Ask a question »

Hadopi virus/ Ukash virus / Police Virus

April 2015


Hadopi virus/ Ukash virus / Police Virus


The information in this FAQ are based on this article: http://www.malekal.com/2012/01/10/virus-gendarmerie-activite-illicite-demelee/
The ransomwares propagate through malicious advertising (Malvertising) streaming/downloads websites etc..
These ads lead to malicious WEB exploits which aim to automatically infect the visitors.
PCs with outdated software (Adobe Reader/Flash, Java) are more vulnerable to this type of infection.
Hence the importance of keeping your software up to date.
The "Hadopi" ransomware exists in two variants Urausy and Reventon.
The Urausy variant - normally safe mode does not work.
This variant is characterized by the presence of the handcuff image
This variant normally prevents booting in safe mode.

The Reveton variant - handcuffs image is replaced with a WebCam image.
This variant doesn't block access to safe mode.

Safe Mode (Reveton variant)

  • Restart the computer in Safe mode with network support.
  • Download on the desktop: RogueKiller (by tigzy)
  • Start RogueKiller.exe.
  • Wait until the prescan has finished
  • Run a scan from the Scan button located at the top right.
  • RogueKiller will detect the following elements msconfig/CTFMON.
  • Click Delete to remove the malicious elements.

System Restore


Start a system restore using the command prompt http://forum.malekal.com/windows-recuperer-son-systeme-t20428.html#p166263


If you are using Windows Seven, launch System Restore from the "Repair my computer" menu.

Command prompt in safe mode (Urausy variant)


See this page: http://www.malekal.com/2012/01/10/virus-gendarmerie-activite-illicite-demelee/

Malekal Live CD

  • Download and burn the Live CD Malekal (or put it on a USB key).
  • Boot from the live CD
  • RogueKiller starts, do a scan and then click Delete.
  • Restart the computer, you should be rid of ransomware.
  • Malekal Live CD: http://www.malekal.com/2013/02/22/malekal-live-cd/

Kaspersky Live CD


Download Kaspersky Live CD: http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/kav_rescue_10.iso

Conclusion

  • If the above methods doesn't work, you can always create a topic in the Virus forum.
  • If you succeed in removing the infection, you must update your installed software as your computer is still vulnerable.
For unlimited offline reading, you can download this article for free in PDF format:
Hadopi-virus-ukash-virus-police-virus.pdf

See also

In the same category

Virus Hadopi / Virus Ukash / Virus Police
By Malekal_morte- on April 2, 2013
Original article published by Malekal_morte-. Translated by deri58.
This document entitled « Hadopi virus/ Ukash virus / Police Virus » from Kioskea (en.kioskea.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.