Fandom

Malware Wiki

Trojan.MBRBlock

1,335pages on
this wiki
Add New Page
Comments0 Share

Trojan.MBRBlock is a ransomware program that claims itself to be a trojan. Once ran, if when the computer is restarted it will show a message.

MBR Ransomware (might be nsfw)-004:30

MBR Ransomware (might be nsfw)-0

Boot

The videoxxx.avi.exe Version.

The message is usually in Russian, but when Joel of Vinesauce did a video called "Windows 8 Destruction" and got a version of Trojan.MBRBlock called "Videoxxx.avi.exe", Rougeamp also made a video on it, a user by the name of Макс «Llama» Ламычев translated the text to be:

"Your computer has been blocked for playing, copying and distributing videos with pedophilic child porn and homosexual porn elements. 
To remove this block, you have to pay a 500 RUB (17 loafs in white bread equivalent) fine. 
To do that, you must transfer the funds to the "Beeline" (cell phone operator) phone number (89645098055) using any instant payment terminal. 
If you transfer 500 RUB or more, you will find the unlock code on the bottom of the receipt. 
You need to enter it in the bottom field of the screen. 
After unlocking you must delete all materials with violence or pedophilic elements from your PC. 
However if you do not pay, all data will be wiped from your PC."

Other versions exist as well, with different colors and different messages.

This is also a scam and is not run by the government. If it really was from the government, they would just arrest the user and use their hard drive as evidence.

Mbr

A different version of videoxxx.avi.exe, but with different color.

Dsdk

A variant of MBRBlock that is not obtained from porn. It claims that the OS is an illegal, unlicensed version of the real one.

208188037

An unspecified other MBR Ransomware.

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.