“Comuter Blocked!!” – this is what users who have opened the malicious “procleaner.exe” file see after infection with the latest screen locker virus which many refer to as Cuzimvirus. The malware aims to lock the screen of infected computers and hence cause panic in users and get them to pay a hefty ransom fee to unlock their blocked computers. In addition to the lockscreen the virus may also cause other damages to the encrypted computer, such as steal files, block the user from logging in with administrative privileges and other. Anyone who has had their screens locked by Cuzimvirus should be advised that this virus is removable and should not pay any form of ransom payoff to the cyber-criminals behind this malware. We advise reading this article if you are interested in removing Cuzimvirus completely and unlocking your computer.
SensnorsTechForum team is currently investigating this cyber-threat. We will update this article with more details about Cuzimvirus shortly.
|Short Description||The malware locks the screen of it’s victims until a ransom is paid.|
|Symptoms||The user may witness a red lockscreen with a message saying the computer is blocked.|
|Detection Tool||See If Your System Has Been Affected by Cuzimvirus.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
How Does Cuzimvirus Cause an Infection
Cizimvirus Ransomware – Infection Process
When the user clicks on such a fake URL or opens the malcious file, the infection scenarios on his/her computer are the following:
Malicious web link may cause a redirect and a drive-by-download of malicious files.
A file may remotely connect to a shady host and download the payload of Cizimvirus.
The virus may directly begin to modify the Windows Registry entries and lock the screen.
After the infection is complete, Cizimvirus gets down right to business. The virus immediately locks the screen of the user PC, denying all access to it’s functions and the data in it. After this has completeted, Cizimvirus changes the lock screen to a red and black Screen Saver-like image which says the following:
At the moment it is not entirely clear what type of modifications Cizimvirus may have performed but researchers like Karste Hahn @struppigel report it to drop a “procleaner.exe” file in one of the key folders on Windows:
- %User’s Profile%
After this it is believed the following registry keys to be affected:
Remove Cizimvirus and Unlock Your Computer
In order to get rid of Cizimvirus, it is strongly recommended to follow our removal instructions below. They will make sure you get past the lockscreen so that you can hunt for the malicious encrypted files either manually or automatically. In case you lack professional experience in removing malware by hand, we advise you to turn to an advanced anti-malware software which according to researchers will make a heuristic scan and should be able to remove all of the related files of Cizimvirus and unlock your computer automatically as well as protect your computer from other threats.