Win32/Ransom [Threat Name] go to Threat

Win32/Ransom.M [Threat Variant Name]

Category trojan
Size 151716 B
Aliases New.Malware.aj (McAfee)
  Trojan.Winlock.origin (Dr.Web)
Short description

Win32/Ransom.M is a trojan that blocks access to the Windows operating system. To regain access to the operating system the user is asked to send an SMS message to a specified telephone number in exchange for a password. When the correct password is entered the trojan removes itself from the computer.

Installation

When executed, the trojan copies itself into the following location:

  • C:\­system.exe

In order to be executed on system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­Microsoft\­Windows\­CurrentVersion\­RunOnce]
    • "svchost" = "C:\­system.exe"
Other information

The trojan displays the following dialog box:

When the correct password is entered the trojan removes itself from the computer.


The password to regain access to the operating system is one of the following:

  • 782134852

Please enable Javascript to ensure correct displaying of this content and refresh this page.