SecurityHome.eu Trojan.Ransomlock.AK

Home / malware PDF

Trojan.Ransomlock.AK

First posted on 02 April 2014.
Source: Symantec
Aliases :
There are no other names known for Trojan.Ransomlock.AK.
Explanation :
When the Trojan is executed, it creates the following folder:
%UserProfile%/Application Data/Local Settings/Application Data/KB9162892

It then creates the following file:
%UserProfile%/Application Data/Local Settings/Application Data/KB9162892/KB9162892.exe

Next, the Trojan creates the following registry entry so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\"KB9162892" = "%UserProfile%/Application Data/Local Settings/Application Data/KB9162892/KB9162892.exe"

The Trojan may connect to the following remote locations:
[http://]energizer2012.org/form[REMOVED][http://]wista-opencup.org/form[REMOVED]
The Trojan may lock the desktop, making the computer unusable, and ask the user to pay to unlock it.
Last update 02 April 2014

TOP

Malware :

Last 20

Trojan.Ransomlock.AK

Aliases :

Explanation :

Malware :

Family: