Trojan.Ransomlock.D is a Trojan horse that will lock the desktop and keyboard on infected computer leaving only the numeric keys functioning. This threat will then request for the purchase of activation key to restore access on the computer. This detection is not centered on one threat alone. There are certain bogus programs that similarly lock the PC, which can be detected also as Trojan.Ransomlock.D.
Commonly, Trojan.Ransomlock.D is deployed through Trojans and viruses. It gains an access into the computer by looking for security exploits. This is the reason why software makers are issuing updates every now and then. Outdated versions of programs are more appealing to be the target of Trojan.Ransomlock.D.
Once Trojan.Ransomlock.D is executed on the computer, it will carry out some changes on the system. These changes are aimed at killing your installed anti-virus program to prevent removal of the malware. Next, the threat also adds files and registry entries that will cause computer lockdown. The process is also liable on showing fake warning alert on your desktop. The message is full of bogus findings about threats on the computer. It may give some pointers why computer has been locked, but you should not believe it. As mentioned Trojan.Ransomlock.D wanted to steal money from you via the unlock code.
Never pay anything for this malware to restore your access to the infected computer. Instead, follow the procedures on this page to remove Trojan.Ransomlock.D. After removing the virus, your desktop will be free from the fake warning.
What are the Symptoms of Trojan.Ransomlock.D Infection?
Programs identified as Trojan.Ransomlock.D usually blocks user’s access to infected computer. It will show a desktop messages claiming that malicious activities were detected on the PC and it needs to be locked. It then request user to pay for the unlock code. See sample image above.
It will modify Windows Registry:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\System\”DisableTaskMgr” = “1″
The threat will drop the following malicious file:
How to Remove Trojan.Ransomlock.D Manually
1. Restart your computer using the Windows Recovery Console
- Insert the Windows XP CD-ROM into the CD-ROM drive.
- Restart the computer from the CD-ROM drive.
- Press R to start the Recovery Console when the “Welcome to Setup” screen appears.
- Select the installation that you want to access from the Recovery Console.
- Enter the administrator password and press Enter.
- Type C:, Press Enter
- Type cd Windows, Press Enter
- Type del activate.exe, Press Enter
- Type cd.., Press Enter
- Type cd Documents and Settings, Press Enter
- Type cd [USER NAME], Press Enter
- Type cd Start Menu, Press Enter
- Type cd Programs, Press Enter
- Type cd Startup, Press Enter
- Type del Quick Office.lnk, Press Enter
- Type exit, Press Enter.
2. Restore Registry entry that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entry/entries mentioned above and delete if necessary and change value to “0″
3. Delete malicious file that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the file/files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.