Trojan.Ransomlock.AF

Trojan.Ransomlock.AF is a Windows locker Trojan that changes your Windows account password and instructs you to contact the malware author to purchase the new password. With attacks that are targeted at Chinese victims, Trojan.Ransomlock.AF's means of locking Windows are somewhat unorthodox for ransomware, but SpywareRemove.com malware experts have noted several ways of circumventing its lockdown and restoring your PC for free. Once you've regained access to your computer, anti-malware software can be used to remove Trojan.Ransomlock.AF, which should be done ASAP since Trojan.Ransomlock.AF does include some self-updating functions.

Trojan.Ransomlock.AF and the Windows Login Switcharoo

Ransomware Trojans have been known to use various forms of both sophisticated and simple means of locking down the computers that they infect, and Trojan.Ransomlock.AF is exemplary of how an effective system lockdown doesn't need to be a complex attack. After being installed through instant messenger spam, Trojan.Ransomlock.AF changes the currently logged in Windows account's password. Current versions of Trojan.Ransomlock.AF Trojans are configured to change passwords to 'tan123456789,' although this is theoretically reconfigurable in future versions of Trojan.Ransomlock.AF. Trojan.Ransomlock.AF also changes the name of the affected Windows account to a brief message instructing the victim to contact the malware author and purchase the new password for a surprisingly low fee (equivalent to under three USD in Chinese Yuan).

Although Trojan.Ransomlock.AF's ransom is much lower than the hundred or two hundred dollar ones circulated in more typical types of Windows locker Trojans than itself, SpywareRemove.com malware researchers don't recommend paying this illegal fee – since the criminal in question has no real reason to give you the new password even after the payment. Recovering your Windows account can take several paths as follows (besides using the default new password mentioned earlier in this article):

• If you have access to a separate Windows administrator account, you simply can switch to the administrator account and change the affected Windows account's password as normal.
• If this fails or is inaccessible for some reason, the Windows super admin account feature also can be used to a similar effect. This feature usually is disabled by default but can be reactivated through the Command Prompt.
• Finally, you can use a Windows system repair disk that's loaded onto a peripheral device such as any USB drive.

Freeing Windows from a Lazy Trojan.Ransomlock.AF

While getting back into Windows is your first goal after suffering from a Trojan.Ransomlock.AF attack, removing Trojan.Ransomlock.AF from your PC should be a close second. Trojan.Ransomlock.AF has not been found to include any other major functions for compromising your PC, and its password changes are hard-coded (and, therefore, not reconfigurable 'on the fly'), but, despite these limitations, Trojan.Ransomlock.AF should be treated as a high-level threat by default. Reputable anti-malware tools so far have shown few problems in removing Trojan.Ransomlock.AF, but its recently-identified nature may prevent some out-of-date security programs from recognizing Trojan.Ransomlock.AF.

Instant messenger spam links and file attachments are the major infection vectors for Trojan.Ransomlock.AF and are known to frequent applications especially popular in China. However, PC users in other regions also may be affected by Trojan.Ransomlock.AF's attacks, and overall common sense precautions regarding potentially dangerous file sources should be kept in mind.