu / Programs / Startup

Virus software in the system

We determined the place of residence and principle of operation of the SMS virus. Now let’s figure out how to deal with it. Since the virus blocks the ability to work in the system, you must remove it from the outside. That is, either go in from a Live-CD, or carry a disk to a friend, connect to a computer and look for malware. Any Live-CD is suitable if you hear this word for the first time, I advise you to normally Russified and not demanding on the resources of Lubuntu Live-CD.

After gaining access to the hard disk, you need to clean all the temporary folders of the infected system and the startup folder. If the level of competency allows, you can also examine the system32 folder for strange files, for example, dll libraries with names like

or twin exe files like fake Adadas (Adidas)

userinit.exe – system process
usrinit.exe – disguised malware
Browse the Program Files folder for a folder with a name that matches the name of the program specified in the banner (like Digital Access, if there is a mention). Then try loading. Most often, after cleaning, the banner disappears, but the graphical environment disappears along with it, since the program controlling the shell (debugger) is already absent, and the registry entry is still there. Now you need to fix the registry. Since the desktop is empty

Code optimization
In the process of writing code, it is impossible to detect all errors and correct them. Writing a code, especially in large volumes, is a monotonous thing, somewhat tedious and…


Bat files, examples
You can perform all the examples published below not only by creating and running a BAT file containing these commands, but also copying them directly to the command line. To…


Linux operating systems
Linux is not an operating system, but just its kernel. Everything that you are accustomed to see and understand as an OS (buttons, windows and panels) - in fact, it…


What is a firewall and why is it needed?
We will not go into little things like translating words, occupying them some part of the article. Just point out that a firewall (from the English - fire wall), or…