Win32/MBRlock [Threat Name] go to Threat

Win32/MBRlock.C [Threat Variant Name]

Category trojan
Size 62492 B
Detection created May 20, 2011
Detection database version 6138
Aliases Trojan-Ransom.Win32.Mbro.nd (Kaspersky)
  Trojan.ADH (Symantec)
  VB.BEFD (AVG)
Short description

Win32/MBRlock.C is a trojan that blocks access to the Windows operating system. When the correct password is entered the trojan removes itself from the computer.

Installation

When executed, the trojan copies itself into the following location:

  • %temp%\­x2z8.exe (62492 B)

This copy of the trojan is then executed.


The trojan creates the following files:

  • %temp%\­fpath.txt

The trojan replaces the Master Boot Record with its own code that will gain control of the compromised computer when it restarts.


After the installation is complete, the trojan deletes the original executable file.

Other information

The trojan displays the following message:

When the correct password is entered the trojan removes itself from the computer.


The password to regain access to the operating system is one of the following:

  • 4011894

The trojan deactivates itself on 05.07.2011 (16:03) .


The trojan may perform operating system restart.

Please enable Javascript to ensure correct displaying of this content and refresh this page.