Home Malware Programs Trojans Trojan:Win32/Loktrom.A

Trojan:Win32/Loktrom.A

Posted: November 15, 2012

Threat Metric

Ranking: 16,815
Threat Level: 10/10
Infected PCs: 241
First Seen: November 15, 2012
Last Seen: August 9, 2023
OS(es) Affected: Windows

Trojan:Win32/Loktrom.A is a Trojan that is used by attackers to spread a certain ransomware program. Trojan:Win32/Loktrom.A blocks affected PC users from accessing the desktop. Trojan:Win32/Loktrom.A displays a pop-up image/warning message on the screen of the targeted computer claiming that illegitimate activity has been detected on your computer and you need to transfer the payment to a certain prepaid mobile account to unlock the desktop. Trojan:Win32/Loktrom.A may add a randomly-generated file name. Trojan:Win32/Loktrom.A creates the certain registry entries so that it can run automatically every time Windows is started. Trojan:Win32/Loktrom.A states that upon sending the payment, you will receive an unlock code to restore access to your PC. Trojan:Win32/Loktrom.A also deceptively declares association with Windows and Microsoft Security Essentials, when, in actuality, it is not related to Windows or Microsoft.

Technical Details

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "explorer" = "[malware file name]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon = "Shell" = "[malware file name]"
Loading...