Win32/LockScreen [Threat Name] go to Threat

Win32/LockScreen.AKF [Threat Variant Name]

Category trojan
Size 231079 B
Aliases Trojan-Ransom.Win32.Delf.in (Kaspersky)
  Trojan:Win32/Rimod (Microsoft)
  Backdoor.Graybird (Symantec)
Short description

Win32/LockScreen.AKF is a trojan that blocks access to the Windows operating system. The file is run-time compressed using NSPACK .

Installation

The trojan does not create any copies of itself.


In order to be executed on every system start, the trojan sets the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows NT\­CurrentVersion\­Winlogon]
    • "Shell" = "%malwarefilepath%"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "web" = "%malwarefilepath%"
Other information

Win32/LockScreen.AKF is a trojan that blocks access to the Windows operating system.


To regain access to the operating system the user is asked to send an SMS message to a specified telephone number in exchange for a password.


The trojan displays the following dialog box:

The password to regain access to the operating system is one of the following:

  • 9829554

When the correct password is entered the trojan is deactivated.

Please enable Javascript to ensure correct displaying of this content and refresh this page.