Black Virus Lockscreen
Posted: November 1, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 17,330 |
|---|---|
| Threat Level: | 8/10 |
| Infected PCs: | 222 |
| First Seen: | November 1, 2016 |
|---|---|
| Last Seen: | September 16, 2023 |
| OS(es) Affected: | Windows |
The Black Virus Lockscreen is a Trojan that blocks your screen with a fake Windows warning claiming that the user has broken the Windows Terms of Use agreement. These attacks are intended to coerce any victims into paying the con artist, posing as technical support, for regaining access to their PCs. Currently, you can unlock your PC with a free code, after which malware researchers strongly encourage using all proper anti-malware tools for uninstalling the Black Virus Lockscreen.
Black is Back in Fashion with Threats
A core component of any ransom-based threat campaign is the tactic by which con artists exhort their victims into transferring money, in most cases, for no quantifiable benefit. This year has seen a climb in the rates of using advanced encryption attacks to force the victim into paying, but such relatively sophisticated payloads aren't always necessary. Threats like the Black Virus Lockscreen samples that malware experts noted recently can make do with attacks as simple as screen-blocking pop-ups.
Currently, slightly over a dozen AV companies identify the Black Virus Lockscreen, all of them heuristically and frequently, as a variant of Zusy. Once run, the Black Virus Lockscreen's payload consists of three visible symptoms:
- The Black Virus Lockscreen may drop and open a Notepad TXT message that warns the user of an infection by a 'Black virus' automatically. The message claims that the virus will erase all files after three days, although malware experts find no function in the Black Virus Lockscreen correlating with such an attack.
- The Black Virus Lockscreen also may load a fake Windows error with minimal information, other than redirecting you to the other messages.
- The Black Virus Lockscreen's last, and most significant message is an HTA window that it may generate without a border and superimposes over your desktop, stopping you from accessing the rest of the Windows environment. This window is where the Trojan presents the majority of its ransom message, claiming that your PC has broken the ToS agreement, thereby requiring disinfection for a fee by a 'Microsoft technician.'
In all cases, the formatting of the language implies that the Black Virus Lockscreen's author is not a native English speaker, but, instead, is using automated translation tools to increase the geographical scope of his threat campaign.
Liberating Your PC from an Undeserved Banning
In spite of its name, the Black Virus Lockscreen is not a virus and doesn't represent any of the usual dangers associated with virus-based infections, such as the possibility of corrupted code injecting itself into unrelated content. However, its capacity for locking the Windows UI does make it a legitimate security hazard, even to PC owners who are uninterested in paying fake technical support to unlock their machines. Malware experts found current samples of the Black Virus Lockscreen responding to the following unlock code: '6666666666666666.' Note that the code requires exactly sixteen characters.
Whether you use the above code to unlock a Black Virus Lockscreen or alternate methods, such as rebooting from an external drive, always disinfect your PC in a manner that allows you to detect all threats associated with this Trojan. Unlike viruses, the Black Virus Lockscreen doesn't include self-reproducing features and may install itself through the payloads of Trojan droppers or Trojan downloaders arriving in e-mail attachments. A significant minority of widely-recognized anti-malware suites can detect and remove the Black Virus Lockscreen, although they rarely will detect it by a non-generic name.
Campaigns like the Black Virus Lockscreen's play off of the guilt and fear of authority that many PC users harbor from downloading untrustworthy content or visiting suspicious websites. No matter what your internet-using history might be, malware analysts remind all readers that fake technical support tactics are no less fake for incorporating legal accusations into their hoaxes.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.