Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove Cuzimvirus Lockscreen from Your Computer

cuzimvirus-lockscreen-computer-blocked-ransomware-sensorstechforum-com“Comuter Blocked!!” – this is what users who have opened the malicious “procleaner.exe” file see after infection with the latest screen locker virus which many refer to as Cuzimvirus. The malware aims to lock the screen of infected computers and hence cause panic in users and get them to pay a hefty ransom fee to unlock their blocked computers. In addition to the lockscreen the virus may also cause other damages to the encrypted computer, such as steal files, block the user from logging in with administrative privileges and other. Anyone who has had their screens locked by Cuzimvirus should be advised that this virus is removable and should not pay any form of ransom payoff to the cyber-criminals behind this malware. We advise reading this article if you are interested in removing Cuzimvirus completely and unlocking your computer.

SensnorsTechForum team is currently investigating this cyber-threat. We will update this article with more details about Cuzimvirus shortly.

Threat Summary

Name

Cuzimvirus

Type Lockscreen Ransomware
Short Description The malware locks the screen of it’s victims until a ransom is paid.
Symptoms The user may witness a red lockscreen with a message saying the computer is blocked.
Distribution Method Via an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Cuzimvirus.
Data Recovery Tool Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Does Cuzimvirus Cause an Infection

The Cuzimvirus’s files may be redistributed via several different methods. It’s payload is likely believed to be downloaded from a third-party malware that will cause the infection while remaining undetected. This third-party malware may be malicious JavaScript, an Exploit Kit or a Trojan.Dropper or downloader. Either way it may exist in an archive as an e-mail attachment or via malicious web links disguised as fake buttons or others, like the below-detected phishing PayPal web-page, by STF researchers earlier this week:

aaaaa

Cizimvirus Ransomware – Infection Process

When the user clicks on such a fake URL or opens the malcious file, the infection scenarios on his/her computer are the following:

Malicious web link may cause a redirect and a drive-by-download of malicious files.
A file may remotely connect to a shady host and download the payload of Cizimvirus.
The virus may directly begin to modify the Windows Registry entries and lock the screen.

After the infection is complete, Cizimvirus gets down right to business. The virus immediately locks the screen of the user PC, denying all access to it’s functions and the data in it. After this has completeted, Cizimvirus changes the lock screen to a red and black Screen Saver-like image which says the following:

“Computer Blocked!!
To unlock the Computer follow the 3 easy steps:
Send me a message to this email: [email protected] and i send you the code
when you written me i send you the code. then paste the code in the textbox and press “unlock”
then press okay and your computer is unlocked”

At the moment it is not entirely clear what type of modifications Cizimvirus may have performed but researchers like Karste Hahn @struppigel report it to drop a “procleaner.exe” file in one of the key folders on Windows:

  • %SystemDrive%
  • %AppData%
  • %ProgramFiles%
  • %User’s Profile%

After this it is believed the following registry keys to be affected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”SD” = “%SystemDrive%\[file with random characters]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\”SD” = “%SystemDrive%\[file with random characters]”
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\AuthRoot\Certificates = [file with random characters] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\”DisableTaskMgr”

Remove Cizimvirus and Unlock Your Computer

In order to get rid of Cizimvirus, it is strongly recommended to follow our removal instructions below. They will make sure you get past the lockscreen so that you can hunt for the malicious encrypted files either manually or automatically. In case you lack professional experience in removing malware by hand, we advise you to turn to an advanced anti-malware software which according to researchers will make a heuristic scan and should be able to remove all of the related files of Cizimvirus and unlock your computer automatically as well as protect your computer from other threats.

Manually delete Cuzimvirus from your computer

Note! Substantial notification about the Cuzimvirus threat: Manual removal of Cuzimvirus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Cuzimvirus files and objects
2.Find malicious files created by Cuzimvirus on your PC

Automatically remove Cuzimvirus by downloading an advanced anti-malware program

1. Remove Cuzimvirus with SpyHunter Anti-Malware Tool and back up your data
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.