Ukash / Police Ransomware
Ukash / Police Ransomware
Similar topics may have been covered previously but as this is prolific in my area I thought it would be helpful to start a new thread to warn people.
At this moment,the most common type of ransomware is the ‘Police Trojan’,will display a bogus notification, that pretends to be from your local law enforcement agency and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.
The Police virus will lock you out of your computer and applications, so whenever you’ll try to log on into your Windows operating system or Safe Mode with Networking, it will display instead a lock screen asking you to pay anywhere from 100 to 200 Euro/$ in the form of a MoneyPak,Ukash or PaySafeCard code.
Furthermore, to make this alert seem more authentic, this virus also has the ability to access your installed webcam so that the alert shows what is happening in the room.
Info taken from hxxp://malwaretips.com/blogs/remove-police-trojan, who also appear to have the most effective tips for removal. I would advise ignoring option 2 - System Restore.
Yesterday, none of the tips I found there or elsewhere would work. I had to remove the HDD & scan it through another machine. Problem was eventually resolved by MSE which detected Win32/Nymaim.
MBAM then found Hijack.shell.gen (winlogon/shell)
Currently I have no idea where people are getting this malware from.
Images vary by country, state & county!
I have been unable to get my own screenshots so here are a couple I found.
[url=http://i33.tinypic.com/2eb7ub7.jpg t=_self] [img]http://i33.tinypic.com/2eb7ub7.jpg[/img][/url]
[url=http://i36.tinypic.com/2z5uek8.jpg t=_self][img]http://i36.tinypic.com/2z5uek8.jpg[/img][/url]
At this moment,the most common type of ransomware is the ‘Police Trojan’,will display a bogus notification, that pretends to be from your local law enforcement agency and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.
The Police virus will lock you out of your computer and applications, so whenever you’ll try to log on into your Windows operating system or Safe Mode with Networking, it will display instead a lock screen asking you to pay anywhere from 100 to 200 Euro/$ in the form of a MoneyPak,Ukash or PaySafeCard code.
Furthermore, to make this alert seem more authentic, this virus also has the ability to access your installed webcam so that the alert shows what is happening in the room.
Info taken from hxxp://malwaretips.com/blogs/remove-police-trojan, who also appear to have the most effective tips for removal. I would advise ignoring option 2 - System Restore.
Yesterday, none of the tips I found there or elsewhere would work. I had to remove the HDD & scan it through another machine. Problem was eventually resolved by MSE which detected Win32/Nymaim.
MBAM then found Hijack.shell.gen (winlogon/shell)
Currently I have no idea where people are getting this malware from.
Images vary by country, state & county!
I have been unable to get my own screenshots so here are a couple I found.
[url=http://i33.tinypic.com/2eb7ub7.jpg t=_self] [img]http://i33.tinypic.com/2eb7ub7.jpg[/img][/url]
[url=http://i36.tinypic.com/2z5uek8.jpg t=_self][img]http://i36.tinypic.com/2z5uek8.jpg[/img][/url]
RE: Ukash / Police Ransomware
Hi Shazza =
We have been having the same problem over here , and unfortunately is being discussed via TV news , which is not always that helpful
In the cases I have seen , is mostly scareware but some searching will indicate that the problem can be more problematic
http://www.fbi.gov/news/stories/2012/august/new-internet-scam
http://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/fbi-moneypak-scam-removal/aa21d9c9-8362-432e-8c15-f17a6971b018?msgId=5d99c09d-75dd-42cd-bd02-b286b0e87abe
Thank you for this information , I think is very important
We have been having the same problem over here , and unfortunately is being discussed via TV news , which is not always that helpful
In the cases I have seen , is mostly scareware but some searching will indicate that the problem can be more problematic
http://www.fbi.gov/news/stories/2012/august/new-internet-scam
http://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/fbi-moneypak-scam-removal/aa21d9c9-8362-432e-8c15-f17a6971b018?msgId=5d99c09d-75dd-42cd-bd02-b286b0e87abe
Thank you for this information , I think is very important
RE: Ukash / Police Ransomware
http://support.kaspersky.com/us/viruses/solutions?qid=208286527
http://support.kaspersky.com/viruses/deblocker
http://support.kaspersky.com/us/viruses/rescuedisk
http://forum.kaspersky.com/index.php?showtopic=238192
http://support.kaspersky.com/viruses/deblocker
http://support.kaspersky.com/us/viruses/rescuedisk
http://forum.kaspersky.com/index.php?showtopic=238192
RE: Ukash / Police Ransomware
<quote user="leofelix">
http://support.kaspersky.com/us/viruses/solutions?qid=208286527
http://support.kaspersky.com/viruses/deblocker
http://support.kaspersky.com/us/viruses/rescuedisk
http://forum.kaspersky.com/index.php?showtopic=238192
[/quote]
Thank you for the information , bookmarked : - }
http://support.kaspersky.com/us/viruses/solutions?qid=208286527
http://support.kaspersky.com/viruses/deblocker
http://support.kaspersky.com/us/viruses/rescuedisk
http://forum.kaspersky.com/index.php?showtopic=238192
[/quote]
Thank you for the information , bookmarked : - }
RE: Ukash / Police Ransomware
Thanks Leofelix, booting with the [url=http://www.surfright.nl/en/kickstart t=_self] HitmanPro Kickstart disk [/url] is normally effective, but in the latest incident none of the options involving booting from USB would work.
RE: Ukash / Police Ransomware
@ Shazza =
One question
Why not use the restore point ?
Or back up the engine ?
OK, there are two questions :-}
Thank you , in advance
One question
Why not use the restore point ?
Or back up the engine ?
OK, there are two questions :-}
Thank you , in advance
RE: Ukash / Police Ransomware
Do you have domain(s) and/or URL(s) which installed this?
-
- Posts: 52
- Joined: Fri Mar 16, 2012 10:23 pm
RE: Ukash / Police Ransomware
Google FixMeStick 2013
RE: Ukash / Police Ransomware
<quote user="superhero58">
"Why not use the restore point ?"
[/quote]
Because you cannot be certain that the restore point has not been compromised and infected. Better to be safe than sorry, and much better to keep a clean clone so that the infected drive(s) can be wiped and restored from the clone.
"Why not use the restore point ?"
[/quote]
Because you cannot be certain that the restore point has not been compromised and infected. Better to be safe than sorry, and much better to keep a clean clone so that the infected drive(s) can be wiped and restored from the clone.
RE: Ukash / Police Ransomware
<quote user="jazspeak">
Because you cannot be certain that the restore point has not been compromised and infected. Better to be safe than sorry, and much better to keep a clean clone so that the infected drive(s) can be wiped and restored from the clone.
[/quote]
Thanks :-}
Because you cannot be certain that the restore point has not been compromised and infected. Better to be safe than sorry, and much better to keep a clean clone so that the infected drive(s) can be wiped and restored from the clone.
[/quote]
Thanks :-}
Who is online
Users browsing this forum: No registered users and 4 guests