Remove Kabe Ix@hotmail.com Lockscreen Worm and Unlock Your PC - How to, Technology and PC Security Forum | SensorsTechForum.com

Remove Kabe [email protected] Lockscreen Worm and Unlock Your PC

help-removal-sensorstechforumA new worm has been detected in the wild. The cyber-threat has been reported to replicate via infected USB drives from the computers it has affected through malicious URLs. It locks the screen of the user displaying a ransom message pointing out to contacting an email ending in [email protected] All users who have become a victim of this nasty worm should not contact the attackers at any circumstances. Experts recommend using instructions like the ones below to methodologically get rid of this threat from your computer.

NameKabe “[email protected]
TypeLockscreen Worm/Ransomware
Short DescriptionThe cyber-threat locks the user PC’s screen displaying a ransom message with contact details. It demands around 4$ to unlock the computer.
SymptomsThe user may be prevented from accessing his PC.
Distribution MethodVia malicious URLs or attachments posted on sites or sent out via spam mails. The other method is self-replication via removable drives(USB, microSD, MMC, Phone memory) connected to the infected computer.
Detection ToolDownload Malware Removal Tool, to See If Your System Has Been Affected by Kabe “[email protected]
User Experience Join our forum to discuss Kabe “[email protected].
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Kabe Lockscreen Worm – How Did I Get Infected

There are two primary means of distribution, this malware uses. One of them is via spam-emails featuring malicious URLs, or attachments, such as the one from the example below:

malicious-email-spam-links-sensorstechforum

Such malicious URLs may redirect to exploit kits which might infect the user via a drive-by download or a malicious script.

The other method of replication is if a USB stick has been inserted into an infected computer. The worm immediately detects the removable drive, after which creates copies of its malicious modules in an obfuscated form in the drive itself:

→ The file kabe.exe
The file Autorun.inf, which contains the following settings:
action=Open
shellexecute=kabe.bat
shell\explore\command=kabe.bat
USEAUTOPLAY=1
shell\Open\command=kabe.bat
shell\Autorun\command=kabe.bat
shell\Search\command=kabe.bat

This technique is very effective in saving the cyber-crooks a lot of resources to spread the worm via spam. Users should know how to protect themselves and never use flash drives to multiple devices if one of them is infected.

Kabe Lockscreen Worm In Detail

Malware researchers have reported that this worm is associated with the following files which it creates to several key Windows locations:

→ In %Temp%
-explorer.exe
-sajith_and_rasini.db
-i_love_you_rasini.db
In %Startup%
-msfold.exe
In %RemovableDrive%
-kabe.exe
-autorun.inf
-kabe.bat
In %SystemDrive%
-kabe.exe
-autorun.inf
-kabe.bat

The msfold.exe module is reported to be the one responsible to enable the automatic start-up of the malware every time you turn on your computer.

Upon startup, this malware restricts user access displaying the following messages:

→ A pop-up with the message:
“Your Desktop is locked now!”
A note with the message:
Email {identification}[email protected]
Send Email to our team and pay 4$ for unlock code
together with the textbox and button for unlock.”

Remove Kabe Lockscreen Worm Completely

You cannot eradicate this threat by using the conventional methods since the access to the computer is restricted. This is why we recommend using the step-by-step instructions bellow to assist you with removing Kabe Lockscreen and its malicious modules effectively. We also advise choosing an advanced anti-malware tool which will remove the threat in full.

1. Boot Your PC In Safe Mode to isolate and remove Kabe “[email protected]
2. Remove Kabe “[email protected]” with SpyHunter Anti-Malware Tool
3. Uninstall your web browser to get it rid of Kabe “[email protected]” from it.
Optional: Using Alternative Anti-Malware Tools
NOTE! Substantial notification about the Kabe “[email protected] threat: Manual removal of Kabe “[email protected] requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.