Get rid of Police-blocked computer or other type of ransomware
Your computer has been blocked by a police due to serious crimes you did and the only way to unblock it is to pay a ransom? Even a complete moron should understand that real police (or any other legal, law-oriented forces) has nothing to do with it. Here, you’ll find, why and most important — how to get rid of this problem, without loosing your data (in most cases).
Is this real police?
First of all, keep in mind that you (most likely) has done nothing wrong and your computer is not blocked by a real police. If you don’t believe me, search the web for many sources and proofs of that. In general, for this type of crimes mentioned in the “police report” (i.e. child pornography), real police is paying you a visit at 6 am, blowing your doors out, instead of remotely blocking your computer.
Second of all, in most cases you will not loose your data. Your computer is only blocked, buy don’t trust in any “ransom counters” or other threats, that tells you bad things, gonna happen to you, if you don’t pay requested ransom. These are all mostly lies. There are some small cases reported, where this kind of viruses were crypting disks and ransom was promised to be exchanged for decrypting code. But these are really rare and in fact turns out to be a complete data loss, as even after paying ransom, there was no contact back or no decrypt code sent.
So, once again, this is NOT a real police, this is weelsof
trojan or any other virus or ransomware software (called like that for forcing you to pay a ransom).
Take it away!
If you want get rid of this kind of virus or software, in generally, don’t trust and don’t use softwares like OTL
, Combofix
or Marwarebyte
. They require very professional IT knowledge and may do a lot more problems than help. Don’t trust and don’t use sites like 2-spyware.com
, trojan-killer.net
, ukash-virus.com
and others (easily recognizeable by poor English language used). In most cases they either won’t help or they’ll remove weelsof
trojan and… install you few more in its place.
In any case, ever, never pay anything to anyone, buy any code and in general do nothing, what ransomware authors are trying to force you. You’ll loose your money and won’t get anything in exchange (most cases) or you’ll receive unlock code and your e-mail will be placed on some called naive idiots lists (rare cases). After month or two or so you may surprisingly find your computer locked by the police again…
There are general two methods, you may consider:
1. Boot your system into Safe Mode with Command Prompt
(the regular Safe Mode
most likely won’t work; virus will restart computer after booting) and run SysInternals Autoruns from Microsoft, the only and ultimate tool that lets you find any program that starts up along with your system and get rid of this. You’ll find details in this CERT Poland article (available in English).
2. Download Kaspersky Rescue Disk 10 ISO image, using not infected computer and burn it into CD or DVD, boot a computer from it and let this software do the rest. Details here or here or in other sources.
There is (was) a third method of generating fake Ukash code, as virus is only checking first digits and total length of given Ukash code, to “fulfill” ransom request and get your computer unlocked. But it was effective only in case of certain weelsof
trojan versions or ransomware types (other request PaySafeCard, prepaid code and many other, not-traceable methods of paying) and mostly in first phase of attack, in mid 2012. It is very unlikely that Ukash generators will help you in current case and they may done more harm than help in certain occasions.
Why?
Ransomware is know to be using security holes in third party software (like Java, Flash, Acrobat PDF) which is not always (not by everyone) kept up-to-date and by visiting harmful website or opening cybercrime-like e-mail that makes use of this security hole. In other words, you may have good antivirus software installed and updated with newest virus definitions and you can have every newest Windows Update patch installed and still become victim of this kind of threats. All needs to happen is to forget turning on auto-update feature of such 3rd-party software and forgetting to update it manually.
Other source of ransome software is installing browsers bars (not necessary from an unknown sources — ask.com was often named as source of this kind of problems). But, as we all agree, only a complete moron is installing this kind of software, and this blog is most certinaly not for morons, so we won’t discuss this later.