Win32/LockScreen [Threat Name] go to Threat

Win32/LockScreen.AKC [Threat Variant Name]

Category trojan
Size 523264 B
Detection created Feb 16, 2012
Detection database version 6890
Aliases GenericPWS.y!dxm.trojan (McAfee)
Short description

Win32/LockScreen.AKC is a trojan that blocks access to the Windows operating system.

Installation

The trojan does not create any copies of itself.


The trojan creates the following file:

  • C:\­111.bat (201 B, BAT/Prockill.NAI)

The file is then executed.


In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­SOFTWARE\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "C:\­hackmail.exe" = "%malwarefilepath%"

The following Registry entry is set:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Policies\­System]
    • "DisableTaskMgr" = 1

The following programs are terminated:

  • regedit.exe
  • explorer.exe
  • firefox.exe
  • opera.exe
  • iexplorer.xe
  • safari.exe
  • chrome.exe
Information stealing

The trojan collects the following information:

  • computer IP address

The trojan attempts to send gathered information to a remote machine.


The trojan sends the information via e-mail. The trojan contains a list of (1) addresses.

Other information

Win32/LockScreen.AKC is a trojan that blocks access to the Windows operating system.


The trojan displays the following dialog box:

Please enable Javascript to ensure correct displaying of this content and refresh this page.