We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
TrojanDropper:Win32/Frovserp.A
Aliases: Trojan-Ransom.Win32.Blocker.axwg (Kaspersky) TR/Ransom.Blocker.axwg (Avira) Trojan-Ransom.Win32.Blocker (Ikarus) Ransom-FASE!2ABB7296B05E (McAfee) TROJ_RANSOM.EJN (Trend Micro)
Summary
Windows Defender detects and removes this threat.
Trojan:Win32/Tobfy.S is a ransomware trojan that prevents you from accessing your desktop by covering it with a certain image.
The image contains fake instructions and misleading information about a ransom that you need to pay to regain control of your PC. The image illegally invokes legal authorities to try to convince you to pay the ransom.
There is no one-size-fits-all response if you have been victimized by ransomware. There is no guarantee that paying the ransom will give you access to your files.
If you've already paid, see our ransomware page for help on what to do now.
Run antivirus or antimalware software
The following free Microsoft software detects and removes this threat:
- Microsoft Security Essentials or, for Windows 8, Windows Defender
- Microsoft Safety Scanner
However, because this threat can lock your screen, you might not be able to download or run antivirus or antimalware software. If that happens, you will need to use the free tool Windows Defender Offline:
The following articles may help if you're having trouble getting the tool to work:
- Windows Defender Offline: frequently asked questions
- Microsoft's Free Security Tools - Windows Defender Offline
After you've used Windows Defender Offline, you should update your security software and run a full scan:
Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.
You can also visit the Microsoft virus and malware community for more help.
