A new worm has been detected in the wild. The cyber-threat has been reported to replicate via infected USB drives from the computers it has affected through malicious URLs. It locks the screen of the user displaying a ransom message pointing out to contacting an email ending in email@example.com. All users who have become a victim of this nasty worm should not contact the attackers at any circumstances. Experts recommend using instructions like the ones below to methodologically get rid of this threat from your computer.
|Short Description||The cyber-threat locks the user PC’s screen displaying a ransom message with contact details. It demands around 4$ to unlock the computer.|
|Symptoms||The user may be prevented from accessing his PC.|
|Distribution Method||Via malicious URLs or attachments posted on sites or sent out via spam mails. The other method is self-replication via removable drives(USB, microSD, MMC, Phone memory) connected to the infected computer.|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by Kabe “firstname.lastname@example.org”|
|User Experience||Join our forum to discuss Kabe “email@example.com”.|
Kabe Lockscreen Worm – How Did I Get Infected
There are two primary means of distribution, this malware uses. One of them is via spam-emails featuring malicious URLs, or attachments, such as the one from the example below:
Such malicious URLs may redirect to exploit kits which might infect the user via a drive-by download or a malicious script.
The other method of replication is if a USB stick has been inserted into an infected computer. The worm immediately detects the removable drive, after which creates copies of its malicious modules in an obfuscated form in the drive itself:
→ The file kabe.exe
The file Autorun.inf, which contains the following settings:
This technique is very effective in saving the cyber-crooks a lot of resources to spread the worm via spam. Users should know how to protect themselves and never use flash drives to multiple devices if one of them is infected.
Kabe Lockscreen Worm In Detail
→ In %Temp%
The msfold.exe module is reported to be the one responsible to enable the automatic start-up of the malware every time you turn on your computer.
Upon startup, this malware restricts user access displaying the following messages:
→ A pop-up with the message:
“Your Desktop is locked now!”
A note with the message:
Send Email to our team and pay 4$ for unlock code
together with the textbox and button for unlock.”
Remove Kabe Lockscreen Worm Completely
You cannot eradicate this threat by using the conventional methods since the access to the computer is restricted. This is why we recommend using the step-by-step instructions bellow to assist you with removing Kabe Lockscreen and its malicious modules effectively. We also advise choosing an advanced anti-malware tool which will remove the threat in full.