Win32/LockScreen [Threat Name] go to Threat

Win32/LockScreen.AKV [Threat Variant Name]

Category trojan
Size 911360 B
Aliases GPcoder.j.trojan (McAfee)
Short description

Win32/LockScreen.AKV is a trojan that blocks access to the Windows operating system. The file is run-time compressed using UPX .

Installation

When executed, the trojan copies itself into the following location:

  • %temp%\­taskinit.exe

In order to be executed on every system start, the trojan sets the following Registry entries:

  • [HKEY_CURRENT_USER\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "UShell" = "%temp%\­taskinit.exe"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows NT\­CurrentVersion\­Winlogon]
    • "Shell" = "%temp%\­taskinit.exe"

The following programs are terminated:

  • taskmgr.exe
  • explorer.exe
  • cmd.exe
Information stealing

The trojan collects the following information:

  • computer IP address

The trojan attempts to send gathered information to a remote machine.


The trojan sends the information via e-mail. The trojan contains a list of (2) addresses.

Other information

Win32/LockScreen.AKV is a trojan that blocks access to the Windows operating system.


The trojan displays the following dialog box:

To regain access to the operating system the user is asked to send information/certain amount of money via Ukash, Paysafecard payment service.


The password to regain access to the operating system is one of the following:

  • 111122223333

When the correct password is entered the trojan is deactivated.


The trojan blocks keyboard and mouse input.

Please enable Javascript to ensure correct displaying of this content and refresh this page.