Win32/LockScreen [Threat Name] go to Threat

Win32/LockScreen.AKN [Threat Variant Name]

Category trojan
Size 838656 B
Aliases Trojan:Win32/LockScreen.BY (Microsoft)
Short description

Win32/LockScreen.AKN is a trojan that blocks access to the Windows operating system. The file is run-time compressed using UPX .

Installation

When executed, the trojan creates the following files:

  • %temp%\­%variable%.tmp\­block.reg (145 B, Win32/LockScreen.AKN)
  • %windir%\­host.exe (796672 B, Win32/LockScreen.AKN)

A string with variable content is used instead of %variable% .


The files are then executed.


In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Driver" = "%windir%\­host.exe -LM"

The following programs are terminated:

  • taskmgr.exe
  • msconfig.exe
  • regedit.exe
  • explorer.exe

The following Registry entry is deleted:

  • [HKEY_LOCAL_MACHINE\­SYSTEM\­CurrentControlSet\­Control\­SafeBoot]
Other information

Win32/LockScreen.AKN is a trojan that blocks access to the Windows operating system.


The trojan displays the following dialog box:

To regain access to the operating system the user is asked to send an SMS message to a specified telephone number in exchange for a password.


When the correct password is entered the trojan is deactivated.

Please enable Javascript to ensure correct displaying of this content and refresh this page.