What is Ransoc Screenlocker?
Ransoc Screenlocker is a newly created malicious program that shows a fake penalty notice from the law enforcement institutions. Apparently, the malware looks through all of your data on the computer to find evidence of illegal activities and proposes for you to pay the fine instead of settling the case in court. If you have encountered this threat, we would advise you not to waste any money since they will go not to the legal enforcement agency but the cyber criminals behind this scam. A better idea would be to read more about Ransoc Screenlocker and learn how to avoid similar malware in the future. Afterward, you could follow the instructions available below the article and get rid of the malicious application.
Where does Ransoc Screenlocker come from?
Our researchers at Anti-spyware-101.com say that Ransoc Screenlocker might be distributed with the help of exploit kits. Such software can run on web servers, find vulnerabilities in your system and use them to drop the malicious program. Exploit kits could be placed on legitimate web pages if the malware’s creators can hack such a site. However, in this case, users are more likely to encounter it while visiting malicious and unreliable websites. Under these circumstances, it is advisable to stay away from harmful sites and install a reliable antimalware tool to secure the computer.
How does Ransoc Screenlocker work?
For starters, Ransoc Screenlocker could place an executable file with a random name in the %Temp% folder. Also, it should create Registry entries in the following directories: HKCU\Software\Microsoft\Windows\CurrentVersion\Run, HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder, and HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg. The added Registry keys in these locations allow the malicious application to launch itself with the operating system. It means you can restart the computer over and over again, but the threat will still appear.
Later, the malware should scan your system in order to locate illegal content, e.g. torrent files, data related to child pornography, and other files showing illegal activities. Additionally, the threat could also check the user’s social media profiles, instant messaging applications, and so on. In case you have anything that might incriminate you, the malicious program should display the penalty notice. It lists data considered as evidence of your illegal activities and offers to settle the case out of court by paying a fine. It is most likely that the requested sum could be different for each victim.
What’s more, the malware should lock users screen and display the penalty note on a browser window. To prevent you from unlocking the screen or closing the browser, Ransoc Screenlocker could also block your Task Manager, Registry Editor, and possibly a few other programs. Naturally, if you want to take over your computer’s control again, you should eliminate the malicious application immediately.
How to erase Ransoc Screenlocker?
Users can get rid of the malware manually if they restart the computer in Safe Mode. By doing so, you could locate Ransoc Screenlocker’s created malicious data and remove it manually. To make it easier for you, we placed deletion instructions at the end of this text, although if the task still looks too complicated, we would advise you to use a legitimate antimalware tool instead. Firstly, install it on the infected computer, then run a full system scan and wait for it to detect the malware. Lastly, click the removal button, and the antimalware tool will erase all identified threats.
Restart the system in Safe Mode with Networking
Windows 8/Windows 10
- Click the Power button after pressing Windows Key+I.
- Press and hold the Shift key then select Restart.
- Pick Troubleshoot from the Advanced Options menu.
- Select Startup Settings, press Restart, then click the F5 key and restart the system.
Windows XP/Windows Vista/Windows 7
- Navigate to Start and click the Shutdown options.
- Select Restart, then press and hold the F8 key as soon as the computer begins restarting.
- Choose from Safe Mode or Safe Mode with Networking in the Advanced Boot Options window.
- Press Enter and log on.
Remove Ransoc Screenlocker
- Press Windows Key+R, insert Regedit and select OK.
- Look for the particular path: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- Find a value name called JavaErrorHandler, right-click it and choose Delete.
- Go to HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
- Search for a key with a similar title: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JavaErrorHandler.lnk
- Right-click the key and select Delete.
- Locate this directory: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
- Find a key titled as JavaErrorHandler, right-click it and choose Delete.
- Close the Registry Editor and open File Explorer (Windows Key+E).
- Insert this directory %temp% and click Enter.
- Find a malicious .exe file with a random title, e.g. zruhf7m2i5hmmig5s7evwlljeifibqeg.exe, right-click such file and select Delete.
- Close the Explorer and empty your Recycle bin.
tested removal of Ransoc Screenlocker*100% FREE spyware scan and