If you cannot access your computer because of a black screen with a text in red on top of it saying your files were encrypted, you might have encountered a screen locked called caforssztxqzf2nm.onion Locker. Even though it may claim that your files were encrypted, it does not mean it is true. Our specialists report that the variant they tested does not encrypt any data. However, it looks like the malicious application might modify Registry files and drop a few files on a system that may allow the threat to block a user’s screen even in Safe Mode. Since nothing else may work and Safe mode is often the number one solution in such cases, victims may have no choice but to reinstall their operating systems. Thus, removing caforssztxqzf2nm.onion Locker might be somewhat problematic and time-consuming. To learn more details about this threat, we invite you to read our full report.
It is though caforssztxqzf2nm.onion Locker might be spread through malicious email attachments. Such data could be delivered via Spam emails, so users who want to avoid such threats should be extremely careful with files sent by people they do not know. In truth, it is recommendable to be cautious even with emails that look trustworthy, as cybercriminals use forged email addresses and mimic messages delivered by well-known organizations and businesses all the time. Meaning one can never let his guard down if he does not want to be tricked into launching malicious applications like caforssztxqzf2nm.onion Locker.
During its installation, the malware ought to create files called payload.hta, clear.bat, and setup.bat in the computer’s C: disk. Next, the threat might head to a computer’s Registry Editor where the screen locker is supposed to modify a few value names located in the HKLM\System\Setup path. According to our specialists, the malicious application should modify value names called Setup Type, CmdLine, and Scancode Map. It appears that once the threat creates and modified the mentioned files, it might be to lock the user’s screen and keep it locked even in Safe Mode.
caforssztxqzf2nm.onion Locker blocks screen by showing a window in full-screen mode with a ransom note that belongs to Bad Rabbit Ransomware. The note claims the malware was able to encrypt all files on a system and that the only way to get them back is to contact the malicious application’s developers. However, according to our specialists, the link it provides does not work, and the ID number that is supposed to be unique remains the same no matter how many times our researchers relaunched the threat.
The good news is that caforssztxqzf2nm.onion Locker does not encrypt any files, so you do not have to worry about how to get them back. Unfortunately, the malicious application might make it impossible to unblock the screen, which makes it impossible to erase it manually, as shown in the instructions located below. In such a case, users who come across this threat might have to reinstall their operating systems.
Naturally, at first we advise restarting a computer in Safe Mode to see whether its screen is blocked or not. Depending on which, you could either try to erase caforssztxqzf2nm.onion Locker with the instructions located below or a reliable antimalware tool or you may have to reinstall your Windows.
Windows 8 and Windows 10
Windows XP/Windows Vista/Windows 7