Ukash / Police Ransomware

spectre
Сообщения: 7921
Зарегистрирован: Вс май 03, 2009 10:43 pm

Ukash / Police Ransomware

Сообщение spectre » Чт апр 25, 2013 1:00 pm

Similar topics may have been covered previously but as this is prolific in my area I thought it would be helpful to start a new thread to warn people.
At this moment,the most common type of ransomware is the ‘Police Trojan’,will display a bogus notification, that pretends to be from your local law enforcement agency and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.
The Police virus will lock you out of your computer and applications, so whenever you’ll try to log on into your Windows operating system or Safe Mode with Networking, it will display instead a lock screen asking you to pay anywhere from 100 to 200 Euro/$ in the form of a MoneyPak,Ukash or PaySafeCard code.
Furthermore, to make this alert seem more authentic, this virus also has the ability to access your installed webcam so that the alert shows what is happening in the room.

Info taken from hxxp://malwaretips.com/blogs/remove-police-trojan, who also appear to have the most effective tips for removal. I would advise ignoring option 2 - System Restore.

Yesterday, none of the tips I found there or elsewhere would work. I had to remove the HDD & scan it through another machine. Problem was eventually resolved by MSE which detected Win32/Nymaim.
MBAM then found Hijack.shell.gen (winlogon/shell)
Currently I have no idea where people are getting this malware from.

Images vary by country, state & county!
I have been unable to get my own screenshots so here are a couple I found.

[url=http://i33.tinypic.com/2eb7ub7.jpg t=_self] [img]http://i33.tinypic.com/2eb7ub7.jpg[/img][/url]

[url=http://i36.tinypic.com/2z5uek8.jpg t=_self][img]http://i36.tinypic.com/2z5uek8.jpg[/img][/url]



Guest

RE: Ukash / Police Ransomware

Сообщение Guest » Пт апр 26, 2013 9:56 am

Hi Shazza =

We have been having the same problem over here , and unfortunately is being discussed via TV news , which is not always that helpful
In the cases I have seen , is mostly scareware but some searching will indicate that the problem can be more problematic
http://www.fbi.gov/news/stories/2012/august/new-internet-scam
http://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/fbi-moneypak-scam-removal/aa21d9c9-8362-432e-8c15-f17a6971b018?msgId=5d99c09d-75dd-42cd-bd02-b286b0e87abe
Thank you for this information , I think is very important


Guest

RE: Ukash / Police Ransomware

Сообщение Guest » Пт апр 26, 2013 10:31 am

http://support.kaspersky.com/us/viruses/solutions?qid=208286527


http://support.kaspersky.com/viruses/deblocker


http://support.kaspersky.com/us/viruses/rescuedisk


http://forum.kaspersky.com/index.php?showtopic=238192

Guest

RE: Ukash / Police Ransomware

Сообщение Guest » Пт апр 26, 2013 10:39 am

<quote user="leofelix">
http://support.kaspersky.com/us/viruses/solutions?qid=208286527


http://support.kaspersky.com/viruses/deblocker


http://support.kaspersky.com/us/viruses/rescuedisk


http://forum.kaspersky.com/index.php?showtopic=238192
[/quote]

Thank you for the information , bookmarked : - }

spectre
Сообщения: 7921
Зарегистрирован: Вс май 03, 2009 10:43 pm

RE: Ukash / Police Ransomware

Сообщение spectre » Пт апр 26, 2013 8:51 pm

Thanks Leofelix, booting with the [url=http://www.surfright.nl/en/kickstart t=_self] HitmanPro Kickstart disk [/url] is normally effective, but in the latest incident none of the options involving booting from USB would work.

Guest

RE: Ukash / Police Ransomware

Сообщение Guest » Сб апр 27, 2013 2:11 am

@ Shazza =

One question
Why not use the restore point ?
Or back up the engine ?
OK, there are two questions :-}
Thank you , in advance

c۞g
Сообщения: 21225
Зарегистрирован: Пн янв 05, 2009 4:02 am

RE: Ukash / Police Ransomware

Сообщение c۞g » Сб апр 27, 2013 3:55 am

Do you have domain(s) and/or URL(s) which installed this?

Colorado.Chris
Сообщения: 52
Зарегистрирован: Пт мар 16, 2012 10:23 pm

RE: Ukash / Police Ransomware

Сообщение Colorado.Chris » Сб апр 27, 2013 6:16 am

Google FixMeStick 2013

Jazspeak
Сообщения: 7295
Зарегистрирован: Пт окт 17, 2008 4:20 pm

RE: Ukash / Police Ransomware

Сообщение Jazspeak » Сб апр 27, 2013 4:41 pm

<quote user="superhero58">
"Why not use the restore point ?"
[/quote]

Because you cannot be certain that the restore point has not been compromised and infected. Better to be safe than sorry, and much better to keep a clean clone so that the infected drive(s) can be wiped and restored from the clone.

Guest

RE: Ukash / Police Ransomware

Сообщение Guest » Сб апр 27, 2013 5:32 pm

<quote user="jazspeak">
Because you cannot be certain that the restore point has not been compromised and infected. Better to be safe than sorry, and much better to keep a clean clone so that the infected drive(s) can be wiped and restored from the clone.
[/quote]
Thanks :-}

Ответить

Кто сейчас на конференции

Сейчас этот форум просматривают: нет зарегистрированных пользователей и 3 гостя