Trojan.Bootlock
Trojan.Bootlock is a very harmful Trojan horse that will compromised the master boot record (MBR) of the target computer. Trojan.Bootlock will prevent the computer to restart. This Trojan will move the original MBR’s first sector to fifth sector and overwrites the first three sector with a custom MBR.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
This Trojan will infect the master boot record (MBR) of compromised system that encrypts the contents. It locks the PC and displays a note during system start-up:
Your PC is blocked.
All the hard drives were encrypted.
Browse (developer’s web site here) to get an access to your system and files.
Any attempt to restore the drives using other way will
lead to inevitable loss!!!
Please remember Your UD: (random name here),
With its help your sign-on password will be generated. Enter password:
Distribution
Trojan.Bootlock can enter the system through another Trojan infection. Basically associated Trojans are spread through file-sharing networks. In most occasions, author embeds the code onto legitimate executable files that are frequently downloaded from shared public server. Using a sophisticated technique, it often conceals itself from antivirus application. A Spam email message is another channel to distribute the Trojan to unspecified targets.
How to Remove Trojan.Bootlock
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. To be able to identify even the most recent variant of Trojan.Bootlock, open your antivirus application and update the virus definition file.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Scan with Norton Power Eraser:
Free tool from Symantec called Norton Power Eraser provides deep scanning technology to detect and remote threats like Trojan.Bootlock. NPE targets and eliminate threats that regular virus scan fails to identify. Download NPE here.
Important! Because of Norton Power Eraser’s aggressive method, it can select even legitimate files as suspicious. Please use this tool very carefully.