Trojan.Winlock.7372
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 90 % (High) |
Infected Computers: | 10 |
First Seen: | November 29, 2012 |
Last Seen: | January 28, 2023 |
OS(es) Affected: | Windows |
The Trojan.Winlock.7372 Trojan is a Winlocker and ransomware that targets computers located in the United States. Malware analysts have emitted a security alert concerning this dangerous Winlocker. Trojan.Winlock.7372 is a variant of ransomware that were widespread in the Russian Federation only a short time ago. This ransomware differs from other common police ransomware Trojans in that its files containing malicious ransom messages and images are not contained in the infection or downloaded onto the targeted computer. Rather, the Trojan.Winlock.7372 Trojan connects to a remote server and displays a web page from this server as its ransom message, allowing criminals to tweak this message quickly and effectively. Trojan.Winlock.7372 targets computers located outside of the Russian Federation and specifically attacks computers with an IP located in the United States of America.
Ransomware has been around in some form or another since 2005, mostly restricted to the Russian Federation and Eastern Europe. In 2011, ransomware similar to Trojan.Winlock.7372 started infecting computers in Western Europe. In 2012, the first variants targeting computers in the United States of America and Canada started to appear. Trojan.Winlock.7372 is one of these variants. However, its structure is different from other kinds of ransomware. This is because by connecting to a malicious server Trojan.Winlock.7372 downloads its data from the Internet and uses a regular web page as its block message.
When Trojan.Winlock.7372 is installed, Trojan.Winlock.7372 makes changes to the Windows Registry that allows Trojan.Winlock.7372 to start up automatically and stop all other programs and file processes. The Trojan.Winlock.7372 Trojan can stop most Windows services and common applications, effectively blocking access to the infected computer. Trojan.Winlock.7372 is also designed to disable the infected computer's firewall. Finally, Trojan.Winlock.7372 displays a full screen window containing its ransom note, a website with a fake message from the police. This message demands the payment of a two hundred dollar ransom via MoneyPak, an online payment service for computer users in North America. It is important to note that paying this ransom will do nothing to remove Trojan.Winlock.7372 from your computer. Instead, Trojan.Winlock.7372 should be annihilated using a strong, fully-updated anti-malware application.
File System Details
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\picture[1].php | |
2. | %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\getunlock[1].php |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.