MSIL/LockScreen [Threat Name] go to Threat

MSIL/LockScreen.M [Threat Variant Name]

Category trojan
Size 1728864 B
Detection created Jan 15, 2011
Detection database version 5789
Aliases TrojanDropper:MSIL/Foorskanem.B (Microsoft)
Short description

MSIL/LockScreen.M is a trojan that blocks access to the Windows operating system.

Installation

When executed, the trojan creates the following files:

  • %windir%\­explorerr.exe (1108711 B, MSIL/LockScreen.M)
  • %userprofile%\­explorerr.exe (1108711 B, MSIL/LockScreen.M)
  • %windir%\­system32\­explorerr.exe (1108711 B, MSIL/LockScreen.M)

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows NT\­CurrentVersion\­Winlogon]
    • "Shell" = "Explorerr.exe"

The following Registry entry is set:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Policies\­System]
    • "DisableTaskMgr" = "1"
Other information

MSIL/LockScreen.M is a trojan that blocks access to the Windows operating system.


The trojan displays the following dialog boxes:

To regain access to the operating system the user is asked to send information/certain amount of money via WebMoney payment service.


The password to regain access to the operating system is one of the following:

  • 47394762
  • 1205167

When the correct password is entered the trojan is deactivated.


The trojan may turn off the computer.


Trojan requires the Microsoft .NET Framework to run.

Please enable Javascript to ensure correct displaying of this content and refresh this page.