Home / malware Win32/TechscamLock
First posted on 06 July 2016.
Source: MicrosoftAliases :
There are no other names known for Win32/TechscamLock.
Explanation :
This ransomware pretends to be a PC cleaner program, and can be bundled with other unwanted software.
The following screenshot shows the fake installation wizard it looks like:
If you click Next and allow the program to "install", it will bring up a screen that looks like an update notification.
It will then show a screen with a message claiming that the PC cleaner program is expired or corrupted and that you should call a specified toll-free phone number.
The ransomware installs itself to %ProgramFiles%\PC Cleaner\PC_Cleaner.exe.
If you call the number, you'll be asked to provide information about your PC and, likely, asked to pay a substantial fee to access your PC again.
However, you can press Ctrl
+ Shift
+ S
to unlock your PC. You can also enter the following keys, which may work to "validate" and unlock your PC:
- h7c9-7c67-jb
- g6r-qrp6-h2
- yt-mq-6w
Analysis by Marianne MallenLast update 06 July 2016
