Virus Avast doesn't find

Viruses and worms
1

There’s a virus that locks you out of windows, that’s going around in Russia. My father-in-law managed to get it (don’t ask how), and Avast! did not pick it up. I have sent it to Avast, so they can put it in the next update.
The file involved is gftkcydl.exe, and it shows up on on Virustotal as having 5 detections.
It causes a very large red and white banner to show up and block most of the screen. This banner tells you to send an SMS to a number, which then charges you (reports claim it’s about $10 a message), and send you the number to put in to unlock it. This will repeat itself everytime you restart until the virus is removed.
Housecall was able to remove it for me, so if you get it before it’s put into Avast’s definition, I’d recommend them.

2

Definitely new I will visit the Kaspersky website to see what data they have Ta

3

Think i found it
http://forum.kasperskyclub.ru/index.php?showtopic=15995

4

This kind of ransom-ware isn’t new, but the method does seem so.

There is no way I would send an SMS message, as for me that just gives them your mobile phone number and leaves you open to attack/fraudulent misuse on that too.

So what to do, I you aren’t using hard disk imaging software, this is just another wakeup call to be able to restore your system in minutes from virtually any computer disaster, virus or otherwise. Make regular weekly drive images and do daily back-ups of your volatile data files.

If you fail to plan, then you plan to fail, a robust backup and recovery strategy can save your a**.

5

I also found a reference in the closed forum and it was interesting reading - but at the moment it appears to be just two or three instances in Russia only

6

You can get a code for unlocking here:
Dr.Web unlock service
Kaspersky unlock service

7

I didn’t send an SMS, the info I posted was based on research from Russian sites. I tried a couple of those unlock codes, but none of them had worked on the system in question.
Also, it only unlocks the system until next reboot, and really isn’t much of a solution.
The computer that was infected had 5 users, and 3 of them were infected. It appears to use shared profiles as a way to spread, and stores itself in the profiles’ app data folder.
If a computer has some uninfected users, the virus is reasonably easy to get rid of by deleting the file in question while on an uninfected user.

8

hips is also good,i think we should make keygens and cracks for those people"am kidding