Spamhaus ransomware removal guide

By | april 16, 2013

The “Spamhaus” notification is a ransomware variant, that has locked down your desktop. The ransomware will prompt a message “You have 48 hours left to enter your payment.” This ransom screen will state that Spamhaus has detected that your computer is spreading malware, trojans and distributing copyrighted content or pornography.

This ransom will also replace a lot of files on your computer, the desktop shortcuts are replaced by HTML files which are redirecting to a malicious website that is showing the same message as the ransom screen.  Also documents, pictures an other files in the user folders are replaced by the ransom.

You have 48 hours left to enter your payment.

Spamhaus tracks the Internet’s spam senders and spam services, provides dependable realtime antiLspam protection for Internet networks, and works with Law Enforcement to identify and pursue spammers worldwide.

Spamhaus ransomware removal video

[youtube]http://www.youtube.com/watch?v=Nby4bFjXqK0[/youtube]

Spamhaus Ransomware verwijderen

Spamhaus Ransomware

Spamhaus tracks the Internet’s spam senders and spam services, provides dependable realtime antiLspam protection for Internet networks, and works with Law Enforcement to identify and pursue spammers worldwide.

You have 48 hours left to enter your payment.
You have lost control over your computer. Your system and all your files has been blocked and encrypted because you were spreading the Malware (viruses, trojans, worms).
You are breaking numerous International and USA laws.

Actions made by your computer backed up under United States law USA Patriot ACT
What exactly is The Patriot Act,
The Patriot Act is short for The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001.
We have the right backed by law:
Sec. 201. Authority to intercept wire, oral, and electronic Communications relating 20 terrorism. Sec. 202. Authority to intercept wire, oral, and electronic communications relating to computer fraud and abuse offenses.
Sec. 209. Seizure of voice-mail messages pursuant to warrants.
Sec. 217. Interception of computer trespasser communications.
With the support of the federal Bureau investigation department on cybercrime and the Supreme court of the United States of America. We have the legal right to scan and intercept any information going in and out of your computers.

You IP address (127.0.0.1) was identified and isolated by our organization in connection with a complaint to the involvement of distributed denial of service (DDoS) attack such organizations: NASDAQ and BATSS stock exchange markets and WIKILEAKS.ORG website. Such attacks caused $15 billions in damage. In order to isolate this infected files we have blocked your access to the outside world and your IP address was listed in our XBL Block List. You can not use the internet or any of your programs.
You have a chance to settle this issue right now before we contact the proper authorities. Within 48 hours, you can pay a fine of $ 300. All your files will be decrypted, and access to the computer will be granted, a claim for compensation from affected from affected companies will be removed and your IP (127.0.0.1) address will be restored to good standings with XBL Block List.
If you don’t pay a penalty within the next 48 hours, local authorities and secret service will be contacted, and most likely it will result in your arrest. You can and will be prosecuted to the fullest extent of the law in order to recover our losses. Do not take a chance to be convicted as a felon.
Our spamhaus agent has conducted a full check of your system and found following violations:

• You are a distributor of pornography and porno materials, regularly watch porn() sites with child pornography and zoophilia.
• you possess unlicensed software and pirate audio and video records.

18 U.S.C. § 2252- Certain activities relating to material involving the sexual exploitation of minors (Possession, distribution pornography and possession, distribution of child pornography). 18 U.S.C. § 2252A– certain activities relating to material constituting or containing pornography, child pornography.
Federal law prohibits the production, distribution, reception, and possession of an image of child pornography using or affecting any means or facility of interstate or foreign commerce (See 18 U.S.C. § 2251; 18 U.S.C. § 2252; 18 U.S.C. § 2252A). Specifically, Section 2251 makes it illegal to persuade, induce, entice, or coerce a minor to engage in sexually explicit conduct for purposes of producing visual depictions of that conduct. Any individual who attempts or conspires to commit a child pornography offense is also subject to prosecution under federal law. Any violation of federal pornography or child pornography law is a serious crime, and convicted offenders face severe statutory penalties. 18 U.S.C. § 2251, face fines and a statutory minimum of 15 years to 30 years maximum in prison.

Criminal Copyright Infringement-17 U.S.C. § 506(a) and 18 U.S.C. § 2319.

The unauthorized reproduction or distribution of this copyrighted work is illegal. Criminal copyright infringement, including infringement without monetary gain, is investigated by the FBI and is punishable by up to 5 years in federal prison and a fine of $250,000.
Once we receive your payment and our operators check it for authenticity, your computer will be completly unlocked and decryption software developed by our firm will be provided. You will be able to resume your normal day to day operations without any interruption.
Take better care of your computer in the future. Don’t forget to update your web browser using Windows Updating center.

Spamhaus ransomware removal guide

Please download HitmanPro to your desktop.
Press this link for the complete “User Manual” for HitmanPro.Kickstart.

  • Launch the program by double clicking on HitmanPro.exe. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
  • Click on the “HitmanPro.Kickstart” button to create a bootable USB-stick with HitmanPro.Kickstart
  • Now insert the USB flash drive that will be used to write the HitmanPro.Kickstart files to.
    • As soon as one or more USB flash drives are detected, a selection screen will be presented.
  • Now select the USB flash drive on which you want to place the HitmanPro.Kickstart files and press the button Install Kickstart.
  • Important! Be aware that that all contents of the selected flash drive will be erased before the HitmanPro.Kickstart files are written.
  • If you press the ‘Yes’ button now, the selected USB flash drive will be formatted and all necessary HitmanPro.Kickstart files will be retrieved from the HitmanPro servers and written to the flash drive
  • Once the process is completed you can now remove the USB flash drive from the PC and use it to remove the malware from a ransomed PC.
  • Now insert the HitmanPro.Kickstart USB flash drive into a USB port of the ransomed PC and start the PC.
  • During the startup of the PC, enter the (BBS) Bios Boot Selector menu and select the USB flash drive that contains HitmanPro.Kickstart to boot from.
    • If it’s not possible to enter the BBS go into the BIOS and set the USB option as your first boot-device by the boot-sequence.
  • The default way to boot is option 1, which skips the master boot record of your hard drive. If you do not press any key, the process will continue after 10 seconds using the default boot selection.
  • If you see a logon screen you can either select a user and logon, or if you wait approximately 15 seconds, HitmanPro will be started on your Windows logon screen.
  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside “No, I only want to perform a one-time scan to check this computer“.
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • Click on the next button and choose the option activate free license
  • Click on the next button and the infections where will be deleted.
  • Click now on the Save Log option and save this log to your desktop.
  • Click on the next button and restart the computer.