W32/Skowr Trojan

 Information about the W32/Skowr Trojan:

W32/Skowr is a trojan. The trojan will infect Windows systems.

Upon execution, the trojan copies itself as svchost.exe in HelpWin folder under Windows System folder.

It also drops the following files.

SkorCzybik.dll in Windows Folder.
WARNING_README_NOW.txt in Windows Desktop folder.

The said WARNING_README_NOW.txt file contains the following text.

WARNING: FILE ENCRYPTION HAS BEEN FINISHED!
############################################

Dear User,
----------

Some Ascii Files have been encrypted with the sk0r alias Czybik's Ascii File Encryption Engine v1.0.
You are not longer able to use those files. But now nothing is lost. You are able to use
your files again if you decrypt them. To do this you need to buy a decoder and the password.
So how can you buy this? The following stepps will show you what to do:

Decryption Notes:
=================

1) Simply write an email to: sk0r1337@gmx.de with subject: Need Decoder and Password
2) Wait for an email from me.
3) Read the email and follow the stepps (you must give a payment to me to get
the decoder and the password
4) Open the decoder.exe
5) Input File and Password and click decrypt --> Do this for all encrypted files


Pricelist:
==========

Decoder: Game Accounts in worth of about maximum 80 ?.
Password: Game or Internet Accounts (Websites) in worth of maximum 20 ?

You see you can be lucky that the Decoder and the Password are so cheap.
Be lucky you are not a victim of other Ransomware, they are very expensive (400$)
So please follow the stepps. Otherwise you will not be able to use your files again.
Don 't send to avers. They will not be able to get or crack the password. So pay or say 'bye'
to all your encrypted files.

Regards: [blocked] - Malwarewriter

Win32.[blocked] ?2006 by [blocked]
sk0r alias Czybik's Ascii File Encryption Engine v1.0 ?2006 by [blocked]

The trojan modifies registry at the following location to load itself during each startup.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

It tries to terminate some of the security related processes and blocks access to some of the security related websites.

Attempts to change the password of Administrator to SkorCzybik and the password of current user to CzybikSkor.

This trojan first appeared on June 12, 2006.

 Other names of W32/Skowr Trojan:

This trojan is also known as Trojan.Skowr, TROJ_SKOWR.A .