Extortionist learned how to remove antivirus from PC


Photo: Kim Hong-Ji / Reuters

Experts from MalwareHunterTeam discovered ransomware AVCrypt disables a installed on your computer anti-virus software before all information on the device is encrypted. It is reported by Bleeping Computer.

According to experts, AVCrypt removes service software Windows Defender and Malwarebytes. Then the blackmailer asks system for information about other anti-viruses registered in the security Center of Windows, and then trying to get rid of them via the command line. However, this method doesn’t work with the program Emsisoft.

Researchers in the field of information security noted that I had never recorded the activity of extortion of this kind. They also suggested that the virus may be a program-Viper, that is designed to destroy information on the device of the victim.

Experts noted that the attackers did not leave contact information to send the ransom. Instead, the ransom note they wrote “lol n”.

Video, photo All from Russia.


Please enter your comment!
Please enter your name here