According to the present scenario it would be not wrong to claim Ransomware one of the biggest problem for end users. Though numerous variants of both ransomware and crypto-ransomware has been reported in the past months each with their own “unique” routines but recently we have came across a newly ransomware family namely PE_VIRLOCK which along with locking the user’s computer screen also also infects the files. So, today here we are going to have a discussion on one of the member of the new family i.e., VirLock Ransomware. It is basically a ransomware Trojan which takes computers hostage and then after that demands payments from the computer screen via making utilization of BitCoin, a crypto-currency which is known for permitting anonymous online payments. This ransomware do have tendency to threaten computer users, claiming that the VirLock Ransomware has found pirated software on the compromised PC and along with this also gives threatening to report the victim to the authorities unless the fine is paid. But on contrary to whatever it pretends, in reality the claims do not have any basis at all. The fact is that this program do not have ability to check the user’s computer system for pirated software or to alert the authorities. However they are just engineered with the sole intention of locking down the compromised PC and prohibits the victims access to their files.


Researches proves that VirLock Ransomware cannot makes it’s propagation on it’s own, unlike several other vicious threats such as virus or worms. Most probably this ransomware invade inside the PC by making the usage of exploit kits contained on attack websites, via other threat infections that install this ransomware infection or social engineering. Furthermore last but not the least by using junk email attachments or disguising the VirLock Ransomware implementable files as something else and propagating it online via lies and deception.

Você é um dos utilizadores portugueses encontrando problemas causados pela XYZ que são incapazes de remover esta ameaça do PC, se sim, bem, então sugere-se a visitar o site aqui, já que contém instruções de remoção eficazes na sua língua – Remover Janelas PC Ameaças

Once installed, VirLock Ransomware first of all executes actions such as creating and modifying registry entires to prevent it’s detection and ensure it’s execution. After that it locks the screen of the compromised PC, deactivating explorer.exe and prohibiting the usage of taskmgr.exe. While doing this it also checks the location of the victim’s laptop or PC for displaying the appropriate image for the ransom message. Now as mentioned above, this infection along with encrypting the files also infects them. So, regarding this purpose it do have file-infecting routines i.e., on getting complete invasion inside the PC, PE_VIRLOCK check for specific below mentioned files types :

  • Executable files (*.exe)

  • Archive files (*.zip, *.rar)

  • Common Document files (*doc, *.xls, *.ppt, *.ppt, *.mdb)

  • Certificate files (*.p12, *.pem, *.p7b, *.crt)

  • Image files (*.png, *.jpeg, *.psd, *.bmp, *.bmp)

  • Audio/Video files (*.wma, *.mp3, *.mpg)

On finding it’s targeted files, it encrypts the host file and embed it in the virus body. Additionally, it also add a .RSRC section to the infected file. This section includes the resources utilized by the implementable which are not considered part of the executable like images, icons, strings and menus. Moreover it prohibits the compromised PC from loading the Windows Desktop, Task Manager, Explorer or several other utilities which do have capability of enabling computer users to access their files and applications. It also brings in numerous additional harmful threats inside the PC.

Therefore because of such disastrous consequences it would not be wrong to say that regarding an effective utilization of PC it is very important to remove VirLock Ransomware quickly from the PC right after detection.

Source – https://en.wikipedia.org/wiki/Ransomware