We’ve had a number of people contacting us with queries about ‘Kaspersky Lab Antivirus Online’ after their computer showed them this message:
The short answer is: it’s certainly nothing to do with us! It’s actually the payload of a primitive piece of ransomware, Trojan-Ransom.Win32.SMSer. The Trojan installs itself to the Windows directory, and shows this message when the computer is rebooted.The message is a typical ransom demand (the original Russian contains some grammar and spelling mistakes which should act as an immediate red flag) and reads as follows:
All this is heavily reminiscent of the scare tactics behind rogue AV solutions, with the added tactic used by Russian and other virus writers of leasing short numbers to make a little illegal money. While the guys behind this Trojan are trying to seem legit by using our name, they seem to have forgotten that no reputable security company would ever stoop to using such methods.
Not everything in the message is true – for instance, sending an SMS won’t cost you 6 roubles, but 150 roubles and upwards (around $5), depending on your network. However, the Trojan does block access to Task Manager and other system tools. If you’ve got Kaspersky Anti-Virus installed, and your databases are up-to-date, you’ve got no problem – we detect all modifications of this Trojan. If you don’t use a Kaspersky Lab product, you can get our free removal utility here to fix your system.