Aliases: Trojan/Win32.Jorik (AhnLab) Trojan/Win32/PornoAsset (AhnLab) Trojan:Win32/Yakes (AhnLab) Trojan.Win32.Jorik.Zbot (Kaspersky) Trojan.Win32.Yakes (Kaspersky) Trojan-Ransom.Win32.PornoAsset (Kaspersky) W32/Kryptik (Norman) W32/Ransom (Norman) TR/Tobfy.H.15 (Avira) TR/Yakes.blvl (Avira) Trojan.Winlock (Dr.Web) Win32/LockScreen.ANX (ESET) Win32.LockScreen.AKU (ESET) Trojan.Win32.Tobfy (Ikarus) Trojan.Win32.Yakes (Ikarus) Trojan-Ransom.Win32.PornoAsset (Ikarus) Mal/BcCheMan-A (Sophos) Mal/EncPk-AHQ (Sophos) Mal/Gataka-IJ (Sophos) Mal/Katusha-M (Sophos) Trojan.Ransomlock!g21 (Symantec) TROJ_RANSOM.SMJP (Trend Micro)
Some variants might also take webcam screenshots, play an audio message pretending to be from the FBI, closes or stops processes or programs, and prevents certain drivers from loading in safe mode - possibly to stop you from attempting to disable the trojan.
Variants of Trojan:Win32/Tobfy might make lasting changes to your PC that make it difficult for you to download, install, run, or update your antivirus software.
Some variants of Trojan:Win32/Tobfy might make lasting changes to your PC that make it difficult for you to download, install, run, or update your virus protection.
The following Microsoft software detects and removes this threat:
However, because this threat can lock your screen, you might not be able to download or run antivirus or antimalware software. If that happens, you will need to use Windows Defender Offline:
The following articles might help if you're having trouble getting the tool to work:
- Windows Defender Offline: frequently asked questions
- Microsoft's Free Security Tools - Windows Defender Offline
After you've used Windows Defender Offline, you should make sure your security software is up to date and run a full scan:
Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.
Tobfy also tries to steal your sensitive and confidential information. If you think your information has been stolen, see: