We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Virus:Win64/Expiro.AB
Aliases: Trojan.Win32.Buzus.lzqq (Kaspersky) W32/Cridex.R (Norman) TR/Buzus.lzqq (Avira) Gen:Variant.Graftor.41228 (BitDefender) Trojan.Winlock.6673 (Dr.Web) Win32/LockScreen.AKU trojan (ESET) TROJ_SPNR.0BI312 (Trend Micro)
Summary
Trojan:Win32/Tobfy.A is a ransomware that prevents you from accessing your desktop by covering the desktop with a certain image.
This threat changes registry data that will not be restored by detecting and removing this threat. To return registry data on an affected computer to its pre-infected state, run System Restore:
- For Windows 7
- For Windows Vista
- For Windows XP
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
- Microsoft Security Essentials or, for Windows 8, Windows Defender
- Microsoft Safety Scanner
In some cases, Trojan:Win32/Tobfy.A may make lasting changes to your computer that will NOT be restored by detecting and removing this threat. To regain access to your computer, you may have to reinstall Windows.