Malware
How to disinfect the Police Virus

Published by Jose Manuel Bernal, 27/04/2012

This morning, after I started up the PC, I was confronted with the following full-screen window covering the entire desktop:

Without paying much attention to it I instinctively pressed ESC and other key combinations like ALT+F4 to try and close it, but the message had locked the computer rendering it effectively unusable.

The message pretends to come from Spain’s local authorities and claims illegal activity has been detected on my computer. More specifically, the message claims that forbidden websites containing pornography have been visited from my IP address and demands a fine is paid to let me back in. The text, loosely translated, reads:

“Illegal activity has been detected on your computer. According to Spanish law your computer is locked. Forbidden websites containing pornography, child pornography, bestiality, etc. were visited from this IP address. This locking serves to stop your illegal activity.”

This is actually a new variant of the infamous Police Virus called Trj/Ransom.ab, which belongs to a malware category called ransomware. The aim of the people spreading this malware is to intimidate and blackmail users whose PCs are infected and persuade them to pay for having the malware removed. The scam is similar to that of rogueware or fake antivirus software, which we have covered in post The nightmare of fake antivirus continue. Protect yourself with Panda, only this time the perpetrator tries to pass themselves off as a law enforcement agency instead of as an antivirus vendor.  Well,  here are the Instructions to remove the Police Virus Trj/Ransom.ab.

Finally, we’d like to remind you of these simple tips that will help you protect yourselves from this type of malware.

  1. Use your common sense. No governmental organization can block access to your computer. Under no circumstance pay the so-called ‘fine’.
  2. Install a good antivirus. Check out our recommendations in the following post: Protect your banking data with Panda Security’s new 2012 products. Protect your computer at all times and avoid nasty surprises.
  3. Keep your operating system up-to-date with the latest security patches.
  4. Never open an email from an unfamiliar sender. Beware of messages with eye-catching subject lines, they are more likely to carry a virus.
  5. Avoid surfing to non-secure Web pages. In some cases, it is enough to visit a compromised website to get infected without knowing. If, however, you need to access a dubious website, do so from a malware-free environment like that offered by Panda SafeBrowser.

Stay safe!

No comments so far!
Leave a Comment