Ransom

About “Ransom:Win32/LockScreen.BO” infection

Malware Removal

The Ransom:Win32/LockScreen.BO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Ransom:Win32/LockScreen.BO virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (9 unique times)
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Sniffs keystrokes
  • Installs an hook procedure to monitor for mouse events
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Contacts C&C server HTTP check-in (Banking Trojan)
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings
  • Creates a copy of itself

Related domains:

www.huggibuggi.com
ocsp.pki.goog
img1.wsimg.com
ocsp.starfieldtech.com
www.public-trust.com

How to determine Ransom:Win32/LockScreen.BO?


File Info:

crc32: 717E1093
md5: 03cb907f4beab39e215d3d1f1d5d0f2b
name: 03CB907F4BEAB39E215D3D1F1D5D0F2B.mlw
sha1: 952cc0d296bcddd8c90cd309edb22c590c6952c8
sha256: bd0494cea42d36438bf98d0af0d116ae0e28bfe5c781872d542af363ee952c4a
sha512: 3ed8a00aeb389d2c212f2d6fb0f4c2601f13efead92d3c5bc8a041b3a6ea4245987dc7fab08147bedfc321b3eb7983aa72b3da9d29c73fba216b1137516456aa
ssdeep: 12288:sdY8xEbj5Rl4Ze54jTpBgkd7i1vbo02Yl0PFOp:u1Ebj5Rf8pBgb00FlkO
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

LegalCopyright: Ideal xa9 Knew Alone 2000-2007
InternalName: Hula Heaven
FileVersion: 5.5
CompanyName: Pinnacle Systems
Comments: Spur Nuts Chirp Self Greek
ProductName: Lion Has Foes
ProductVersion: 5.5
FileDescription: Rink
OriginalFilename: Gyro.exe
Translation: 0x0409 0x04b0

Ransom:Win32/LockScreen.BO also known as:

BkavW32.AIDetect.malware1
K7AntiVirusRiskware ( 0015e4f01 )
Elasticmalicious (high confidence)
DrWebTrojan.Winlock.5335
ALYacTrojan.Winlock.Y
CylanceUnsafe
ZillyaTrojan.Jorik.Win32.47323
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaTrojan:Win32/LockScreen.bcc74189
K7GWRiskware ( 0015e4f01 )
Cybereasonmalicious.f4beab
CyrenW32/SuspPack.EC.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/LockScreen.AJB
APEXMalicious
AvastFileRepMetagen [Malware]
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Winlock.Y
NANO-AntivirusTrojan.Win32.Jorik.kqsbb
MicroWorld-eScanTrojan.Winlock.Y
TencentWin32.Trojan.Lockscreen.Fsd
Ad-AwareTrojan.Winlock.Y
SophosML/PE-A + Mal/Ransom-L
ComodoMalware@#21tijg0rlsn1x
BitDefenderThetaGen:NN.ZexaF.34686.FmKfaK9dIkpi
VIPREVirtool.Win32.Obfuscator.vc
TrendMicroTROJ_JORIK.CIM
McAfee-GW-EditionGeneric Dropper.ach
FireEyeGeneric.mg.03cb907f4beab39e
EmsisoftTrojan.Winlock.Y (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan/Jorik.ajxq
WebrootW32.Malware.Gen
AviraTR/Crypt.ULPM.Gen
eGambitGeneric.Trojan
KingsoftWin32.Troj.Jorik.u.(kcloud)
MicrosoftRansom:Win32/LockScreen.BO
SUPERAntiSpywareTrojan.Agent/Gen-Figler
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataTrojan.Winlock.Y
AhnLab-V3Trojan/Win32.Gimemo.R20468
Acronissuspicious
McAfeeArtemis!03CB907F4BEA
MAXmalware (ai score=100)
VBA32Trojan.Albot
PandaGeneric Malware
TrendMicro-HouseCallTROJ_JORIK.CIM
RisingRansom.LockScreen!8.83D (CLOUD)
YandexTrojan.GenAsa!fiaSSXXrDd0
IkarusTrojan.Win32.Ransom
MaxSecureTrojan.Malware.3566951.susgen
FortinetW32/Jorik_Albot.U!tr
AVGFileRepMetagen [Malware]
Paloaltogeneric.ml

How to remove Ransom:Win32/LockScreen.BO?

Ransom:Win32/LockScreen.BO removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment