'Seu windows foi sequestrado' Screen Locker
Posted: February 6, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 9 |
| First Seen: | February 6, 2017 |
|---|---|
| Last Seen: | January 13, 2020 |
| OS(es) Affected: | Windows |
The 'Seu windows foi sequestrado' Screen Locker is a Trojan that locks your screen by displaying a non-closing pop-up window. While it describes this attack as being a punishment for your Windows 'terms of use' violations, the 'Seu windows foi sequestrado' Screen Locker is not a Microsoft-endorsed program and should be assumed to be a threat to your PC's safety. Use the methods described in this article for regaining access to appropriate security solutions and uninstalling the 'Seu windows foi sequestrado' Screen Locker.
Outreach from 'Microsoft' with Transfixing Trojans
Although the Internet makes it easier than ever for PC users to commit such casual misdeeds such as software piracy with relatively few repercussions, con artists prey on the guilty consciences of these careless offenders routinely. Social engineering hoaxes incorporating extortion via fake legal alerts have always been a common aspect of ransomware and screen-locking Trojans, and continue being so with new campaigns, like the 'Seu windows foi sequestrado' Screen Locker's attacks. As a Portuguese-based threat with no known variants for other languages, this Trojan most likely is targeting users in South America or Portugal.
The 'Seu windows foi sequestrado' Screen Locker uses a simple lock-screen function with an interactive HTA pop-up. This window includes an embedded button for contacting a so-called Microsoft technician for assistance with removing the screen lock-down along with another field for inputting the unlocking code, once you receive it. Most significantly, the 'Seu windows foi sequestrado' Screen Locker also provides lengthy text warning that your PC is under a lock-down and its files are encrypted (a data enciphering process that makes the file data temporarily unusable)
Although the pop-up stops you from switching to any other applications or viewing the Windows UI, the 'Seu windows foi sequestrado' Screen Locker isn't a Microsoft-endorsed program. Its attacks differ from previous, similar Trojans analyzed by malware experts primarily due to an apparent lack of authentic encryption. Victims only need to disinfect their PCs to reverse any damages, which doesn't require paying any ransom the con artist is demanding.
How Hard-Coding Turns into an Easy Exit
There are reasons why most ransom-based Trojans use attacks and solutions tailor-made for each victim: a single, universal solution may make it drastically easier to remove the threat and revert any file damage. Since the 'Seu windows foi sequestrado' Screen Locker doesn't encrypt any content, its only risk is its ability to block your desktop with its fake Microsoft window. However, malware experts find that the key to unlocking it is hard-coded into the Trojan's executable. Inputting '3458966021784633' into the relevant field will re-allow access to your desktop, after which you can restart in Safe Mode or boot using a removable device.
The 'Seu windows foi sequestrado' Screen Locker uses misleading names for many of its components, including some that hint that the Trojan's threat actors may be installing it as a fake Bitcoin generator. After disabling the Trojan and regaining general software accessibility, use your anti-malware programs to identify and delete the 'Seu windows foi sequestrado' Screen Locker, as with any similar threat. Unless the threat actors update this program with unanticipated, new features, running a decryptor should be unnecessary.
Like many Trojans extorting money through threats, the 'Seu windows foi sequestrado' Screen Locker bolsters its payload by lying to the person at the keyboard. Simply being aware of what is and isn't standard practice for companies like Microsoft is valuable for defeating threats like the 'Seu windows foi sequestrado' Screen Locker even before they install themselves.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.