Trojan.Ransomlock

Trojan.Ransomlock Description



Trojan.Ransomlock is a family name for related Police Trojans that display inaccurate legal alerts, lock your computer and request money that supposedly goes towards paying a legal fine. Rather than being sent by any form of local police authorities, Trojan.Ransomlock actually is the product of criminals who use Trojan.Ransomlock to gather money from victims illegally. Trojan.Ransomlock variants can re-specialize their warning messages for including details that are specific to both your country and your computer, but never should be unlocked through the methods their pop-up warnings recommend. Rather than paying Trojan.Ransomlock off to cease its attacks, SpywareRemove.com malware researchers encourage disabling Trojan.Ransomlock entirely and then following that up by deleting Trojan.Ransomlock with your favorite brand of any anti-malware program.

Trojan.Ransomlock: One of the Rare Times that It’s Safe to Snub the Police


Trojan.Ransomlock is a broad category of Police Ransomware Trojans, similar to Reveton, Urausy, Win32/Ransom, Weelsof, LockScreen and Winlock. SpywareRemove.com malware experts previously analyzed several variants of Trojan.Ransomlock, including Trojan.Ransomlock.G, Trojan.Ransomlock!gen4 and Trojan.Ransomlock.H, all of which display Trojan.Ransomlock’s characteristic behavior:
  • Trojan.Ransomlock is installed without your permission or, usually, your knowledge of the attack. Drive-by-downloads that are enabled on hacked websites, spam e-mail links and compromised networks all can be sources of a Trojan.Ransomlock infection.
  • Trojan.Ransomlock detects your IP address, a statistic that can be used to estimate your PC’s location. After doing this, Trojan.Ransomlock displays an appropriate pop-up for your region (such as, for Americans, the ‘Computer Crime & Intellectual Property Section’ Ransomware) that alleges that your machine has been utilized to commit online crimes related to pornography, terrorist websites and/or copyright infringement.
    Download SpyHunter Spyware Scanner
    The pop-up blocks you from using your desktop and can’t be closed (or minimized).
  • Trojan.Ransomlock’s fake police alert asks you to pay a fine, which usually is transferred through Ukash or Paysafecard. SpywareRemove.com malware researchers warn that doing so is very unlikely to cause Trojan.Ransomlock to deactivate its attacks.
  • Depending on the variant of Trojan.Ransomlock that’s involved in the attack, you also may experience system changes that block you from using several Windows features or programs. Security-related tools like Task Manager are particularly prone to being blocked, but you may be unable to access Windows Explorer at all.

Telling Trojan.Ransomlock Where to Put Its Ransom Demands


Since you don’t gain anything by submitting to Trojan.Ransomlock’s ransom, SpywareRemove.com malware researchers can’t think of any justification for paying any variant of Trojan.Ransomlock or otherwise assuming that its legal threats hold any water. Trojan.Ransomlock’s distribution patterns currently target the United States predominantly, but similar families of Police Trojans also have been analyzed in other regions (particularly Europe).

If your computer becomes locked by Trojan.Ransomlock, the immediate cure-all is to prevent Trojan.Ransomlock and its pop-up from launching. Safe Mode or, at worst, using a separate OS that’s loaded onto a flash drive, should be enough to block Trojan.Ransomlock. With Trojan.Ransomlock blocked, you can use anti-malware software at your leisure to remove Trojan.Ransomlock without any worries about the police penalizing you for the action.

Aliases


Downloader.Agent2.BMJY [AVG]Trojan.Win32.Kovter [Ikarus]Win32/LockScreen.ARJ [ESET-NOD32]Trojan/Win32.Agent [AhnLab-V3]Win32.TrojDownloader.Agent.xz.(kcloud) [Kingsoft]Trojan.Agent.Delf.RTS (B) [Emsisoft]Heuristic.LooksLike.Win32.Suspicious.C!81 [McAfee-GW-Edition]TR/Dldr.Agent.xzeh [AntiVir]Trojan.DownLoader8.50041 [DrWeb]TrojWare.Win32.Trojan.Agent.Gen [Comodo]

More aliases (92)


Trojan.Ransomlock Automatic Detection Tool (Recommended)


Is your PC infected with Trojan.Ransomlock? To safely & quickly detect Trojan.Ransomlock, we highly recommend you run the malware scanner listed below.



Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%System%\userinit.exe, %System%\usrinit.exe"HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop\SafeModeHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBootHKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBootHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
Posted: May 1, 2012 | By
Share:
Follow Me on Pinterest More More
Threat Level: 9/10
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Rate this article:
Detection Count: 433
Home Malware ProgramsTrojans Trojan.Ransomlock

Leave a Reply

What is 6 + 13 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)