Win32/LockScreen [Threat Name] go to Threat

Win32/LockScreen.AJU [Threat Variant Name]

Category trojan
Size 88064 B
Detection created Jan 27, 2012
Detection database version 9018
Aliases Trojan-Ransom.Win32.Gimemo.hoj (Kaspersky)
  Trojan:Win32/Ransom.EZ (Microsoft)
  W32.Harakit (Symantec)
Short description

Win32/LockScreen.AJU is a trojan that blocks access to the Windows operating system. To regain access to the operating system the user is asked to send a certain amount of money to a specific bank account.

Installation

The trojan does not create any copies of itself.


In order to be executed on every system start, the trojan sets the following Registry entries:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "S%variable%" = "%malwarefilepath%"
    • "Shell" = "%malwarefilepath%"
    • "She11" = "%malwarefilepath%"
    • "Shell2" = "%malwarefilepath%"
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows NT\­CurrentVersion\­Winlogon]
    • "shell" = "%malwarefilepath%"

A string with variable content is used instead of %variable% .

Other information

Win32/LockScreen.AJU is a trojan that blocks access to the Windows operating system.


To regain access to the operating system the user is asked to send a certain amount of money to a specific bank account.


The trojan blocks keyboard and mouse input.


The trojan terminates specific running processes.


The trojan executes the following command:

  • taskkill /F /IM explorer.exe

Please enable Javascript to ensure correct displaying of this content and refresh this page.