Published May 21, 2012 | Updated Sep 15, 2017

Virus:Win32/Expiro.gen!AS

Severe |Detected with Windows Defender Antivirus

Aliases: Trojan/Win32.Jorik (AhnLab) Trojan/Win32/PornoAsset (AhnLab) Trojan:Win32/Yakes (AhnLab) Trojan.Win32.Jorik.Zbot (Kaspersky) Trojan.Win32.Yakes (Kaspersky) Trojan-Ransom.Win32.PornoAsset (Kaspersky) W32/Kryptik (Norman) W32/Ransom (Norman) TR/Tobfy.H.15 (Avira) TR/Yakes.blvl (Avira) Trojan.Winlock (Dr.Web) Win32/LockScreen.ANX (ESET) Win32.LockScreen.AKU (ESET) Trojan.Win32.Tobfy (Ikarus) Trojan.Win32.Yakes (Ikarus) Trojan-Ransom.Win32.PornoAsset (Ikarus) Mal/BcCheMan-A (Sophos) Mal/EncPk-AHQ (Sophos) Mal/Gataka-IJ (Sophos) Mal/Katusha-M (Sophos) Trojan.Ransomlock!g21 (Symantec) TROJ_RANSOM.SMJP (Trend Micro)

Summary

Windows Defender Antivirus detects and removes this threat. 
 
This family of ransomware trojans targets people from certain countries. It locks your PC and displays a localized webpage that covers your desktop. This webpage demands the payment of a fine for the supposed possession of illicit material.

Some variants might also take webcam screenshots, play an audio message pretending to be from the FBI, closes or stops processes or programs, and prevents certain drivers from loading in safe mode - possibly to stop you from attempting to disable the trojan.

Variants of Trojan:Win32/Tobfy might make lasting changes to your PC that make it difficult for you to download, install, run, or update your antivirus software.

Some variants of Trojan:Win32/Tobfy might make lasting changes to your PC that make it difficult for you to download, install, run, or update your virus protection.

The following Microsoft software detects and removes this threat:

However, because this threat can lock your screen, you might not be able to download or run antivirus or antimalware software. If that happens, you will need to use Windows Defender Offline:

The following articles might help if you're having trouble getting the tool to work:

After you've used Windows Defender Offline, you should make sure your security software is up to date and run a full scan:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

Tobfy also tries to steal your sensitive and confidential information. If you think your information has been stolen, see: