Win32/LockScreen [Threat Name] go to Threat

Win32/LockScreen.BED [Threat Variant Name]

Category trojan
Size 1339392 B
Detection created Dec 02, 2013
Detection database version 9119
Aliases Trojan-Ransom.Win32.Gimemo.bmfl (Kaspersky)
  Trojan:Win32/LockScreen.CZ (Microsoft)
Short description

Win32/LockScreen.BED is a trojan that blocks access to the Windows operating system.

Installation

The trojan does not create any copies of itself.


In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "LockApp" = "%malwarefilepath%"
Other information

Win32/LockScreen.BED is a trojan that blocks access to the Windows operating system.


The trojan displays the following dialog box:

To regain access to the operating system the user is asked to send an SMS message to a specified telephone number in exchange for a password.


The password to regain access to the operating system is one of the following:

  • 0101777

When the correct password is entered the trojan is deactivated.


The trojan executes the following commands:

  • taskkill /F /IM Winlogons.exe
  • taskkill /F /IM explorer.exe

Please enable Javascript to ensure correct displaying of this content and refresh this page.