Home Malware Programs Trojans 'caforssztxqzf2nm.onion' Locker

'caforssztxqzf2nm.onion' Locker

Posted: November 20, 2018

The 'caforssztxqzf2nm.onion' Locker is a harmful application that is likely to still be under development since malware researchers are yet to encounter victims who have had their computers compromised by this particular threat. The 'caforssztxqzf2nm.onion' Locker does not feature a working file-encryption algorithm yet, but it still displays a ransom message, which tells the victims that their data has been encrypted securely and the only recovery option is to pay for the decryption services of the attackers.

Another peculiar thing about the 'caforssztxqzf2nm.onion' Locker is what it does to the infected computer. It applies a change to the Windows Registry, which ensures that the next time Windows starts it will boot in ‘First Run Mode’ (the first run after Windows has been installed). To ensure that this will happen, the 'caforssztxqzf2nm.onion' Locker will use the command ‘shutdown -r -t 35 –f,’ which tells the PC to restart after exactly 35 seconds. When the computer boots up again, it will display the file ‘payload.hta’ – a ransom message that tells victims to visit the TOR-based page 'caforssztxqzf2nm.onion' for additional details and payment instructions.

While the 'caforssztxqzf2nm.onion' Locker is not a fully functional threat, for now, it is clear that its authors know what they are doing, and the final product is likely to be very, very dangerous. You should take the required measures to minimize the damage that threats like the 'caforssztxqzf2nm.onion' Locker are able to cause to your computer immediately:

  • Avoid downloading files from suspicious websites.
  • Stay away from pirated software and media.
  • LUse an updated anti-virus tool.
  • Apply all operating system and software security patches.
  • Backup your important files to the cloud or an offline storage regularly.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to 'caforssztxqzf2nm.onion' Locker may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.