Trojan.Ransomlock.R
Posted: October 1, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 14 |
| First Seen: | October 1, 2012 |
|---|---|
| OS(es) Affected: | Windows |
Trojan.Ransomlock.R is one of many members of the Ransomlock family, a collective of Police Ransomware Trojans that display erroneous legal warnings and lock your computer – all in an effort to make you transfer money to criminals. Trojan.Ransomlock.R particularly is associated with Police Trojans related to Europe (like the Police Central e-crime Unit (PCEU) Ransomware or the Metropolitan Police Ukash Virus) but may use different pop-up warnings, according to the IP address of the infected computer. In spite of its appearances as a digital arm of the law, SpywareRemove.com malware researchers emphasize that Trojan.Ransomlock.R is illegal and never should be paid.
Trojan.Ransomlock.R: Using the Fake Law to Commit Crimes Against Your PC
All members of the Ransomlock family analyzed by SpywareRemove.com malware researchers thus far have attempted to disguise themselves as messages from a local police agency, with Trojan.Ransomlock.R proving to be a follower of this general rule. Some other members of Trojan.Ransomlock.R's family include Trojan.Ransomlock.G, Trojan.Ransomlock!gen4 and Trojan.Ransomlock.H, all of which can be detected through their typical screen-wide pop-up warnings.
Through references to the London police, the Police Central E-Crime Unit and similar organizations, Trojan.Ransomlock.R attempts to convince any victims that its pop-up warnings are real legal alerts from the authorities. Unlike a real law-enforcing program, Trojan.Ransomlock.R doesn't display its alert only in appropriate circumstances; SpywareRemove.com malware researchers have noted that Trojan.Ransomlock.R's alert will display even for computers that aren't guilty of the criminal activities described in its text.
Along with making general accusations regarding crimes like viewing child pornography or downloading copyright-protected media, Trojan.Ransomlock.R also will prevent you from using Windows or any major Windows programs. Trojan.Ransomlock.R claims to unlock your computer after the appropriate fine is paid, but SpywareRemove.com malware experts haven't found any sign of a legitimate system-unlocking function from Trojan.Ransomlock.R and don't recommend paying its ransom.
The Right Way to Escape Detainment by a Trojan.Ransomlock.R Infection
Given that attacks by Trojan.Ransomlock.R Trojans always lock you out of Windows and any obvious means of ridding yourself of Trojan.Ransomlock.R's pop-up, you should look towards disabling Trojan.Ransomlock.R as the most important step in disinfecting your PC. However, SpywareRemove.com malware experts stress that this doesn't utilize paying Trojan.Ransomlock.R for its attacks, but, instead, booting your computer from an uninfected source – such as any easily-accessible USB drive. This will allow you to access your computer and use anti-malware products as necessary to remove Trojan.Ransomlock.R.
Trojan.Ransomlock.R and other Ransomlock-based Police Trojans usually don't include self-distributing features. Therefore, you should be aware of the likelihood of any Trojan.Ransomlock.R infection also including other PC threats, such as Trojan downloaders, that may cause additional issues. Anti-malware scans from the appropriate environment, as described above, should be sufficient for removing Trojan.Ransomlock.R and any other PC threats that might have installed Trojan.Ransomlock.R initially. Trojan.Ransomlock.R infection vectors often include drive-by-download scripts from malicious or compromised websites, and may not display any symptoms – at least, not until you start seeing Trojan.Ransomlock.R's pop-up.
Technical Details
Registry Modifications
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"(Default)" = "%CurrentFolder%\[RANDOM FILE NAME]"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.