Trojan:Win32/Tobfy.A Description

Trojan:Win32/Tobfy.A is a Trojan that is a component of a Police Central e-crime Unit (PCEU) Ransomware. Trojan:Win32/Tobfy.A is used by cybercriminals to spread this specific ransomware to targeted PCs. Trojan:Win32/Tobfy.A locks the desktop of the vulnerable computer and illustrates a certain image/pop-up notification. The image provides PC users with phony instructions and deceptive information about a fine that a victim is aksed to pay via Paysafecard, Ukash, Ultimate Game Card or Green Dot MoneyPak to regain access to the PC. The pop-up message speaks in the name of the legitimate institution in order to convince computer users to pay the fine for supposed violation of laws.

While being installed, Trojan:Win32/Tobfy.A makes system changes on the corrupted PC by adding a disguised random file name. Trojan:Win32/Tobfy.A creates the specific registry entry so that it can load automatically whenever you boot up Windows. Trojan:Win32/Tobfy.A kills several legitimate processes that involve msconfig.exe, cmd.exe, taskmgr.exe and regedit.exe if they are presently existing on the infected computer. Trojan:Win32/Tobfy.A also closes windows, which are entitled ‘Program Manager’. Trojan:Win32/Tobfy.A disables services, devices, and drivers when the PC is started in Safe Mode and Safe Mode with Networking by renaming the certain registry keys.

Type: Trojans

How Can You Detect Trojan:Win32/Tobfy.A?

Trojan:Win32/Tobfy.A Removal Details

Trojan:Win32/Tobfy.A creates the following registry entries:

• HKEY_LOCAL_MACHINE\CurrentControlSet\Control\SafeBoot\Minimal is renamed to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\mini
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network is renamed to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\net
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run = “(default)” = “”

Important Article Disclaimer