Win32/LockScreen [Threat Name] go to Threat

Win32/LockScreen.AKW [Threat Variant Name]

Category trojan
Size 136704 B
Detection created Apr 17, 2012
Detection database version 7061
Aliases Ransom!fm.trojan (McAfee)
  Trojan:Win32/Ransom.EZ (Microsoft)
Short description

Win32/LockScreen.AKW is a trojan that blocks access to the Windows operating system. The file is run-time compressed using UPX .

Installation

The trojan does not create any copies of itself.


In order to be executed on every system start, the trojan sets the following Registry entries:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "S%variable%" = "%malwarefilepath%"
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows NT\­CurrentVersion\­Winlogon]
    • "shell" = "%malwarefilepath%"

A string with variable content is used instead of %variable% .

Other information

Win32/LockScreen.AKW is a trojan that blocks access to the Windows operating system.


The trojan displays the following dialog box:

To regain access to the operating system the user is asked to send an SMS message to a specified telephone number in exchange for a password.


The trojan attempts to send gathered information to a remote machine.


The trojan contains a list of (1) addresses. The SMTP protocol is used.


The trojan may terminate specific running processes.


The trojan blocks keyboard and mouse input.

Please enable Javascript to ensure correct displaying of this content and refresh this page.