Hey you,

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:

Remove Kabe Ix@hotmail.com Lockscreen Worm and Unlock Your PC

help-removal-sensorstechforumA new worm has been detected in the wild. The cyber-threat has been reported to replicate via infected USB drives from the computers it has affected through malicious URLs. It locks the screen of the user displaying a ransom message pointing out to contacting an email ending in ix@hotmail.com. All users who have become a victim of this nasty worm should not contact the attackers at any circumstances. Experts recommend using instructions like the ones below to methodologically get rid of this threat from your computer.

Name Kabe “ix@hotmail.com”
Type Lockscreen Worm/Ransomware
Short Description The cyber-threat locks the user PC’s screen displaying a ransom message with contact details. It demands around 4$ to unlock the computer.
Symptoms The user may be prevented from accessing his PC.
Distribution Method Via malicious URLs or attachments posted on sites or sent out via spam mails. The other method is self-replication via removable drives(USB, microSD, MMC, Phone memory) connected to the infected computer.
Detection Tool Download Malware Removal Tool, to See If Your System Has Been Affected by Kabe “ix@hotmail.com”
User Experience Join our forum to discuss Kabe “ix@hotmail.com”.

Kabe Lockscreen Worm – How Did I Get Infected

There are two primary means of distribution, this malware uses. One of them is via spam-emails featuring malicious URLs, or attachments, such as the one from the example below:


Such malicious URLs may redirect to exploit kits which might infect the user via a drive-by download or a malicious script.

The other method of replication is if a USB stick has been inserted into an infected computer. The worm immediately detects the removable drive, after which creates copies of its malicious modules in an obfuscated form in the drive itself:

→ The file kabe.exe
The file Autorun.inf, which contains the following settings:

This technique is very effective in saving the cyber-crooks a lot of resources to spread the worm via spam. Users should know how to protect themselves and never use flash drives to multiple devices if one of them is infected.

Kabe Lockscreen Worm In Detail

Malware researchers have reported that this worm is associated with the following files which it creates to several key Windows locations:

→ In %Temp%
In %Startup%
In %RemovableDrive%
In %SystemDrive%

The msfold.exe module is reported to be the one responsible to enable the automatic start-up of the malware every time you turn on your computer.

Upon startup, this malware restricts user access displaying the following messages:

→ A pop-up with the message:
“Your Desktop is locked now!”
A note with the message:
Email {identification}ix@hotmail.com
Send Email to our team and pay 4$ for unlock code
together with the textbox and button for unlock.”

Remove Kabe Lockscreen Worm Completely

You cannot eradicate this threat by using the conventional methods since the access to the computer is restricted. This is why we recommend using the step-by-step instructions bellow to assist you with removing Kabe Lockscreen and its malicious modules effectively. We also advise choosing an advanced anti-malware tool which will remove the threat in full.

1. Boot Your PC In Safe Mode to isolate and remove Kabe “ix@hotmail.com”
2. Remove Kabe “ix@hotmail.com” with SpyHunter Anti-Malware Tool
3. Uninstall your web browser to get it rid of Kabe “ix@hotmail.com” from it.
Optional: Using Alternative Anti-Malware Tools
NOTE! Substantial notification about the Kabe “ix@hotmail.com” threat: Manual removal of Kabe “ix@hotmail.com” requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.