changes the registry so that it always runs when Windows starts:
In subkey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Sets value: "Shell"
With data: "<malware file name>"
Locks you out of your PC
locks your PC and prevents you from using it until you enter a code. You can get a code by sending an SMS to a premium number, which woud cost more than the standard SMS rate.
When installed, Ransom:Win32/LockScreen.AO displays the following message:
Analysis by Jireh Sanico
The following could indicate that you have this threat on your PC:
- When you start your PC up, you see this instead of your usual start screen: