Security in Firefox Browser
When working on the Internet, the highest priority should be to ensure the safety of users. Indeed, in the "global web" there is a huge number of fraudulent sites and…

Continue reading →

Child Safety Online
Many users, even the most experienced, sometimes do not suspect that having protected themselves, they forget about their own children. They forget, especially when creating different accounts in the OS…

Continue reading →

The computer does not turn on: the problem is in the power supply
All PC malfunctions falling under the “computer does not turn on” category boil down to one single problem: it is impossible to download any of the known operating systems to…

Continue reading →

Removing SMS viruses

Recently, viruses that require sending SMS have become a very popular and profitable type of money withdrawal from cybercriminals. As a result of this, a lot of varieties of SMS viruses have appeared. There are not only viruses that require SMS for viewing porn sites, but also disguise for installing and updating programs, locking the system due to unlicensed use, and so on and so forth. The whole variety of varieties in the form of screenshots can be observed here, for example.

ransomware sms virus

Another problem is that an infected user, going to a friend to search the Internet for a solution to his problem, stumbles across the network to describe particular cases of his misfortune. And given that the development and dissemination of this focus continues, there are more and more options for these particular solutions every day.

Therefore, in this article I will not describe an example of a solution to one type of SMS virus, but I will describe the principle of operation and the main characteristics of the entire group. But first, I’ll talk about some reckless steps that users take in similar situations.

Pay – note that when paying, even if everything goes well, all the malicious software will remain on your computer. Who knows how it is written, it can be re-triggered in a week after payment. In addition, the cost of SMS upon payment is usually 50-100% more than the declared.
Find an unlock code – there are code generators on the websites of developers of leading anti-virus solutions (Kaspersky, Doctor Web and others). Again, after unlocking, you can calm down, and the virus software has not gone away, the information window just disappeared.
Reinstall the system – and after a couple of days again catch a similar virus. So you can reinstall around the clock. This is not an option. You must be able to solve the problem. And reinstalling is the same as fighting domestic rodents, burning a house. Illogical, isn’t it?
Now more about SMS viruses. What, in fact, have to deal with? The reason you constantly see a virus message about sending SMS is that the graphic shell of the system is broken. Everything that you see (icons, folders, etc.) is drawn by a special system program. On windows, this is the explorer.exe system process. And SMS virus is a debugger of this process.

The database of the system (where everything is written that relates to the operation of the system and programs) is the windows registry. There is a Shell parameter in the registry. It says what program is responsible for rendering the graphical environment. After infection, this entry is most often edited. SMS virus prescribes itself in Shell instead of explorer.exe.

Modified Shell Registry Entry

Click on the image to see the full screenshot and pay attention to the location of the debugger (control program) and its name.

The debugger itself (the body of the SMS virus) is copied to various places, but most often to the system32 or Temp system folders, as well as temporary folders in user profiles. User folders are located at:

C: / Documents and Settings / User

Paths to the above folders:

C: / WINDOWS / system32
C: / WINDOWS / Temp
User / Local Settings / Temp
User / Local Settings / Application Data / Temp

In some cases, SMS virus installs specific software on the computer, which is displayed in the list of installed programs and is located in the Program Files folder. It is also registered in autorun and starts with the system. Functions, in addition to broadcasting a banner, can be different from blocking a call to the task manager to blocking input devices. The startup folder is located in the user folder at:

User / Main menu / Programs / Startup

Virus software in the system

We determined the place of residence and principle of operation of the SMS virus. Now let’s figure out how to deal with it. Since the virus blocks the ability to work in the system, you must remove it from the outside. That is, either go in from a Live-CD, or carry a disk to a friend, connect to a computer and look for malware. Any Live-CD is suitable if you hear this word for the first time, I advise you to normally Russified and not demanding on the resources of Lubuntu Live-CD.

After gaining access to the hard disk, you need to clean all the temporary folders of the infected system and the startup folder. If the level of competency allows, you can also examine the system32 folder for strange files, for example, dll libraries with names like

or twin exe files like fake Adadas (Adidas)

userinit.exe – system process
usrinit.exe – disguised malware
Browse the Program Files folder for a folder with a name that matches the name of the program specified in the banner (like Digital Access, if there is a mention). Then try loading. Most often, after cleaning, the banner disappears, but the graphical environment disappears along with it, since the program controlling the shell (debugger) is already absent, and the registry entry is still there. Now you need to fix the registry. Since the desktop is empty

SeaMonkey Web Browser Overview
Shrimp support is not as dynamic (in every way) as Firefox. But as it turned out, this has not only disadvantages, but also a number of advantages. I switched to…


Child Safety Online
Many users, even the most experienced, sometimes do not suspect that having protected themselves, they forget about their own children. They forget, especially when creating different accounts in the OS…


WiFi router - what is it and how to choose it correctly
Nowadays it is already difficult to meet a person who does not use a computer and does not have his home. Often people buy several computers, many also have laptops…


Local Area Networks and the Internet
When a local area network is connected to the global Internet, one of the PCs, called a server, becomes a kind of conductor and connects to the Internet using a…