Sharecash Screenlocker

The Sharecash Screenlocker is a Trojan that may arrive in your inbox as a file attached to a spam email. The Sharecash Screenlocker Trojan functions similarly to the Survey Warning Ransomware and the ScreenLocker Ransomware. The Sharecash Screenlocker Trojan is a tool for third parties to generate money from completed marketing surveys. The Sharecash Screenlocker is a program that is designed to make modifications to the boot-up sequence of Windows and limit the user's control of the PC. That way the Sharecash Screenlocker can focus the user's attention to marketing surveys.

Market Surveys are the Bargain Chips for the Sharecash Screenlocker

Users that are shown the Sharecash Screenlocker may be fooled into thinking that their copy of Windows is not genuine and they need to fill out a survey on the Web to validate their OS licenses. Microsoft Corp. does not use questionnaires to verify copies of Windows and users should not trust the messages shown by the Sharecash Screenlocker. PC users that are infected with the Sharecash Screenlocker Trojan will land on a lock screen as soon as they log into Windows. The lock screen by Sharecash appears as a program window that cannot be closed and includes a link powered by Sharecash.org to a host with marketing surveys. Sharecash.org offers its clients help with monetizing links, file uploads, and websites, and the service is a legitimate one. However, threat actors seem to abuse Sharecash.org and facilitate part of the functionality present in the Sharecash Screenlocker Trojan. The Sharecash lock screen is titled 'Microsoft Windows@ activation prompt' and features the following message:

'This copy of Microsoft Windows® is not genuine.
To use all Microsoft Windows@ features. such as all updates from Windows Update: get the latest updates: and receive product support. your copy of Microsoft Windows@ must be validated as genuine.
As a new step of security (to continue using Microsoft Windows@). we require you to complete a survey for a new product code.
Click here to get your key
Your IP address:
[your IP address]
Your computer will restart in 5 minutes to avoid damaging it.
Product Key. [text box] Activate your key'

Microsoft Does not Use Help from Marketers to Validate the Windows OS Copies

You will notice that there are typos in the message above and Microsoft is not known to use surveys as means to validate copies of the Windows OS in the past two decades (as of 2016). Ironically, users that run a pirated version of the Windows OS may consider the possibility that they can get a license after completing a short survey. Readers that run a pirated Windows OS should be reminded that their PCs might be vulnerable to remote desktop attacks and do not include patches and security fixes provided by Microsoft. Therefore, you should make sure your license is genuine and have the latest security updates installed.

The Sharecash Screenlocker Limits Your Control and Directs Users to Potentially Compromised Sites

The Sharecash Screenlocker Trojan is a credible threat to your data and can block access to the Taskbar, Registry eEitor, Task Manager, Command Prompt and disable keyboard shortcut that may allow you to avoid completing a survey. As stated above, the surveys are hosted on portals that are controlled by the authors of the Sharecash Screenlocker Trojan. We should note that these portals might be rigged with third-part malware and is not wise to follow the instructions provided on the Sharecash screen lock. PC users will need to boot into Safe Mode on Windows and may need to consider getting help from a licensed technician to remove the Sharecash Screenlocker Trojan with a reputable anti-malware scanner. AV vendors are known to detect the executable of the Sharecash Screenlocker as:

• Artemis!B3D85D66E5B3
• MSIL:FakeAlert-B [Trj]
• Riskware ( 0040eff71 )
• TR/Ransom.42643
• Trojan.Blocker!7BqCQjih5vg
• Trojan.GenericKD.3679954
• Trojan.Winlock.13626
• Trojan/Win32.Gen.C725348
• Trojan/Win32.Ransom.N2149063333
• Trojan:Win32/Dynamer!ac
• Trojan[Ransom]/Win32.Blocker
• W32/Trojan.KING-0986
• Win32.Trojan.Blocker.Pgmq