New Coronavirus screenlocker malware is extremely annoying

New Coronavirus screenlocker malware is extremely annoying

Coronavirus malware

A fake WiFi hacking program is being used to distribute a new Coronavirus-themed malware that tries to lock you out of Windows while making some very annoying sounds.

Screenlockers are malware programs that display a lock screen when logging into Windows so that you cannot access the Windows desktop or interact with your installed programs and files.

This new screenlocker is called ‘CoronaLocker’ and was discovered by security researcher Max Kersten last week after a friend became infected by a program named ‘wifihacker.exe’.

When installed, the malware will extract numerous VBS files and a batch file that, when used together, create an annoying screenlocker functionality.

Extracted files
Extracted files

One of the VBS files called ‘speakwh.vbs’ uses speech synthesis to say “corona virus” over and over to be annoying.

Speakwh.vbs file
Speakwh.vbs file

Once installed, the computer will reboot, and upon restart, users will be shown a lock screen stating “you are infected of corona virus” with a contact email of computertricks2018@gmail.com.

Legal notice shown after restart of the computer
Legal notice shown after the restart of the computer

When a user logs into Windows, they will be shown a lock screen with an email address of systemdestroyer0108@gmail.com. The good news is that you can type vb and press the OK button to get past this screen and launch your Windows desktop.

Screenlocker prompt

Unfortunately, the malware creates a variety of Registry settings that prevent the Task Manager and Run commands from working, the Desktop icons are hidden, Start Menu is disabled, and more.

To see what Registry entries have been modified, you can see Kersten’s blog post.

It is not known how this malware is being distributed, but I would not be surprised to find out it was through YouTube videos or on Discord.

For those who want to see this whole annoying mess in action, you can watch the video below.

Re-Blogged from : Source

Posted on