Ransom.Win32.LIVEDE.THLBHBC

它以文(wén)件的形式出现在系统中(zhōng)，可(kě)能(néng)是其他(tā)恶意软件投放的，或者是用(yòng)户在访问恶意网站时无意中(zhōng)下载的。

新(xīn)病毒详细信息

它以文(wén)件的形式出现在系统中(zhōng)，可(kě)能(néng)是其他(tā)恶意软件投放的，或者是用(yòng)户在访问恶意网站时无意中(zhōng)下载的。

安(ān)装(zhuāng)

它植入下列文(wén)件：

• {malware directory}\libgobject-2.0-0.dll
• {malware directory}\libiconv-2.dll
• {malware directory}\libintl-8.dll
• {malware directory}\libpcre2-8-0.dll
• {malware directory}\livelocked.exe
• {malware directory}\windows_encryptor_180870197840.exe
• {malware directory}\libffi-8.dll
• {malware directory}\libglib-2.0-0.dll

它添加下列进程：

• bcdedit /set {current} recoveryenabled no
• bcdedit /set {default} recoveryenabled no
• bcdedit /set {current} bootstatuspolicy ignoreallfailures
• bcdedit /set {default} bootstatuspolicy ignoreallfailures
• vssadmin Delete Shadows /All /Quiet
• wbadmin DELETE BACKUP -keepVersions:0 -quiet
• taskkill /F /IM {process name}
• net stop {service name} /y
• wevtutil cl application
• wevtutil cl security
• wevtutil cl system

其他(tā)系统修改

它将系统的桌面壁纸设置為(wèi)下列图像：

其他(tā)详细信息

该程序执行以下操作(zuò)：

• The file is a self-extracting archive.
• Clears event logs to hide its malicious behaviors.
• It encrypts drives from A:\ to Z:\