Win32/LockScreen [Threat Name] go to Threat

Win32/LockScreen.AQE [Threat Variant Name]

Category trojan
Size 114156 B
Detection created Jan 23, 2013
Detection database version 8840
Short description

Win32/LockScreen.AQE is a trojan that blocks access to the Windows operating system.

Installation

The trojan does not create any copies of itself.


In order to be executed on every system start, the trojan sets the following Registry entries:

  • [HKEY_CURRENT_USER\­SOFTWARE\­Microsoft\­Windows NT\­CurrentVersion\­Winlogon]
    • "Shell" = "%malwarefilepath%"
    • "Userinit" = "%malwarefilepath%"
    • "UIHost" = "%malwarefilepath%"
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Explorer" = "%malwarefilepath%"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows NT\­CurrentVersion\­Winlogon]
    • "Shell" = "%malwarefilepath%"
    • "Userinit" = "%malwarefilepath%"
    • "UIHost" = "%malwarefilepath%"
Other information

Win32/LockScreen.AQE is a trojan that blocks access to the Windows operating system.


The trojan displays the following dialog box:

To regain access to the operating system the user is asked to send information/certain amount of money via QIWI payment service.


However, this will not result in the removal of the malware from the system.


The trojan hides the windows of certain running applications.


The trojan blocks keyboard and mouse input.


The following programs are terminated:

  • explorer.exe
  • OllyDBG.exe
  • idag.exe
  • cv.exe
  • w32dsm89.exe
  • processhacker.exe
  • wireshark.exe
  • taskmgr.exe
  • msconfig.exe
  • cmd.exe

Please enable Javascript to ensure correct displaying of this content and refresh this page.