ScreenLocker – what kind of computer infection it is, and what should you know about it?
ScreenLocker virus is a malicious software, which is better known as ransomware. It differs from the widely-known ransomware variants such as Locky or Cerber, because unlike these viruses, it doesn’t encrypt files, but locks your screen and prevents you from performing even the simplest tasks. ScreenLocker-type ransomware viruses are not that popular because more advanced computer users can get rid of them quite easily. Screen-locking attacks are much different. Once such virus breaks into the target system, it blocks the executable system files and thus prevents users from accessing essential settings and folders (for instance, Windows Registry or, in some cases, Task Manager). As a recent research has shown, users whose computers have been attacked by the ScreenLocker ransomware have to delete the value that is named as “RealtekSoftware”. Its default location is HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. However, there is one problem. ScreenLocker virus locks the screen and does not allow users to initiate any tasks, so there is no chance to reach aforementioned location without unlocking the screen. Although this ransomware does provide with the instructions what should be done in order to unlock the screen, surprisingly there is not a clue about any payments. The alert by ScreenLocker usually looks like this (either in English or in Spanish):
We have detected that the software running on your computer is not genuine, please complete an offer below to unlock the computer permanently and insert the key below that will be provided after completer supply.
To get the key, complete a survey by clicking HERE.
As you can see, this ransomware accuses computer users of storing illegal software, which is quite serious. Nevertheless, it doesn’t matter whether you have downloaded illegal programs or not, you should not trust ScreenLocker ransomware and never participate in any surveys that it requests you to because it may be an attempt to distribute other malware on your computer’s system. Locked screen is a serious warning that you PC’s system is infected by a malware, so the best solution is to take immediate actions and remove it ASAP. For that, our recommendation would be Reimage.
ScreenLocker virus prevents access to the computer system.
ScreenLocker as a type of ransomware
As you can see, this article describes a program that is recognized by the name “ScreenLocker.” However, this term can be used to describe a big group of ransomware viruses that lock the screen by displaying a full-screen window or preventing the victim from logging into Windows account. However, just like typical ransomware threat, it wants something from the user. The majority of ransomware viruses demand money, others ask to fill out surveys, and finally others are meant to convince the victim to call technical support scammers. Over time, we have seen these different types evolving, and we are sure that eventually we will encounter more ransomware types. For now, we would like to introduce some examples of screen-locking ransomware viruses.
Examples of screen-locking viruses
MagicMinecraft Screenlocker ransomware virus. This virus blocks access to the computer by displaying a lock screen that says “Every time you Enter a false Password a ransom Windows file gets Deleted!” What is interesting is that this ransomware doesn’t leave any ransom notes or instructions on how to recover access to the computer. It seems that the virus has been developed by a script kiddo or simply an amateur and low-level programmer who didn’t know how to configure program’s functions properly. Luckily, it is an advantage – malware researchers shortly cracked the virus and revealed the right password that removes the lock screen. The password is 62861094725560. Victims are advised to scan the system with anti-malware software to remove MagicMinecraft virus entirely, as well as check the system for other potentially unwanted or harmful programs and get rid of them.
VinCE tech support screen locker virus. At the end of 2016, we have encountered a whole new wave of ransomware viruses that appear to be associated with tech support scammers. VinCE locker, which is named after a folder it creates on the compromised system, is a fraudulent program that is built in MSIL, and its main executable is SBSCP.exe. Once run, this executable launches a blue screen that says: “Your PC ran into a problem and needs to restart. We are just collecting some error info, and then we’ll restart for you.” The virus is programmed to show a percentage completion value, which typically pauses at a random number between 25 and 50. The ScreenLocker also says that the user may call 1-888-523-2979 for more information about the issue identified as CRITICAL_PROCESS_DIED. The VinCE virus is also made to prevent the user from shutting the screen or computer down, but apparently, a simple trick can close this screen. To shut down the VinCE ScreenLocker, one simply needs to push down F6 key. Of course, the system must be scanned with anti-malware software afterward.
SurveyLocker ransomware virus. This virus is a ransomware that doesn’t actually ask to pay a ransom. It doesn’t encrypt files, but it blocks access to the computer and displays an annoying message that says Locked! Surprisingly, the virus wants the victim to answer some questions of a survey that it provides. However, victims are not obliged to answer no surveys, especially because it is extremely easy to get rid of the lockscreen. Victims simply need to enter hurr durr in the password box and hit Unlock PC.
Methods used to distribute ScreenLocker virus
There is a handful of ransomware that employ illegal methods of distribution and may infect computers without being noticed. ScreenLocker is one of them. Security experts state that it may be carried by various Trojans that can be executed right after clicking on the infected links or fake software updates. However, the most successful ransomware distribution method is still considered to be spam filled with infected attachments or malicious links. Usually, such email messages report about serious things that catch users attention, for instance, missing payments, warnings from various authorities, taxes, and so on. Therefore, if you want to stay safe and want to maintain immunity of your private data, NEVER trust questionable emails, avoid visiting illegal websites, downloading suspicious updates or checking your PC online. Otherwise, ScreenLocker virus or any other infection may slither onto your machine.
Uninstall ScreenLocker ransomware
Fortunately, ScreenLocker virus does not encrypt private data and does not require paying the money for unlocking the screen. However, since it may try to spread other malware or you may execute file stealing ransomware one day, our piece of advice would be to backup files regularly. Use alternative file storage, such as USB external hard drives, CDs, DVDs, or any of cloud storage (Google Drive, Dropbox, etc.). If you need more information on that read the following: Why do I need backup and what options do I have for that?
Speaking about ScreenLocker virus removal, it’s important to note that it is not advisable to try to remove it from the system manually. This way other more serious system issues may be caused leading to serious damage. Therefore, if you are a victim of this ransomware, you should rely on a reputable anti-malware, for example, Reimage, Malwarebytes or Plumbytes Anti-MalwareNorton Internet Security and let them remove ScreenLocker automatically.
To remove ScreenLocker virus, follow these steps:
Remove ScreenLocker using Safe Mode with Networking
Before you run your anti-malware software to delete the virus, reboot your PC using instructions presented here.
Step 1: Reboot your computer to Safe Mode with Networking
Windows 7 / Vista / XP
- Click Start → Shutdown → Restart → OK.
- When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list
Windows 10 / Windows 8
- Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
- Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
- Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window.
Step 2: Remove ScreenLocker
Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete ScreenLocker removal.
If your ransomware is blocking Safe Mode with Networking, try further method.