Trojan.Ransomlock.AF
Posted: August 22, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 5 |
| First Seen: | August 22, 2013 |
|---|---|
| OS(es) Affected: | Windows |
Trojan.Ransomlock.AF is a Windows locker Trojan that changes your Windows account password and instructs you to contact the malware author to purchase the new password. With attacks that are targeted at Chinese victims, Trojan.Ransomlock.AF's means of locking Windows are somewhat unorthodox for ransomware, but SpywareRemove.com malware experts have noted several ways of circumventing its lockdown and restoring your PC for free. Once you've regained access to your computer, anti-malware software can be used to remove Trojan.Ransomlock.AF, which should be done ASAP since Trojan.Ransomlock.AF does include some self-updating functions.
Trojan.Ransomlock.AF and the Windows Login Switcharoo
Ransomware Trojans have been known to use various forms of both sophisticated and simple means of locking down the computers that they infect, and Trojan.Ransomlock.AF is exemplary of how an effective system lockdown doesn't need to be a complex attack. After being installed through instant messenger spam, Trojan.Ransomlock.AF changes the currently logged in Windows account's password. Current versions of Trojan.Ransomlock.AF Trojans are configured to change passwords to 'tan123456789,' although this is theoretically reconfigurable in future versions of Trojan.Ransomlock.AF. Trojan.Ransomlock.AF also changes the name of the affected Windows account to a brief message instructing the victim to contact the malware author and purchase the new password for a surprisingly low fee (equivalent to under three USD in Chinese Yuan).
Although Trojan.Ransomlock.AF's ransom is much lower than the hundred or two hundred dollar ones circulated in more typical types of Windows locker Trojans than itself, SpywareRemove.com malware researchers don't recommend paying this illegal fee – since the criminal in question has no real reason to give you the new password even after the payment. Recovering your Windows account can take several paths as follows (besides using the default new password mentioned earlier in this article):
- If you have access to a separate Windows administrator account, you simply can switch to the administrator account and change the affected Windows account's password as normal.
- If this fails or is inaccessible for some reason, the Windows super admin account feature also can be used to a similar effect. This feature usually is disabled by default but can be reactivated through the Command Prompt.
- Finally, you can use a Windows system repair disk that's loaded onto a peripheral device such as any USB drive.
Freeing Windows from a Lazy Trojan.Ransomlock.AF
While getting back into Windows is your first goal after suffering from a Trojan.Ransomlock.AF attack, removing Trojan.Ransomlock.AF from your PC should be a close second. Trojan.Ransomlock.AF has not been found to include any other major functions for compromising your PC, and its password changes are hard-coded (and, therefore, not reconfigurable 'on the fly'), but, despite these limitations, Trojan.Ransomlock.AF should be treated as a high-level threat by default. Reputable anti-malware tools so far have shown few problems in removing Trojan.Ransomlock.AF, but its recently-identified nature may prevent some out-of-date security programs from recognizing Trojan.Ransomlock.AF.
Instant messenger spam links and file attachments are the major infection vectors for Trojan.Ransomlock.AF and are known to frequent applications especially popular in China. However, PC users in other regions also may be affected by Trojan.Ransomlock.AF's attacks, and overall common sense precautions regarding potentially dangerous file sources should be kept in mind.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.