Ransom

What is “Ransom:Win32/LockScreen.BW”?

Malware Removal

The Ransom:Win32/LockScreen.BW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/LockScreen.BW virus can do?

  • Creates RWX memory
  • Unconventionial language used in binary resources: Russian
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Ransom:Win32/LockScreen.BW?



File Info:

crc32: 7B3BF07F
md5: f450ba07c14dec5684ab707d9cceabff
name: F450BA07C14DEC5684AB707D9CCEABFF.mlw
sha1: 58215fb5b3962d6e6ecd4c8810c7d3dabc8763b9
sha256: 00db9a16aa44cd9d6b59d35a18ee4cf60d9479d5ea9bf3a41fac1d56d91f47a0
sha512: 5dfd87f26dcb7bf7014b9c84ac5096b0ca2394a3822b9172d8cb5af9718fee71c82c62bb988163f72c85cc80b4a3c472e58199019f042834b55c0186eee0a90f
ssdeep: 12288:oglwAooZiBZ6Batrp7S5RcllhN3Q9FAi5KnAEDA:ztookgBa1pgRwxAoAW
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Ransom:Win32/LockScreen.BW also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.ShellStartup.MGW@aakhADpc
FireEyeGeneric.mg.f450ba07c14dec56
CAT-QuickHealTrojan.Agent.9921
ALYacGen:Trojan.ShellStartup.MGW@aakhADpc
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.ShellStartup.MGW@aakhADpc
K7AntiVirusTrojan ( 7000000f1 )
BitDefenderGen:Trojan.ShellStartup.MGW@aakhADpc
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.7c14de
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Trojan-gen
KasperskyTrojan-Ransom.Win32.Blocker.jgjj
AlibabaRansom:Win32/LockScreen.a0679fb4
NANO-AntivirusTrojan.Win32.Agent.ctebvj
RisingRansom.LockScreen!8.83D (CLOUD)
Ad-AwareGen:Trojan.ShellStartup.MGW@aakhADpc
EmsisoftGen:Trojan.ShellStartup.MGW@aakhADpc (B)
ComodoMalware@#n0fv3n2ctr2t
F-SecureHeuristic.HEUR/AGEN.1105526
DrWebTrojan.KillProc.25280
ZillyaTrojan.Agent.Win32.407168
TrendMicroRansom_LockScreen.R03FC0DJA20
McAfee-GW-EditionGenericR-AZE!F450BA07C14D
MaxSecureTrojan.Malware.74161120.susgen
SophosMal/Generic-S
IkarusTrojan-Dropper.Win32.Dinwod
JiangminTrojan/Agent.igtc
AviraHEUR/AGEN.1105526
MAXmalware (ai score=86)
Antiy-AVLTrojan/Win32.Agent
MicrosoftRansom:Win32/LockScreen.BW
ArcabitTrojan.ShellStartup.EE2C5F
SUPERAntiSpywareTrojan.Agent/Gen-LockScreen
ZoneAlarmTrojan-Ransom.Win32.Blocker.jgjj
GDataGen:Trojan.ShellStartup.MGW@aakhADpc
CynetMalicious (score: 85)
McAfeeGenericR-AZE!F450BA07C14D
VBA32Trojan-Ransom.Winlock.gen
MalwarebytesGeneric.Malware/Suspicious
PandaGeneric Malware
ESET-NOD32Win32/LockScreen.AXF
TrendMicro-HouseCallRansom_LockScreen.R03FC0DJA20
TencentWin32.Trojan.Blocker.Ebpw
YandexTrojan.GenAsa!yjZ2ZThkx6w
FortinetW32/Agent.XTMB!tr
BitDefenderThetaAI:Packer.6D576F7F20
AVGWin32:Trojan-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_90% (W)
Qihoo-360Win32/Ransom.Blocker.HwUBgHsA

How to remove Ransom:Win32/LockScreen.BW?

Ransom:Win32/LockScreen.BW removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment