Trojan.Grymegat.B

Trojan.Grymegat.B is a sinister Windows infection better know by the name Win32:LockScreen-LY. Is this infection running on your operating system? If it is locked with an intimidating alert supposedly sent to you by the national law enforcement authorities – there is a great chance that this Trojan has been dropped onto the PC. Alongside the infamous Trojan:AutoIt/LockScreen.A, Trojan:AutoIt/LockScreen.C and Trojan.Urausy.A, this knavish infection has been created to propagate ransomware programs and trick gullible Windows users into paying completely fictitious fines. Unfortunately, many of them do not link the illegal computer lock-down with the activity of a malicious Trojan. Please continue reading to learn removal methods which will help you delete Trojan.Grymegat.B from your PC.

Few of the malignant Trojan files include A1A6.exe (%APPDATA%), find_me.tmp (%SystemDrive%) and system.exe (%APPDATA%). These files can hijack virtual memory, reconfigure Windows Registry, disable Windows File Protection System and add malicious processes to autostart programs. What is more, the malicious system.exe can record your keystrokes, mouse-clicks and screen content, which could be used to perform identity theft or even financial security threatening scams. Overall, the most obvious goal of the infection is to lock down your computer and present you with highly misleading information. Here are a few excerpts:

Your computer has been locked!
To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $200. […]
You have been violating Copyright and related Rights Law (Video, Music, Software) and illegally using or distributing content, thus infrning […] the Copyright of the Criminal Code of the United States of America.

Once the malicious Trojan disables the LUA, i.e. administrative privileges, it provides you with bogus information and orders you to pay fines. Note that the sum and the currency of the fine are set accordingly to where you live. Needless to say, you should ignore the fine payment demands, especially since this is unlikely to unlock the computer. Instead, you should trust automatic malware removal tools to delete Trojan.Grymegat.B. Follow the removal instructions below to get rid of all running malware.

How to remove Trojan.Grymegat.B?

Windows 8:

1. Tap the Windows key to access the Metro UI start screen.
2. Move the cursor to the bottom right corner, wait for a menu to appear and click on Settings.
3. Select Change PC Settings and then click General.
4. Navigate to Advanced Startup and click on Start now.
5. Select Troubleshoot and then go to Advanced Options.
6. Go to Startup Settings and select the Restart button.
7. In the Startup Settings page tap F5 for Safe Mode with Networking.
8. Open a browser, type http://www.pcthreat.com/download-sph into the address box and tap Enter.
9. Install the automatic malware removal tool SpyHunter.
10. Once all infections are deleted, restart the computer.

Windows Vista and Windows 7:

1. Restart the PC, wait for BIOS to load and start tapping the F8 key.
2. Using arrow keys select Safe Mode with Networking. Tap Enter.
3. Download an automatic Trojan.Grymegat.B removal tool from http://www.pcthreat.com/download-sph .
4. Install the application, perform a full system scan and delete found infections.

Windows XP:

1. Repeat steps 1-2 from the removal instructions displayed for Windows Vista/7 users.
2. Click YES when a “Desktop” notification shows up.
3. Download the automatic malware removal tool.
4. Open the Start menu and launch RUN.
5. Type in “msconfig” and click OK to open the System Configuration Utility.
6. Click on the Startup tab, select Disable All and click OK.
7. Restart the computer (normally).
8. Install the application to delete the Trojan and other potentially running malware.