user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:Win32/Lockscreen!MSR
Trojan:Win32/Lockscreen!MSR - Windows Defender threat signature analysis

Trojan:Win32/Lockscreen!MSR - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:Win32/Lockscreen!MSR
Classification:
Type:Trojan
Platform:Win32
Family:Lockscreen
Detection Type:Concrete
Known malware family with identified signatures
Suffix:!MSR
High-priority threat flagged by Microsoft Security Response
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 32-bit Windows platform, family Lockscreen

Summary:

Trojan:Win32/Lockscreen!MSR is a highly malicious screen-locking Trojan that prevents user access to the infected computer, often demanding payment. It actively disables security software and Task Manager to hinder removal, employs various evasion and persistence techniques, and may attempt to modify the Master Boot Record (MBR) making the system unbootable.

Severity:
Critical
VDM Static Detection:
Relevant strings associated with this threat:
 - SmartAssembly.Attributes (PEHSTR_EXT)
 - Tastatu has locked your comptuer for using leaked software! (PEHSTR_EXT)
 - This porgram has disabled task manager and antiviruses. (PEHSTR_EXT)
 - \Tastatu\obj\Debug\Tastatu.pdb (PEHSTR_EXT)
 - C:\MBR.bin (PEHSTR_EXT)
 - C:\Users\Public\monkeiii.dll (PEHSTR_EXT)
 - /c TASKKILL /F /FI "Imagename ne (PEHSTR_EXT)
 - AntiWinLockerTray.exe (PEHSTR_EXT)
 - Jenit_s_Screen_Locker (PEHSTR)
 - !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT)
 - rundll32 (PEHSTR_EXT)
 - !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT)
 - !#HSTR:ExecutionGuardrails (PEHSTR_EXT)
 - !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForNetshHelperDLL.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteServices.A!pli (PEHSTR_EXT)
Remediation Steps:
Immediately isolate the infected machine. Boot into Safe Mode with Networking or a Windows Recovery Environment to perform an offline scan with updated antivirus software. If the MBR is compromised, use `bootrec /fixmbr` or similar tools for recovery. Identify and remove any created persistence mechanisms (scheduled tasks, startup entries). Due to its evasive nature and potential MBR corruption, a full system reimage is highly recommended.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 29/01/2026. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$