Win32/LockScreen [Threat Name] go to Threat

Win32/LockScreen.AKY [Threat Variant Name]

Category trojan
Size 786944 B
Detection created Apr 22, 2012
Detection database version 7077
Aliases Ransom!fn.trojan (McAfee)
  Trojan:Win32/Orsam!rts (Microsoft)
Short description

Win32/LockScreen.AKY is a trojan that blocks access to the Windows operating system.

Installation

When executed, the trojan copies itself into the following location:

  • %windir%\­Temp\­%variable%.exe

A string with variable content is used instead of %variable% .


In order to be executed on every system start, the trojan sets the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "1" = "%windir%\­Temp\­%variable%.exe"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Policies\­Explorer\­Run]
    • "1" = "%windir%\­Temp\­%variable%.exe"

The trojan may delete the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­System\­CurrentControlSet\­Control\­SafeBoot\­Minimal]
  • [HKEY_LOCAL_MACHINE\­System\­CurrentControlSet\­Control\­SafeBoot\­NetWork]
Other information

Win32/LockScreen.AKY is a trojan that blocks access to the Windows operating system.


To regain access to the operating system the user is asked to send a certain amount of money to a specific bank account.


When the correct password is entered the trojan removes itself from the computer.


The password to regain access to the operating system is one of the following:

  • 936916
  • 936915

The trojan may terminate specific running processes.

Please enable Javascript to ensure correct displaying of this content and refresh this page.