Ransom

Ransom:Win32/LockScreen.AR removal tips

Malware Removal

The Ransom:Win32/LockScreen.AR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom:Win32/LockScreen.AR virus can do?

  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Detects Bochs through the presence of a registry key
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom:Win32/LockScreen.AR?


File Info:

name: A2E9B1D247B609DE73D7.mlw
path: /opt/CAPEv2/storage/binaries/129b4166e14a72af18885bd125b51d414492e3d00d35738774a53462dd91c624
crc32: 973A0359
md5: a2e9b1d247b609de73d7f66d2fa8fa14
sha1: c0b1612975b3d08c23ad90f5f5cf4dcc6713a7f8
sha256: 129b4166e14a72af18885bd125b51d414492e3d00d35738774a53462dd91c624
sha512: b651380d9ea41a83faafd88683be27d4925b8034dd1dba457c368bce01ab8940e17748143ddb5cb48066b4c677ac398af2a5370b679a9008e6423671dae19e75
ssdeep: 1536:dGUbimSB2imgRnZYlQukFiW+63kXSYcP0CEVhQD:0UmmSB2imgRZtFibwYccKD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T146637D223691E572D06205702864EA725A2FF532773A48CBF78457EEEF603D19E3835B
sha3_384: 4fd99825b62432260622c773bba4190b1a7aea417899d3c177c79c0dea779ebb73f3c4d3578757e2216427ba4da5b4be
ep_bytes: e844230000e989feffff8bff558bec51
timestamp: 2011-02-01 15:56:45

Version Info:

0: [No Data]

Ransom:Win32/LockScreen.AR also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.HmBlocker.lkxD
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ransom.5
ClamAVWin.Trojan.Hmblocker-153
McAfeeArtemis!A2E9B1D247B6
CylanceUnsafe
VIPREGen:Variant.Ransom.5
AlibabaRansom:Win32/LockScreen.26c25b11
Cybereasonmalicious.247b60
VirITTrojan.Win32.Winlock.EKK
CyrenW32/Ransom.F.gen!Eldorado
SymantecTrojan.Ransomlock
ESET-NOD32a variant of Win32/LockScreen.ACV
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-Ransom.Win32.HmBlocker.nzsl
BitDefenderGen:Variant.Ransom.5
NANO-AntivirusTrojan.Win32.HmBlocker.cxyco
AvastWin32:LockScreen-DE [Trj]
TencentWin32.Trojan.Lockscreen.Ijgl
Ad-AwareGen:Variant.Ransom.5
EmsisoftGen:Variant.Ransom.5 (B)
ComodoTrojWare.Win32.Trojan.Ransom.~A@465pc3
F-SecureTrojan.TR/Winlock.I.5
DrWebTrojan.Winlock.2974
ZillyaTrojan.HmBlocker.Win32.1100
McAfee-GW-EditionBehavesLike.Win32.Generic.lh
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.a2e9b1d247b609de
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Ransom.5
JiangminTrojan/HmBlocker.tb
AviraTR/Winlock.I.5
MAXmalware (ai score=98)
Antiy-AVLTrojan[Ransom]/Win32.HmBlocker
ArcabitTrojan.Ransom.5
ZoneAlarmTrojan-Ransom.Win32.HmBlocker.nzsl
MicrosoftRansom:Win32/LockScreen.AR
GoogleDetected
AhnLab-V3Trojan/Win32.HmBlocker.R2657
VBA32SScope.Trojan.Winlock.14205
ALYacGen:Variant.Ransom.5
MalwarebytesMalware.AI.2184357837
RisingTrojan.Win32.Winlock.a (CLASSIC)
YandexTrojan.GenAsa!3UvwY92iVVE
IkarusTrojan-Ransom.HmBlocker
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/HmBlocker.BAO!tr
BitDefenderThetaGen:NN.ZexaF.34698.euW@aWgHiokk
AVGWin32:LockScreen-DE [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Ransom:Win32/LockScreen.AR?

Ransom:Win32/LockScreen.AR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment