Win32/LockScreen [Threat Name] go to Threat

Win32/LockScreen.AJP [Threat Variant Name]

Category trojan
Size 225280 B
Aliases Trojan-Ransom.Win32.Pihun.oz (Kaspersky)
  Trojan.PWS.Banker.63324 (Dr.Web)
  Trojan.Randsom.A (Symantec)
Short description

Win32/LockScreen.AJP is a trojan that blocks access to the Windows operating system. To regain access to the operating system the user is asked to send information/certain amount of money via Ukash, Paysafecard payment service. The file is run-time compressed using UPX .

Installation

When executed, the trojan copies itself into the following location:

  • C:\­pietro.exe

The trojan creates the following files:

  • C:\­pietro.bat

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "pietro" = "C:\­pietro.bat"
Other information

Win32/LockScreen.AJP is a trojan that blocks access to the Windows operating system.


The trojan displays the following dialog box:

To regain access to the operating system the user is asked to send information/certain amount of money via Ukash, Paysafecard payment service.


The trojan executes the following files:

  • taskmgr.exe

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains an URL address. The HTTP protocol is used.

Please enable Javascript to ensure correct displaying of this content and refresh this page.