Removal of Police Malware (Ransomware)

Discussion in 'Hardware - PCs, Consoles, Gadgets' started by terroratthepicnic, Oct 1, 2012.

Welcome to the Army Rumour Service, ARRSE

The UK's largest and busiest UNofficial military website.

The heart of the site is the forum area, including:

  1. terroratthepicnic

    terroratthepicnic LE Reviewer Book Reviewer
    1. ARRSE Runners

    Over the weekend I happed to be pinged by a Malware virus. I wasn't doing anything wrong or remotely illegal but my laptop suddenly locked up saying it was the Met police and they were locking my computer until I paid £100 fine to release my laptop.

    Due to the nature of the guy's and gal's on this site, I suspect I am not the first or the last person this has happened too.

    Firstly, do not pay the fine. This is a known ransomeware (Trojan)and there are ways of removing it.

    I logged into a different account to see what I could do. I then found this site Malware Removal Blog, sadly this didnt work for me as the file Shell had a value data as explorer.exe, however all is not lost, I found a way of removing it manually.

    Reboot your PC/Laptop and continually press F8 to get the Windows Advanced Options Menu. Then select "Safe Mode with Command Prompt". You then need to open the account that had the virus.

    Once successfully logged in, start menu> command prompt> msconfig.exe

    When the dialog box opens, look in startup. I found a file that was gibberish. it had no clear wording just random letters. It was an unknown file and had that days date on it. When you find it, untick the box and take a not of where the file is located. For me it was in HKUC (or something). I found the file and deleted it, then emptied my recycle bin.

    This then cleared it from the PC. When I rebooted all was fine. Due to this being a newish virus, some or most of the anti - malware products are not yet able to remove this virus. Due to the different mothods of finding it and removing it, I suspect the hacker who wrote it are changing for this reason.

    The virus is a pain in arrse, as it blocks your desktop so renders it useless. So hopefully this will help some of you out a little.
  2. It's not new but doesn't get caught by a lot of software because it is delivered as a Trojan and allowed in by the user, then it can turn off detection settings or hide itself using your rights in Windows.

    Most dodgy software these days is let in by the unwitting user, either because they allow it or through exploits
  3. Take you computer and a USB stick to a repair shop, tell em you want your personal data put on the USB stick and the laptop wiped and windows re-installed. If it's more than £30 ask a mate to do it.

    When you get it back, get some decent anti-virus (fully updated) on there ASAP, Then connect and run windows update over and over until it says your fully up to date, Make a system restore point.
    Scan all your files on the USB and then transfer them back.

    PS - That's scam-ware you have on your laptop right now, load of bollocks

    EDIT: or follow the advice in the link above.
  4. HHH

    HHH LE

  5. This was covered on here a while back mate.

    Some good info here
  6. terroratthepicnic

    terroratthepicnic LE Reviewer Book Reviewer
    1. ARRSE Runners

    I did a search but couldn't find it. Oh well it won't hurt to have twice.
  7. I managed to get rid of it by booting into safe mode then rolling back to a previous system restore point.

    You dont need to spend money getting a shop to get your data off and you certaintly dont need to reinstall windows.

    There are several well documented fixes ( mine was just luck )
  8. I wasn't having a pop mate, just thought youd like looking at an arrse thread solution, instead of a geeksville one. :)
    • Like Like x 1