Tuesday, June 29, 2010


This trojan opens a Maximized window of a gay pr0n page. It takes a capture of the desktop and displays an On-Top-Fullscreen Window with the capture. Regularly updated to remain on top, the malware prevents users to run/use other softwares . It is registered at:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

To get rid of it, enter serial codes from this list (there is different version of the malware with the same GUI):

Run MBAM to remove the infection.