Trojan:Win32/Tobfy.A is a Trojan that is a component of a Police Central e-crime Unit (PCEU) Ransomware. Trojan:Win32/Tobfy.A is used by cybercriminals to spread this specific ransomware to targeted PCs. Trojan:Win32/Tobfy.A locks the desktop of the vulnerable computer and illustrates a certain image/pop-up notification. The image provides PC users with phony instructions and deceptive information about a fine that a victim is aksed to pay via Paysafecard, Ukash, Ultimate Game Card or Green Dot MoneyPak to regain access to the PC. The pop-up message speaks in the name of the legitimate institution in order to convince computer users to pay the fine for supposed violation of laws.
While being installed, Trojan:Win32/Tobfy.A makes system changes on the corrupted PC by adding a disguised random file name. Trojan:Win32/Tobfy.A creates the specific registry entry so that it can load automatically whenever you boot up Windows. Trojan:Win32/Tobfy.A kills several legitimate processes that involve msconfig.exe, cmd.exe, taskmgr.exe and regedit.exe if they are presently existing on the infected computer. Trojan:Win32/Tobfy.A also closes windows, which are entitled ‘Program Manager’. Trojan:Win32/Tobfy.A disables services, devices, and drivers when the PC is started in Safe Mode and Safe Mode with Networking by renaming the certain registry keys.
How Can You Detect Trojan:Win32/Tobfy.A?
Download SpyHunter’s Detection Scanner
to Detect Trojan:Win32/Tobfy.A.
Trojan:Win32/Tobfy.A Removal Details
Trojan:Win32/Tobfy.A creates the following registry entries:
- HKEY_LOCAL_MACHINE\CurrentControlSet\Control\SafeBoot\Minimal is renamed to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\mini
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network is renamed to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\net
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run = “(default)” = “”