899991 is a noxious modern malware categorized by security analysts as a Trojan Horse. As per reports, 899991 uses camouflage for accessing its victims’ machines and can often be distributed on the Internet as some seemingly-harmless software that people would willingly download.
Many of our users received an Extortion SMS Message with the following text:
Desafortunadamente, tengo mas noticias para ti. Hace varios meses, tuve acceso al dispositivo que esta utilizando para navegar por Internet. Desde entonces, he estado monitoreando su actividad en Internet. Como visitante habitual de sitios para adultos, puedo confirmar que usted es responsable de esto. Para simplificar las cosas, los sitios web que ha visitado me han proporcionado acceso a sus datos. Cargue un caballo de Troya basado en el controlador que actualiza su firma varias veces al dia, para que sea imposible que el antivirus lo detecte. Ademas, me da acceso a su camara y microfono. Ademas, hice una copia de seguridad de todos los datos, incluidas fotos, redes sociales, chats y contactos. Recientemente, tuve una idea increible de crear el video que disfrutas en una parte de la pantalla, mientras el video se reproducia simultaneamente en otra pantalla. !Fue divertido! Asegurese de que pueda enviar facilmente este video a todos sus contactos con solo unos pocos clics, y supongo que le gustaria evitar este escenario. Con eso en mente, aqui esta mi propuesta: transfiera la cantidad equivalente a 1300 USD a mi billetera Bitcoin y me olvidare de todo. Tambien eliminare permanentemente todos los datos y videos. En mi opinion, este es un precio algo modesto por mi trabajo. Puedes averiguar como comprar Bitcoins usando buscadores como Google o Bing, ya que no es muy dificil. Mi billetera Bitcoin (BTC): 1F34gHWdSXVnN5zy5mA7gEaKgeu8NGPHCw Tiene 48 horas para responder y tambien debe tener en cuenta lo siguiente Tampoco tiene sentido quejarse, ya que no se puede rastrear la carta junto con mi billetera Bitcoin. Todo fue orquestado con precision. Si detecto que mencionaste algo sobre esta carta a alguien, el video se compartira de inmediato y tus contactos seran los primeros en recibirlo. !Entonces el video se publicara en la web! !Buena suerte y tomatelo con calma! Fue solo mala suerte, la proxima vez, ten cuidado.
After the disguised 1f34ghwdsxvnn5zy5ma7geakgeu8ngphcw Bitcoin SMS Trojan has been downloaded on the machine, the victims will usually be requested to allow it to make system changes. Some Trojans may also ask for administrative rights.
At this point, of course, the victims believe they’re operating a legitimate app and will typically grant it all permissions needed to run the file. And this is how the Trojan gains complete control of the machine and starts to run its stealthy criminal agenda.
The activities that threats like 899991, “You still have not paid the requested amount of $ 250.“, “You’ve Been Hacked” can run once inside the device, however, are often unknown, since they can be very versatile. In general, each Trojan-based threat can be programmed to perform different criminal tasks. For instance, 899991 may be set to spy on its victims and, in this case, it will silently keep track of the keystrokes, the screen, the online and offline activities of the users without showing any indications of its presence. In this way, the hackers can collect valuable information about the victims and determine how to exploit it in their own interests.
Money extortion is just one of the follow-up to the fact that your device has been compromised by a Trojan that is secretly transferring your information to people with malicious intentions. If they get their hands on your credit or debit card details, they may empty your bank accounts ballances before you even known it.
However, espionage is not the only way to employ such a virus. Trojans such as 899991 are also used to distribute other malicious programs to the victims’ machines. Thanks to their backdooring ability, these threats may insert root kits, Ransomware cryptoviruses, different phishing applications and spyware into the system without the knowledge of the victim. They may also block the existing security program from doing its job in order to allow other malware to slip in.
Sometimes, the Trojan infections may obtain administrative rights over the OS and use them to trigger a variety of resource-intensive processes on the attacked device. In such situations, the victims may experience a significant slowdown of the device’s speed and even crashes, screen-freezing issues, or other software and system disruptions and errors, most of which may be a result from the Trojan’s excessive system resources exploitation.
Sadly, in most of the cases, there will be no visible symptoms of the harmful activities that threats like 899991 are performing. That’s why your best chances to detect and remove the malware on time is to use a reliable antivirus program that can scan your entire device.
Fight the virus
If you haven’t been notified of this hazard on time by your antivirus, then this might be due to the inability of the security program to detect the Trojan in its virus definition databases. Indeed, it may take some time for new threats like 899991 to be added to the virus databases of security programs and during that time, they may be invisible for the antivirus apps. That’s why, in such as scenario, it’s better to use a manual removal guide such as the one that you can find below and maybe update your anti-malware tool with a more-robust one that can remove 899991 immediately.
|Danger Level||High (Trojans are often used as a backdoor for Ransomware)|
|Symptoms||Unusual system errors, sudden crashes, unresponsiveness and data destruction could be potential symptoms of a Trojan Horse infection.|
|Distribution Method||Different spam messages, malvertisements, torrents, cracked software installers, illegal websites.|
Some threats reinstall themselves if you don't delete their core files. We recommend downloading SpyHunter to remove harmful programs for you. This may save you hours and ensure you don't harm your system by deleting the wrong files.
Remove 899991 SMS
If you are looking for a way to remove 899991 you can try this:
- Click on the Start button in the bottom left corner of your Windows OS.
- Go to Control Panel -> Programs and Features -> Uninstall a Program.
- Search for 899991 and any other unfamiliar programs.
- Uninstall 899991 as well as other suspicious programs.
Note that this might not get rid of 899991 completely. For more detailed removal instructions follow the guide below.
If you have a Windows virus, continue with the guide below.
If you have a Mac virus, please use our How to remove Ads on Mac guide.
If you have an Android virus, please use our Android Malware Removal guide.
If you have an iPhone virus, please use our iPhone Virus Removal guide
Some of the steps will likely require you to exit the page. Bookmark it for later reference.
Reboot in Safe Mode (use this guide if you don’t know how to do it).
WARNING! READ CAREFULLY BEFORE PROCEEDING!
Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous.
Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:
After you open their folder, end the processes that are infected, then delete their folders.
Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.
Hold together the Start Key and R. Type appwiz.cpl –> OK.
You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:
Type msconfig in the search field and hit enter. A window will pop-up:
Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.
- Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.
Hold the Start Key and R – copy + paste the following and click OK:
A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:
If there are suspicious IPs below “Localhost” – write to us in the comments.
Type Regedit in the windows search field and press Enter.
Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:
- HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random
If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!