MSIL/LockScreen [Threat Name] go to Threat
MSIL/LockScreen.M [Threat Variant Name]
Category | trojan |
Size | 1728864 B |
Aliases | TrojanDropper:MSIL/Foorskanem.B (Microsoft) |
Short description
MSIL/LockScreen.M is a trojan that blocks access to the Windows operating system.
Installation
When executed, the trojan creates the following files:
- %windir%\explorerr.exe (1108711 B, MSIL/LockScreen.M)
- %userprofile%\explorerr.exe (1108711 B, MSIL/LockScreen.M)
- %windir%\system32\explorerr.exe (1108711 B, MSIL/LockScreen.M)
In order to be executed on every system start, the trojan sets the following Registry entry:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
- "Shell" = "Explorerr.exe"
The following Registry entry is set:
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
- "DisableTaskMgr" = "1"
Other information
MSIL/LockScreen.M is a trojan that blocks access to the Windows operating system.
The trojan displays the following dialog boxes:
To regain access to the operating system the user is asked to send information/certain amount of money via WebMoney payment service.
The password to regain access to the operating system is one of the following:
- 47394762
- 1205167
When the correct password is entered the trojan is deactivated.
The trojan may turn off the computer.
Trojan requires the Microsoft .NET Framework to run.