Tastatu Screen Locker
The Tastatu Screen Locker Trojan is a program that may invade computers through pirated games, fake computer support applications and corrupted Web browser updates. The Tastatu Screen Locker Trojan performs as one might expect — the program loads a persistent window on your screen and disables some user commands on the desktop. The malware is known to run as 'Tastatu.exe' on the infected hosts and produce a window titled 'Tastatu - Computer Has Been Locked!.' The window features a short message with a few system details and mentions as a proprietary software encryption technology called 'R12V0' developed by Isode Ltd. (https://www.isode.com). The full text presented by the Tastatu Screen Locker can be found below:
'This PC has been locked
Testatu has locked your computer for using leaked software!
This program has disabled task manager and antiviruses.
More info is listed below.
Leaked software: Testatu.exe
Lock Type: R12V0
Lock Type Meaning: Unbreakable Lock
IP Address
[your real IP address]
PC name: [user-assigned device name]
Release Code:
[text box]
[Enter Code|BUTTON] [Shutdown|BUTTON] [Restart|BUTTON] [Help|BUTTON]'
The Tastatu Screen Locker Trojan may seem like ransomware, but it has no encryption technologies and does not feature contact details. However, the 'Tastatu - Computer Has Been Locked!' window can be hard for removal unless you have a valid unlock code to enter on the field below 'Release Code.' Fortunately, computer security researchers discovered a master unlock code in the program. Compromised users may try to enter 'iiTwizled' (without quotation marks) on the Tastatu Screen Locker window and check if the following dialog box appears:
'This computer has been locked by Testatu,
It has been locked due to downloading pirated software
Or by running the lock screen software
- PS, This was made by iiTwizled c:'
The first version of the Tastatu Screen Locker is reported to terminate after you enter the release code 'iiTwizled' and allow PC users to clean their systems. The Tastatu Screen Locker might scare some users who are not familiar with screen locker Trojans since desktop commands might not seem to be registered by infected PC. You should remain calm and use another computer to check for a solution online and potentially seek help from a computer technician. Remember that you should not connect USB drives to the infected PC carelessly. The users are encouraged to run a complete system scan with an up-to-date cybersecurity instrument and remove the files associated with the Tastatu Screen Locker.
Detection names related to the Tastatu Screen Locker include:
Artemis!72A4AA8B5583
Gen:Variant.Razy.408505
MSIL/LockScreen.AAF!tr
Msil.Trojan.Locker.Aheq
TROJ_GEN.R039C0WA519
Trojan ( 00544dd81 )
Trojan.Locker!8.4BFD (CLOUD)
Trojan.Razy.D63BB9
Trojan.Win32.Razy.4!c
Trojan/Win32.MSIL.C2913902
W32/Trojan.PHDV-2625
malicious_confidence_90% (W)
malware (ai score=81)
