Win32/LockScreen [Threat Name] go to Threat

Win32/LockScreen.AKD [Threat Variant Name]

Category trojan
Size 2052967 B
Aliases Hoax.Win32.BadJoke.Agent.ebj (Kaspersky)
  Trojan:Win32/Ransom.DB (Microsoft)
Short description

Win32/LockScreen.AKD is a trojan that blocks access to the Windows operating system. The file is run-time compressed using RAR SFX .

Installation

When executed, the trojan copies itself into the following location:

  • %windir%\­sttix.exe

In order to be executed on every system start, the trojan sets the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "sttix" = "%windir%\­sttix.exe"

The following Registry entries are set:

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­Policies\­System]
    • "DisableTaskMgr" = 1
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Policies\­System]
    • "DisableTaskMgr" = 1

The trojan creates the following file:

  • %temp%\­RARSFX%variable%\­sstix.reg (744 B, Win32/LockScreen.AKD)

A string with variable content is used instead of %variable% .


The file is then executed.

Other information

Win32/LockScreen.AKD is a trojan that blocks access to the Windows operating system.


To regain access to the operating system the user is asked to send a certain amount of money to a specific bank account.


The trojan displays the following dialog box:

The trojan may turn off the computer.

Please enable Javascript to ensure correct displaying of this content and refresh this page.