Win32/LockScreen [Threat Name] go to Threat

Win32/LockScreen.AKP [Threat Variant Name]

Category trojan
Size 12288 B
Detection created Mar 27, 2012
Detection database version 7002
Short description

Win32/LockScreen.AKP is a trojan that blocks access to the Windows operating system. The file is run-time compressed using UPX .

Installation

When executed, the trojan copies itself into the following location:

  • %userprofile%\­Local Settings\­Application Data\­winsh.exe

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Windows" = "%malwarefilepath%"

The following programs are terminated:

  • explorer.exe
  • taskmgr.exe
Other information

Win32/LockScreen.AKP is a trojan that blocks access to the Windows operating system.


The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains an URL address. The HTTP protocol is used.


The trojan displays the following dialog box:

To regain access to the operating system the user is asked to send information/certain amount of money via Ukash payment service.


When the correct password is entered the trojan is deactivated.

Please enable Javascript to ensure correct displaying of this content and refresh this page.