About "Win32/LockScreen.AUC" infection

The Win32/LockScreen.AUC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/LockScreen.AUC virus can do?

Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Unconventionial language used in binary resources: Syriac
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Attempts to repeatedly call a single API many times in order to delay analysis time
Network activity detected but not expressed in API logs
Creates a copy of itself
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Win32/LockScreen.AUC?


File Info:
crc32: 43439B99
md5: 0358283a7429aaef3563907bc1acf527
name: 0358283A7429AAEF3563907BC1ACF527.mlw
sha1: e74ab096bfb8118c78f0086e8334a71284971f1d
sha256: 70a841ed4ffaa2f608515acdc92a4e5481865c27bee47e48b30b5926da53a4c4
sha512: 42b02ca90ce4e1f3d74d4ef0e45a93c2d2f819907d5497f677a3239a5d82583b421c9a0b878b76dbdc7aab1a782601ad26f18d08cbfb7c635dfb72db84e3efca
ssdeep: 1536:S/may5QFr9kgUlGma26+ULNKv+0kPPHVmntiQYYrV4dd/yQcJiHl4thnhcgwZfx:O9UlGFwvUVOlrV4dsQc0qt1wBS1rSd
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright xa9 1997-2011 Simon Tatham.
InternalName: PuTTY
FileVersion: Release 0.62
CompanyName: Simon Tatham
ProductName: PuTTY suite
ProductVersion: Release 0.62
FileDescription: SSH, Telnet and Rlogin client
OriginalFilename: PuTTY
Translation: 0x0809 0x04b0

Win32/LockScreen.AUC also known as:

Bkav	W32.BeimaK.Trojan
K7AntiVirus	Trojan ( 0040f8241 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Winlock.8811
Cynet	Malicious (score: 100)
ALYac	Trojan.GenericKDZ.22861
Cylance	Unsafe
Zillya	Trojan.PornoAsset.Win32.15552
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_80% (D)
Alibaba	Trojan:Win32/LockScreen.825a56bb
K7GW	Trojan ( 0040f8241 )
Cybereason	malicious.a7429a
Cyren	W32/S-f21b3f83!Eldorado
Symantec	Packed.Generic.457
ESET-NOD32	Win32/LockScreen.AUC
APEX	Malicious
Avast	Win32:Crypt-PNE [Trj]
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.GenericKDZ.22861
MicroWorld-eScan	Trojan.GenericKDZ.22861
Tencent	Win32.Trojan.Lockscreen.Dbc
Ad-Aware	Trojan.GenericKDZ.22861
Sophos	ML/PE-A + Mal/Wonton-AN
Comodo	Malware@#18smhgckfd3av
BitDefenderTheta	Gen:NN.ZexaF.34686.ju0@aaKdmygO
VIPRE	Trojan.Win32.Reveton.a (v)
TrendMicro	TROJ_SPNR.15GB13
McAfee-GW-Edition	BehavesLike.Win32.MultiPlug.ch
FireEye	Generic.mg.0358283a7429aaef
Emsisoft	Trojan.GenericKDZ.22861 (B)
SentinelOne	Static AI – Suspicious PE
Jiangmin	Trojan.Generic.dwgvp
Webroot	W32.Malware.Gen
Avira	HEUR/AGEN.1127899
eGambit	Generic.Malware
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Ransom:Win32/Loktrom.B
AegisLab	Trojan.Win32.Generic.4!c
GData	Trojan.GenericKDZ.22861
TACHYON	Trojan/W32.PornoAsset.158208.H
AhnLab-V3	Trojan/Win32.Foreign.C169121
Acronis	suspicious
McAfee	Artemis!0358283A7429
MAX	malware (ai score=100)
VBA32	BScope.Malware-Cryptor.Oop
Malwarebytes	Trojan.FakePutt
Panda	Trj/Dtcontx.F
TrendMicro-HouseCall	TROJ_SPNR.15GB13
Rising	Ransom.Loktrom!8.B04 (CLOUD)
Yandex	Trojan.GenAsa!INuwqfEcCps
Ikarus	Trojan-Ransom.Foreign
Fortinet	W32/Generic.AC.209C1A!tr
AVG	Win32:Crypt-PNE [Trj]

How to remove Win32/LockScreen.AUC?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About “Win32/LockScreen.AUC” infection