Air locker how to remove on android 6. Fighting Android Locker or the tale of how Winlockers master mobile platforms. How to uninstall the Super Locker app

If, after installing any program, advertisements for the Super Locker application began to appear regularly on the screen of your smartphone, or you have already installed this application and you can't uninstall it, or it somehow installed itself and you don't know how to get rid of Super Locker - then this material is written just for you. In this article, I will explain what Super Locker is, what its functionality is, and how to remove Super Locker from your smartphone.

This Super Locker application is positioned by the developers as a stylish and fashionable tool for locking the screen and speeding up the phone charge. On the lock screen, the user can view the weather forecast, battery level, news, there is a quick access to the camera and other important functions of your device.

As for the "acceleration of the charge", the developers promise to speed up the charging of your smartphone by 20% after installing and running this program. We are not informed by what software tools the hardware change of the phone and battery for accelerated charging is carried out. Or maybe the developers know some magic spell to change the power of your charger? The question is rhetorical. Therefore, I uninstalled Super Locker some time after installing it on my smartphone.

App complaints

On the other hand, the network is literally full of complaints and invectives about the Super Locker application. Not only that, most often it is installed independently, and advertising on the main screen interferes with normal operation phone, so the application often initiates the download and installation of various suspicious programs, the functionality of which users have no idea. Needless to say, such a software product looks more like a malicious adware than useful tool with convenient functionality.

How to uninstall the Super Locker app

For complete removal Super Locker application is not enough to go to the phone settings, go to applications, find Super Locker and remove it from the phone. Very often this process occurs with inexplicable malfunctions, therefore, experts recommend uninstalling this application through the safe mode (safe mode) of your phone.

Well, it’s unnecessary to say that you don’t need to follow the advertising links that Super Locker offers. You will not find anything good there except for the next problems.

Do you know why I like IT? For the fearfulness of users. You can write supermega polymorphic virus and be proud of how he secretly harms all infrastructures, consoling his own vanity that it is difficult to find and neutralize him. Or you can write a generally simple utility program, which can be called a virus with a stretch (although it will be considered malware) and cut money on the fear of users. Moreover, a special mind is not needed here when writing.

I remember 2010, when the Runet was hit by an epidemic of vinlolockers. It was funny to see how users with eyes bulging from fear fled to pay for the fact that their computer was supposedly “unlocked”. It’s hard to count how many variations I saw then of these lockers.

But time passed and winlockers simply sank into oblivion due to the vigilance of antivirus companies. However, instead of computers, users began to actively use smartphones and tablet PCs. And, of course, that for smartphones and tablets under the control of a green robot could not help but appear Androidlocker.

The principle of operation of such ransomware for Android is the same as for Windows. Unfortunately, the user of his device almost never reads that a program requires elevated privileges on your system. For which he pays with infection. These are not iPhones, in which a similar theme will not work. Android is still very, very vulnerable.

Besides, distinguishing feature of these lockers lies in the fact that users infect their devices with them by downloading files from unknown resources. In addition, often they simply do not have an antivirus program on their phone.

But, if you still managed to grab Android Locker on your smartphone or tablet, then you don’t need to rush to reflash your iron friend or even wipe him. Fortunately, this infection is fairly easy to treat.

So, in order to remove Android Locker, you will have to be patient and try everything that is written in this article.

Step 1. Android Lockers are usually placed into startup and run on a timer every few milliseconds. If you try to remember which application is still encrypted for malware, you will probably try to delete it. However, the delete item will be greyed out because the app uses Device administrators. Let's try to enter Settings -> General-> Security-> Device Administrators and try to uncheck this application. If you are lucky, the program will only scare you by wiping everything from your device if you try to remove it from Administrators. Send it boldly to / dev / null (that is, nowhere) and uncheck it.

Step 2. Android Locker may not give up right away. Okay, let's try to remove it with an antivirus. It’s easier for you to download it, for example, from me or somewhere else in a verified place, somehow put it on the device and install it with verification. And again try to expel the infection. Not sure if it will work the first time. But if you try to knock out the malware many times, it can and will capitulate.

Step 3. The antivirus was unable to remove the application and now it sent you to / dev/ null . Well, let's just boot into safe mode and try to repeat the above steps. Usually, on Android devices, safe mode starts when you hold down the power and volume keys, often down. All this must be done either when rebooting or when turning on the device. Specifically for your model, you need to search on the Internet. Booting into safe mode, you will find that Android Locker does not start here anymore. And you can try to remove it.

However, there are infections that encrypt your data and require a password to decrypt it. In this case, it still takes place to run the system with an antivirus program and look for a special section on the websites of antivirus companies.

Attention, action! Not so long ago, I became an official partner of anti-virus companies, and as part of the campaign, I can offer licensed anti-virus products to the first ten buyers at special low prices! So, for example, ESET NOD32 Mobile Security for Android for 2 years will cost you only 300 rubles! Dr.Web Mobile Security 9.1 for one year costs 200 rubles. Hurry, the offer is limited!

CTB Locker is very well thought out and dangerous virus. I will not write about it - there is a lot of information about this virus on the Internet.

Over the past 3 months, some of our customers have caught this beast, despite warnings, updated corporate antiviruses and other protection solutions. For some, a separate working machine suffered, for others, a terminal server. But backup tools saved everyone.

The latest infection of one of the clients resulted in the loss of a large amount of data, as well as some backups. The responsibility for this lay with the client - funding for the expansion of the backup server could not be allocated for half a year. But that's not the point. We were given the task of paying the creators of the virus (and then the funding was suddenly found).

I am not advocating community users to pay hackers (I am against this), but perhaps this little manual will help someone.

Next, I will describe step by step how I paid bad people to decrypt client data.

1. So, we got. The user's computer has become infected (we are still figuring out how it got infected; there is antispam, there is an antivirus, user rights have been curtailed). Over the network, the virus encrypted the file server, the disk of which was connected to the user as a network one. The virus encrypted those folders on the server that had write permissions given user. The local drives on the user's computer were also encrypted.

2. When the virus finished encryption, it gave the user a banner. We were asked to decrypt the data for 3.5 bitcoins, which is approximately $805. We were given 90 hours to make a decision.

3. Instructions on how to proceed were found on the local drive in the Documents folder.

We were asked to go to the Tor network and enter the public key from this text file on the site of the attackers. Alas, I did not take a screenshot of the site, the site opens very rarely and I did not see anything new there. The site duplicated information from the banner on the user's desktop: information about the amount of the ransom, links to the site where you can buy bitcoins, wallet number where to transfer, etc., as well as an offer to decrypt two files up to 1 megabyte each as proof of the possibility of decryption .

4. Before starting all work, the infected user's computer and the file server were isolated in a separate network with a separate Internet connection. Checked availability of a network drive. All OK. Begin.

5. Search for bitcoins. I have never bought bitcoin before. Sites offered by attackers for buying bitcoins did not suit us. We need to buy crypto-currency with a Ukrainian bank payment card (created virtual card). I went looking for ways to buy crypto-currency. A Ukrainian site for buying and selling bitcoins was found on the Internet.

A) register on the site (during registration, indicate your mobile number - transaction confirmations will be sent to it), deposit UAH to the account.

B) We buy bitcoins for hryvnias.

C) We transfer bitcoins to the wallet specified by the attackers. Pay attention to the commission of the bitcoin network.

We confirm the transaction via SMS from the phone number specified during registration on the site. The transaction took about 10-15 minutes.

6. Waiting. So, we have fulfilled all the conditions of the attackers. What to do next? Site in Tor networks still not available. As it turned out, we were not deceived. The banner on the user's computer has changed from demanding money to information and the fact that our information is now being decrypted. Everything happened automatically.

7. Deciphering lasted about 2 hours. We check the file server - everything is in place, everything was perfectly decrypted. The banner prompts us to do a Rescan in case we forgot to connect before starting the decryption. network drive or insert a USB Flash/HDD that was also previously encrypted. Or click Close and it will delete itself from the computer.

8. Back up the file server (again, funding was quickly found to expand the backup space).

9. We connect the file server back to the network for users. We format the user's computer, install Windows, etc.

10. We are thinking about changing the antivirus.

I hope this post has helped someone. Or, at least, reminded of the importance of backup and fresh antivirus databases.

New mobile threat, DoubleLocker malware. The malware, like many other malware, exploits the legitimate functionality of the Accessibility service and is reactivated every time the Home button is pressed.

DoubleLocker is based on the code of the famous banker Svpeng. However, for now, it has disabled functions designed specifically for collecting user banking data. Instead, DoubleLocker is equipped with two tools for extortion at once: it can change the PIN code of the device to an arbitrary one, and it also encrypts the data it finds. According to ESET specialists, this combination of functions in the Android ecosystem is observed for the first time.

Distributed by DoubleLocker in the "classic" way: mainly under the guise of Adobe Flash Player through compromised sites. After running the malware on the user's device, the application offers to activate the Accessibility service. Having received the necessary permissions to work, DoubleLocker gains administrator rights and sets itself as the default launcher.

“Self-installation as the default launcher improves the persistence of malware on the device,” comments Lukas Stefanko, ESET virus analyst who discovered DoubleLocker. “Every time the user presses the home button, the ransomware is activated and locks the screen of the tablet or smartphone again.”

Once executed on the device, DoubleLocker uses two strong arguments to convince the user to pay the ransom.

First, it changes the PIN of the tablet or smartphone, which prevents the device from being used. A random value is set as a new PIN, the code is not stored on the device and is not sent anywhere outside, so neither the user nor the security specialist will be able to recover it.

Secondly, DoubleLocker is one of the few mobile malware that actually encrypts all files in the device's main storage. To do this, the malware uses the AES encryption algorithm and adds the .cryeye extension to the files. Unfortunately, it is not yet possible to decrypt the affected data.

The ransom amount is 0.0130 bitcoins (about 4,000 rubles), and the message of the attackers emphasizes that payment must be made within 24 hours. If the ransom is not transferred, the data will remain encrypted.

To get rid of DoubleLocker, ESET experts recommend taking the following measures:

  • Unrooted device, which does not have a management solution installed mobile device, capable of resetting the PIN code: the only way to get rid of the lock screen is a factory reset.
  • Rooted device: The user can connect to the device via ADB and delete the file that stores the PIN. To do this, you need to enable device debugging (Settings - Developer options - USB Debugging). The lock screen will be removed and the user will regain access to the device. Then, working in safe mode, the user will be able to deactivate device administrator rights for the malware and remove it. In some cases, a reboot of the device is required.

However, all this, unfortunately, will not help decrypt the affected data, as mentioned above.

An updated version of the "onion" ransomware Trojan, which many readers may have heard of under the name CTB-Locker or Citroni, is circulating on the Internet.

Whatever you call it, CTB-Locker is ransomware, general principle its work is similar to . After encrypting data on the user's PC, such as documents and photos, the malware demands a ransom for decrypting the data.

The abbreviation CTB in the name of the malware stands for Curve Tor Bitcoin. The first word indicates that the ransomware uses a non-standard encryption algorithm (Elliptic Curve Diffie-Hellman). Second, the malware's command and control servers are hidden in an anonymous . Finally, the third: the cybervillains demand a ransom from their victims in.

CTB-Locker is a very serious threat and one of the most sophisticated encryption blockers in existence.

“Hiding the command and control servers in the anonymous Tor network makes it harder to track down cybercriminals, and non-standard schemes cryptography makes it impossible to decrypt a file, even if the traffic between the Trojan and the command and control server is intercepted,” says Fedor Sinitsyn, Senior Analyst at Kaspersky Lab. “All of this makes CTB-Locker a very serious threat and one of the most sophisticated ransomware blockers in existence.”

A new version The Trojan, listed in the Kaspersky Lab's anti-virus database under the name Trojan-Ransom.Win32.Onion, has received several interesting new features.

  • "First 5 files for free": As a demonstration, the Trojan allows you to decrypt five files without paying a ransom.
  • The ransomware is localized in three new languages: German, Italian and Dutch.
  • CTB-Locker has become more difficult to study, as the malware has acquired new properties that make it difficult for specialists to work with it.
  • In addition to connecting directly via Tor, the trojan can now communicate with command and control servers via one of six web services that redirect requests from open internet in Tor.

The best (and basically free) way to deal with ransomware is to backup all valuable files at least once a week, and regularly check whether the backups. will also help protect your files. In addition, you should make sure that all updates have been installed.

If your computer is already infected, then without the key, the only copy of which is kept by the criminals, it is impossible to recover the files encrypted by the Trojan. Of course, you can pay the ransom, but there is no guarantee that the ransomware will kindly send back the key to decrypt the files. Cyber ​​extortion has already become a serious, mass business, and with the advent of the Internet of Things, the situation is likely to only get worse.

On this moment 361 infection attempts were registered in Kaspersky Security Network, mainly in Russia and Ukraine. The System Watcher feature in Kaspersky Lab solutions includes special protection against the Trojan described in this article and other similar malware. As soon as a suspicious program gains access to the user's files, Activity Monitor immediately creates a protected local copy of the file. Therefore, you should not disable this component. And just in case, before you get infected, make sure it's turned on - right now.