Win32/LockScreen [Threat Name] go to Threat

Win32/LockScreen.AKM [Threat Variant Name]

Category trojan
Size 1072640 B
Detection created Mar 11, 2012
Detection database version 6957
Short description

Win32/LockScreen.AKM is a trojan that blocks access to the Windows operating system.

Installation

When executed, the trojan copies itself into the following location:

  • %windir%\­Sound.exe

The trojan creates the following file:

  • %windir%\­Sound.bat (41 B)

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Sound" = "%windir%\­Sound.bat"

The trojan moves the following files (source, destination):

  • %windir%\­system32\­taskmgr.exe, %windir%\­system32\­mdsdba.dll

The following Registry entries are removed:

  • [HKEY_LOCAL_MACHINE\­System\­CurrentControlSet\­Control\­SafeBoot\­NetWork]
  • [HKEY_LOCAL_MACHINE\­System\­CurrentControlSet\­Control\­SafeBoot\­Minimal]
Other information

Win32/LockScreen.AKM is a trojan that blocks access to the Windows operating system.


The trojan displays the following dialog boxes:

To regain access to the operating system the user is asked to send information/certain amount of money via WebMoney payment service.


The password to regain access to the operating system is one of the following:

  • J25ZvzOv
  • 201213

When the correct password is entered the trojan is deactivated.

Please enable Javascript to ensure correct displaying of this content and refresh this page.