Threat Database Trojans Trojan.Ransomlock.AI


By Domesticus in Trojans

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 3
First Seen: September 19, 2013
Last Seen: September 10, 2021
OS(es) Affected: Windows

Trojan.Ransomlock.AI is a Trojan that blocks the desktop and thecomputer and does not allow target PC users to use it. Trojan.Ransomlock.AI then presses the affected computer user to pay a so-called ransom to restore access to the PC. Once run, Trojan.Ransomlock.AI creates the malevolent file. Trojan.Ransomlock.AI then disables task switching and hides the taskbar. Then, Trojan.Ransomlock.AI creates the registry entry so that it can run automatically every tiem the computer users starts Windows. Trojan.Ransomlock.AI then creates the registry entry to disable Task Manager. Trojan.Ransomlock.AI then hides the desktop and covers the screen with a fraudulent blue screen asking the PC user to contact an indicated QQ number to buy a password. Then, Trojan.Ransomlock.AI asks the victim to press the F10 key in order to enter the password and unlock the PC. All other keys may be disabled until the F10 key is pressed.

File System Details

Trojan.Ransomlock.AI may create the following file(s):
# File Name Detections
1. %System%\WinLockDll.dll

Registry Details

Trojan.Ransomlock.AI may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableTaskMgr" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"blue" = "\"%CurrentFolder%\[ORIGINAL FILE NAME].exe\""


Most Viewed