Threat Encyclopedia

Home > Threat Center > Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

O
P
Q
R
S
T
U
V
W
X
Y
Z
Glossary

Short description

MSIL/LockScreen.A is a trojan that blocks access to the Windows operating system. To regain access to the operating system the user is asked to send an SMS message to a specified telephone number in exchange for a password. When the correct password is entered the trojan is deactivated.

Installation

Trojan is probably a part of other malware.

The trojan does not create any copies of itself.

The trojan may create copies of the following files (source, destination):

c:\windows\down\driver.exe, c:\windows\graphic\driver.exe

The following files are deleted:

c:\windows\down\driver.exe

In order to be executed on every system start, the trojan sets the following Registry entry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run]
"graphic" = "c:\windows\graphic\driver.exe"

Other information

The trojan displays the following dialog box:

When the correct password is entered the trojan is deactivated.

The password to regain access to the operating system is one of the following:

kWPi

Some examples follow.
(1.)

(2.)

The trojan creates the following files:

c:\windows\graphic\startdvr.dll
c:\windows\graphic\starttim.dll

Trojan requires the Microsoft .NET Framework to run.

All Products:

Cart About ESET Partners United States and Canada

© 2012 ESET North America. All rights reserved. Trademarks used herein are trademarks or registered trademarks of ESET spol. s r.o. or ESET North America.
All other names and brands are registered trademarks of their respective companies.