MSIL/LockScreen [Threat Name] go to Threat

MSIL/LockScreen.J [Threat Variant Name]

Category trojan
Size 42496 B
Short description

MSIL/LockScreen.J is a trojan that blocks access to the Windows operating system.

Installation

The trojan does not create any copies of itself.


The following Registry entries are set:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Policies\­System]
    • "DisableTaskMgr"= 1
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "System" = ""
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "System32" = ""
Other information

MSIL/LockScreen.J is a trojan that blocks access to the Windows operating system.


To regain access to the operating system the user is asked to send an SMS message to a specified telephone number in exchange for a password.


The trojan displays the following dialog boxes:

When the correct password is entered the trojan is deactivated.


The password to regain access to the operating system is one of the following:

  • 5d8w6y9s
  • SoNNy
  • marek

The trojan connects to the following addresses:

  • http://son%removed%/pocet.SoNNy

The trojan may create the following files:

  • C:\­windows.exe

The trojan may turn off the computer.

Please enable Javascript to ensure correct displaying of this content and refresh this page.