Ukash / Police Ransomware

spectre
Posts: 7921
Joined: Sun May 03, 2009 10:43 pm

Ukash / Police Ransomware

Post by spectre » Thu Apr 25, 2013 1:00 pm

Similar topics may have been covered previously but as this is prolific in my area I thought it would be helpful to start a new thread to warn people.
At this moment,the most common type of ransomware is the ‘Police Trojan’,will display a bogus notification, that pretends to be from your local law enforcement agency and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.
The Police virus will lock you out of your computer and applications, so whenever you’ll try to log on into your Windows operating system or Safe Mode with Networking, it will display instead a lock screen asking you to pay anywhere from 100 to 200 Euro/$ in the form of a MoneyPak,Ukash or PaySafeCard code.
Furthermore, to make this alert seem more authentic, this virus also has the ability to access your installed webcam so that the alert shows what is happening in the room.

Info taken from hxxp://malwaretips.com/blogs/remove-police-trojan, who also appear to have the most effective tips for removal. I would advise ignoring option 2 - System Restore.

Yesterday, none of the tips I found there or elsewhere would work. I had to remove the HDD & scan it through another machine. Problem was eventually resolved by MSE which detected Win32/Nymaim.
MBAM then found Hijack.shell.gen (winlogon/shell)
Currently I have no idea where people are getting this malware from.

Images vary by country, state & county!
I have been unable to get my own screenshots so here are a couple I found.

[url=http://i33.tinypic.com/2eb7ub7.jpg t=_self] [img]http://i33.tinypic.com/2eb7ub7.jpg[/img][/url]

[url=http://i36.tinypic.com/2z5uek8.jpg t=_self][img]http://i36.tinypic.com/2z5uek8.jpg[/img][/url]



Guest

RE: Ukash / Police Ransomware

Post by Guest » Fri Apr 26, 2013 9:56 am

Hi Shazza =

We have been having the same problem over here , and unfortunately is being discussed via TV news , which is not always that helpful
In the cases I have seen , is mostly scareware but some searching will indicate that the problem can be more problematic
http://www.fbi.gov/news/stories/2012/august/new-internet-scam
http://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/fbi-moneypak-scam-removal/aa21d9c9-8362-432e-8c15-f17a6971b018?msgId=5d99c09d-75dd-42cd-bd02-b286b0e87abe
Thank you for this information , I think is very important


Guest

RE: Ukash / Police Ransomware

Post by Guest » Fri Apr 26, 2013 10:31 am

http://support.kaspersky.com/us/viruses/solutions?qid=208286527


http://support.kaspersky.com/viruses/deblocker


http://support.kaspersky.com/us/viruses/rescuedisk


http://forum.kaspersky.com/index.php?showtopic=238192

Guest

RE: Ukash / Police Ransomware

Post by Guest » Fri Apr 26, 2013 10:39 am

<quote user="leofelix">
http://support.kaspersky.com/us/viruses/solutions?qid=208286527


http://support.kaspersky.com/viruses/deblocker


http://support.kaspersky.com/us/viruses/rescuedisk


http://forum.kaspersky.com/index.php?showtopic=238192
[/quote]

Thank you for the information , bookmarked : - }

spectre
Posts: 7921
Joined: Sun May 03, 2009 10:43 pm

RE: Ukash / Police Ransomware

Post by spectre » Fri Apr 26, 2013 8:51 pm

Thanks Leofelix, booting with the [url=http://www.surfright.nl/en/kickstart t=_self] HitmanPro Kickstart disk [/url] is normally effective, but in the latest incident none of the options involving booting from USB would work.

Guest

RE: Ukash / Police Ransomware

Post by Guest » Sat Apr 27, 2013 2:11 am

@ Shazza =

One question
Why not use the restore point ?
Or back up the engine ?
OK, there are two questions :-}
Thank you , in advance

c۞g
Posts: 21225
Joined: Mon Jan 05, 2009 4:02 am

RE: Ukash / Police Ransomware

Post by c۞g » Sat Apr 27, 2013 3:55 am

Do you have domain(s) and/or URL(s) which installed this?

Colorado.Chris
Posts: 52
Joined: Fri Mar 16, 2012 10:23 pm

RE: Ukash / Police Ransomware

Post by Colorado.Chris » Sat Apr 27, 2013 6:16 am

Google FixMeStick 2013

Jazspeak
Posts: 7295
Joined: Fri Oct 17, 2008 4:20 pm

RE: Ukash / Police Ransomware

Post by Jazspeak » Sat Apr 27, 2013 4:41 pm

<quote user="superhero58">
"Why not use the restore point ?"
[/quote]

Because you cannot be certain that the restore point has not been compromised and infected. Better to be safe than sorry, and much better to keep a clean clone so that the infected drive(s) can be wiped and restored from the clone.

Guest

RE: Ukash / Police Ransomware

Post by Guest » Sat Apr 27, 2013 5:32 pm

<quote user="jazspeak">
Because you cannot be certain that the restore point has not been compromised and infected. Better to be safe than sorry, and much better to keep a clean clone so that the infected drive(s) can be wiped and restored from the clone.
[/quote]
Thanks :-}

Post Reply

Who is online

Users browsing this forum: Bing [Bot], dakinurineha, Majestic-12 [Bot] and 3 guests