The Australian Federal Police (AFP) Ukash Ransom is a computer virus, which will display a bogus notification, that pretends to be from the Australian police and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.
The Australian Federal Police virus will lock you out of your computer and applications, so whenever you’ll try to log on into your Windows operating system or Safe Mode with Networking, it will display instead a lock screen asking you to pay a non-existing fine of 100 $ in the form of a Ukash or PaySafeCard code.
Furthermore, to make this alert seem more authentic, this virus also has the ability to access your installed webcam ,so that the bogus Australian Federal Police notification shows what is happening in the room.
If your computer is infected with Australian Federal Police virus,then you are seeing any of the below notifications:
The bogus alert from the Australian Federal Police Ransom will display the following message:
AFP Australian Federal Police
Attention!
Your PC is blocked due to at least one of the reasons specified below. You have been violating “Copyright and Related Rights Law” (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Australia. Article 128 of the Criminal Code provides for a fine of 2 to 5 hundred minimal wages or a deprivation of liberty for 2 to 8 years.
You have been viewing or distributing prohibited Pornographic content (Child Porn/Zoophillia anr etc.) Thus violating article 202 of the Criminal Code of Australia.
Article 202 of the Criminal Code provides for a deprivation of liberty for 4 to 12 years. Illegal access to computer has been initiated from your PC, or you have been… Article 208 of the Criminal Code provides for a fine of up to AUD $100,000 and/or a deprivation of liberty for 4 to 9 years.
Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law On Neglectful Use of Personal Computer. Article 210 of the Criminal Code provides for a fine of AUD $2,000 to AUD $8,00.
The Australian Federal Police Ransom is a scam, and you should ignore any alert that this malicious software might generate and remove this trojan ransomware from your computer.
Under no circumstance should you send any money to this cyber criminals,as this could lead to identity theft,and if you have, you should contact your credit card company and dispute the charge stating that the program is a scam and a computer virus.
Australian Federal Police Ukash Ransomware – Virus Removal Guide
Australian Federal Police (AFP) Ukash notification – Virus Removal Guide
STEP 1: Remove Australian Federal Police lock screen from your computer
Australian Federal Police Ukash Ransom has modified your Windows registry and added its malicious files to run at start-up, so whenever you’re trying to boot your computer it will launch instead its bogus notification.To remove these malicious changes, we can use any of the below methods :
Method 1: Start your computer in Safe Mode with Networking and scan for malware
Some variants of Australian Federal Police virus will allow the users to start the infected computer in Safe Mode with Networking without displaying the bogus lock screen. In this first method, we will try to start the computer in Safe Mode with Networking and then scan for malware to remove the malicious files.
- Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
- Press and hold the F8 key as your computer restarts.Please keep in mind that you need to press the F8 key before the Windows start-up logo appears.
Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen. - On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
![[Image: Safe Mode with Networking]](http://static.malwaretips.com/blogs/wp-content/uploads/2013/01/safemode.jpg)
- If your computer has started in Safe Mode with Networking, you’ll need to perform a system scan (as seen on STEP 2) with Malwarebytes Anti-Malware and HitmanPro to remove the malicious files from your machine.
IF the Australian Federal Police virus didn’t allow you to start the computer in Safe Mode with Networking,you’ll need to follow Method 2 to get rid of its lock screen.
Method 2: Restore Windows to a previous state using System Restore
System Restore can return your computer system files and programs to a time when everything was working fine, so we will try to use this Windows feature to get rid of Australian Federal Police lock screen.
- Restart your computer, and then press and hold F8 during the initial startup to start your computer in safe mode with a Command prompt.
Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen. - Use the arrow keys to select the Safe mode with a Command prompt option.
- At the command prompt, if you are using Windows Vista, 7 or 8 type C:\windows\system32\rstrui.exe , and then press ENTER.
If you are using Windows XP, you will need to type C:\windows\system32\restore\rstrui.exe, and then press ENTER.
![[Image: Start System Restore from Safe Mode with Command Prompt]](http://static.malwaretips.com/blogs/wp-content/uploads/2013/02/cmd-system-restore.jpg "Start System Restore from Safe Mode with Command Prompt")
- The System Restore utility will start, and you’ll need to select a restore point previous to this infection.
- After System Restore has completed its task, you should be able to boot in Windows normal mode, and perform a system scan (as seen on STEP 2) with Malwarebytes Anti-Malware and HitmanPro to remove the malicious files from your machine.
IF the Australian Federal Police virus didn’t allow you to restore your computer to a previous point, you’ll need to follow Method 3 to get rid of its screen lock.
Method 3: Remove Australian Federal Police lock screen with msconfig utility
When your computer was infected with the Australian Federal Police virus, this trojan has set a its malicious files to start whenever your computer is booting. IF you didn’t have a restore point, we can use msconfig to remove it’s malicious start-up entry.
- While your computer is in Safe Mode with Command Prompt, type msconfig to start the Windows System Configuration utility.
![[Image: Type msconfig in the Command prompt]](http://static.malwaretips.com/blogs/wp-content/uploads/2013/02/command-prompt-start-msconfig.jpg "Type msconfig in the Command prompt")
- Click on the Startup tab, then search for any suspicious or unknonw entries (random numbers or letters, ctfmon.exe, and other suspicious or unknown entries), and unckech them from startup, then click on OK.
This will stop the Australian Federal Police virus from starting with Windows, however it won’t remove the malicous files from your computer.
![[Image: Uncheck any suspicious entries from start-up]](http://static.malwaretips.com/blogs/wp-content/uploads/2013/02/msconfig-remove-startup-item.jpg "Uncheck any suspicious entries from start-up")
- Type shutdown /r in the command prompt to restart your computer, then perform a scan with Malwarebytes Anti-Malware and HitmanPro as seen on STEP 2.
IF the Australian Federal Police virus didn’t allow you to start the computer in Safe Mode with Command Prompt you’ll need to follow Method 4 to get rid of its screen lock.
Method 4: Remove Australian Federal Police virus with HitmanPro Kickstart
IF you couldn’t boot into Safe Mode with Command Prompt or didn’t have a System Restore point on your machine, we can use HitmanPro Kickstart to bypass this infection, and access your computer to scan it for malware.
- We will need to create a HitmanPro Kickstart USB flash drive,so while you are using a “clean” (non-infected) computer, download HitmanPro from the below link.
HITMANPRO DOWNLOAD LINK (This link will open a download page in a new window from where you can download HitmanPro) - Insert your USB flash drive into your computer and follow the instructions from the below video:
- After you have create the HitmanPro Kickstart USB flash drive, you can insert this USB drive into the infected machine and start your computer.
- Once the computer starts, repeatedly tap the F11 key (on some machines its F10 or F2),which should bring up the Boot Menu, from there you can select to boot from your USB.
Next,you’ll need to perform a system scan with HitmanPro as see in the below video:
- After HitmanPro Kickstart has completed its task,you should be able to boot in Windows normal mode,from there you’ll need to perform a system scan (as seen on STEP 2) with Malwarebytes Anti-Malware and HitmanPro to remove the malicious files from your machine.
STEP 2: Remove Australian Federal Police malicious files from your computer
Run a computer scan with Malwarebytes Anti-Malware Free
- You can download Malwarebytes Anti-Malware Free from the below link,then double click on it to install this program.
MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK(This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free) - When the installation begins, keep following the prompts in order to continue with the setup process.
DO NOT make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked,then click on the Finish button.
![[Image: Malwarebytes Anti-Malware final installation screen]](http://static.malwaretips.com/blogs/wp-content/uploads/2013/01/malwarebytes-installation.jpg "Malwarebytes Anti-Malware final installation screen")
- On the Scanner tab,select Perform quick scan and then click on the Scan button to start scanning your computer.
![[Image: Malwarebytes Anti-Malware Quick Scan]](http://static.malwaretips.com/blogs/wp-content/uploads/2013/01/malwarebytes-quick-scan.jpg "Run a Quick Scan with Malwarebytes Anti-Malware")
- Malwarebytes’ Anti-Malware will now start scanning your computer for Australian Federal Police virus as shown below.
![[Image: Malwarebytes Anti-Malware scanning for Australian Federal Police virus]](http://static.malwaretips.com/blogs/wp-content/uploads/2013/01/malwarebytes-scan.jpg "Malwarebytes Anti-Malware scanning for Australian Federal Police virus")
- When the Malwarebytes scan will be completed,click on Show Result.
![[Image: Malwarebytes Anti-Malware scan results]](http://static.malwaretips.com/blogs/wp-content/uploads/2013/01/malwarebytes-scan-results.jpg "Malwarebytes when the system scan has completed")
- You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image.Make sure that everything is Checked (ticked) and click on the Remove Selected button.
![[Image:Malwarebytes removing virus]](http://static.malwaretips.com/blogs/wp-content/uploads/2013/01/malwarebytes-virus-removal.jpg "Click on Remove Selected to get rid of Australian Federal Police virus")
- After your computer will restart in Normal mode, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats
Run a computer scan with HitmanPro
- Download HitmanPro from the below link,then double click on it to start this program.
HITMANPRO DOWNLOAD LINK (This link will open a new web page from where you can download HitmanPro)
IF you are experiencing problems while trying to start HitmanPro, you can use the Force Breach mode.To start HitmanPro in Force Breach mode, hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video) - HitmanPro will start and you’ll need to follow the prompts (by clicking on the Next button) to start a system scan with this program.
- HitmanPro will start scanning your computer for Australian Federal Police malicious files as seen in the image below.
- Once the scan is complete,you’ll see a screen which will display all the infected files that this utility has detected, and you’ll need to click on Next to remove these malicious files.
- Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer.
thanks for your help I obviously need to update malware/antivirus software, any suggestions at all please , thanks again
Thank you for your help I ended up using the hitman pro USB method but I finally got rid of the Trojan and now my computer is running just fine.
Thanks Man
Your a superhero. So many people say there going to help but there is always an ulterior motive.
You got me and my business up and running in no time.
Thank-you for the given advice.
I ended up having to use method 4. I was able to get on the guest user on my PC at the time, no screen lock was in place on guest..Which was interesting. Downloaded the given Malwarebytes download. Went through all the processes and the other user became accessible with virus deleted..
I was fortunate and at ease that i could access the other user account on the computer at.. This made it possible to come by this site straight away after the event..
Thanks, again. =]
A thousand times thankyou. We are in our 60′s and not very technological savvy but we were able to remove that hideous Australia “Federal Police” virus. We downloaded the two programmes to usb and it was so simple for us after that. Don’t know what these creeps get out of sending viruses but I do believe in karma.
Once again thank you.
Thank you so much Stelian!!! Really appreciate you taking the time to help out people with pc problems. We will be looking to your blog in the future if we have any further problems
Thanks again
Hi,
thanks for the help.
I have used Method 2, and it worked perfectly!
But still I have a virus called(22FIND)in my laptop, I tried many Methods to remove ,still in my laptop, using Win 7.
Any help pls
Hello Zuhair,
Please follow this guide: http://malwaretips.com/blogs/remove-22find-com-hijack/
Hi Stelian
So happy – managed to remove a trojan.ransom (skype.dat) on my computer by using option 2 (restore Windows).
The Hitman Pro found 2 traces: F\HKLM\software/classes and S\HKLM/software/classes
I only had a white screen – no ransom message.
Thanks for sharing your expertise. Greatly appreciated.
Hello Sander,
If the Malwarebytes and HitmanPro scan results are clean, you should be fine!
Thank you!
Hi, just wanted to say thank you for helping me out. Thank you! God bless!
Saying thank you would be a Huuuuuuge UNDERSTATEMENT for ALL your great help to myself and hundreds of others, so all I can say is that you should be absolutely proud of yourself for helping me and hundreds, maybe even thousands of people globally. The Ukash scam led me to panic, but you helped me when I needed it. So I thank you Stelian! and God Bless You Brother
Thanks Stelian…I thought my hard drive had died but we are back up and running. Method 2 worked a treat although Hitman Pro didn’t find any AFP malicious files. Is this a problem?
Hello Stephen,
No it’s not an problem, if you have performed a scam with Malwarebytes and HitmanPro, and the scan results were 0 threas, you’re computer is clean!
Stay safe!
I am not sure if you are ever going to read this Stelian but thank you very very much! Method 1 worked a charm (please ignore my previous comment, not sure what I was doing wrong). You are a genius, being an IT pro myself, I couldn’t get rid of this malware on my friends laptop. Let me know if I could be of any use to you! If you ever decide to travel to Brisbane, Australia someday, I would love to show u around :-)
thank you alot!! worked straight away took me about 20 minutes but worked perfectly fine and good luck to anyone who gets this virus or trojan thingy gave me a heart attack !!!!
THANK YOU SO MUCH! :D
Method 2 worked for me. I followed the steps diligently and my laptop appears fixed. Thank you for sharing your expertise and knowledge. It is appreciated.
Hey Man,
Thanks Heaps, Method 1, worked a treat
Can’t believe the AFP know about this and it’s been going on for more than 6 months……….
I have used method 2 and it worked perfectly. I was going crazy until I found your website on my spare laptop. Thank you so much.
Thanks very much for your help the steps were so easy to follow people like you are what make the world a better place
Thank you so much!! The steps worked perfectly!!
Since it appears that ukash is ac tively processing payments for the scammers can’t they be prosecuted. They bear a lot of responsibility for facilitating this scam. Victims should organize and sue!
Hi Again, Thank God I was able to fix it. Thanks HEAPS for the instructions. I was in panic mode.
Hi, I have the same Ukash virus. I have been able to open up in safe mode, however, my icons are now gone so I can’t open internet to download step 2. Sorry I am not so computer savy.
Thanks
Hello Rita,
Press the Windows button+ R key to bring up the Run box, then please type iexplore to start your web browser.Then download the tools from this guide, and run a scan with them.
Alternatively, you can boot your computer in Safe Mode with Command Prompt, and type msconfig in the Command prompt OR if you are using Safe Mode with Networking, in the text box or Run box (windows key+R key), type msconfig.
This should start the Windows System Configuration tool. Go to the Start-up tab, and search for any suspicious or unknown entries (random numbers or letter, ctfmon.exe and other suspicious entries) and uncheck them from start-up.
thanks for the help.
I have used Method 2, and it worked perfectly!
thank you very very much!! any idea why this is happening?
Hello Eric,
This AFP notification is a scam, and the most likely point of infection is an compromised email attachment that you have opened!
I do recommend that you read this guide >> http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ << so that you’ll learn how to avoid future infections!
Guys thanks for the tips. Quite helpful. I was able to get rid of this malicious “Australian police”scam.
Thank you so much for your help……
Blessings and thanks so much for your generous, clear and step specific instructions – we are so grateful – looks like the old laptop will hang in a bit longer! Does make me wonder why I bother with Norton!
Thanks Man, I got done today but all looks fine now, Method 2 is the way to go!!!
thank you thank you thank you !!! you are a LIFESAVER. The virus showed up on my computer an hour ago and is now already gone. can not thank you enough!
Cheers for the clear and simple instructions. I used method 2.
WOW…… Thanks mate, I don’t know hw to say thank you, method 1 worked on my lap top.
Just let me know what can I do for you?
Hello Ehsan,
Just stay safe, and have an awesome life!! :D
Thanks so much!! When I got the screen locked by the scam ad, I pressed ctfl+alt+del to go to tasks adm and then switched users. After that I followed method 2 and went smoothly. Thanks so much again!! Your’re ace!
Hey I would just like to say thank you so much for your help I am in year twelve and have important files, photos and videos in my laptop and I literally thought they were gone forever thank you so much for your advice and step to step help I really appreciate it :) xx
Hello Hayley,
I’m glad to read that you have managed to clean up your computer, I would advise you to backup on an USB or external HDD all your personal documents, to avoid losing them in the future. The new malware threats that are launched are very agreesive, so it’s a good idea to have an back-up!
Thank you so much for your time and effort. I have followed method 2 and up to the stage of scanning using Malware bytes, when finished it said I had no virus on my pc. I know I have the virus but the scan is coming up empty? Why is this? I am now doing a full scan.
Hi there, I’ve used Method 2, however after the scan i received a system restore message: System restore did not complete successfully. Your computer’s system files and settings were not changed. It tells me i can Run System restore again? The was another Restore point i could have chosen, that was at the time of receiving the scam. What do you suggest?
Thankyou very much in advance…
I have been this Virus today. and i found your artical whick is really helpful. but the metho 2 will lose the files that i have. So i try another way. This is only work for computer which has a guest account. this virus will block you loggin ur administrator account but it allow me login in as a guest. I can scan Virus in guest account. delete the virus and the problem sovles. This works for me. hopefull will help u guys.
Method 2 work for me…Thanks.
Thanks man! I hate being held to ransom and your advice did the trick. I owe you a free music lesson
- jimmythelips.com
Thank you mate!!!! This saved my (laptop’s) life!!!
Thanks for posting how to fix this virus I used method 2 and now I have my laptop back
Great work and thank you very much
Ur a lifesaver stelian. When this thing came on my screen i knew it was a scam coz of the media but i thought i lost everything on there including 8 months worth of my babies fotos since yhe day she was born. I’m doing the full scan now. Method 2 worked for me. U have made 1 mummy very happy thank u so much. :)
Used Method 2; worked well!
I presume that the AFP know about this malware; have they any leads as to the perpetrator(s)?
Stelian, you are bloody awesome. Thought the laptop was shagged, i am a computor no hoper, but i followed your method 2 – method 1 didnt work – and presto, i have my lappy back.
I fix cars for a living, if ever i can help you in return, i will do my best.
From the Snowy Mountains, NSW
Thank you, COL! :D
Stay safe, and have an awesome life! If you ever need any help with your computer issues, we are always here!!
How good is it that there are still people out there that will help you without asking for anything in return
Genious solutions. step-by-step…Method 2 worked for me….Fantastic work Thank you….
Thanks! great instructions! Massive relief to get rid of that horrible virus
Thank you so very much! This method is fantastic and you have made it very easy to follow. My computer would not allow me to even access the Advanced Options Menu so that I could choose Safe Mode. Alternatively, I used one of the other user accounts on the computer (suprisingly, these weren’t affected at all), and I followed Step 2 from that point forward.
I really appreciate this help. Thank you Stelian!
Thank you for the clear instructions, so easy to follow, I had to start with the comand prompt as the PC just rebooted when I tried in either of the Safe or Safe with networking modes, worked great using the compand prompt and restore……….and now my PC is back again……..
Worked great. Saved my computer.THANK YOU!
thanks so much for this info. You saved us!!!!! Do i need to delete the entry point app to keep the computer safe and how come my anti virus stuff did not stop this?????? From Sydney Australia
Hello Emma,
There are different versions of this virus, and sometimes it’s missed by some security developers.What antivirus are you using?
THANK YOU…..appreciate the help…..
u did a great job, thanks a lot. I really really appreciated about this.!
You are the man. The methods are really clear and easy to follow. The steps are completely fantastic! You made me phew and saved my laptop. Thank you so much.
Am scanning my computer now hope it works
Thank you thank you I can breath again it worked
Thank you ! This showed up n my computer today and now it’s gone after all your help
Thank you so much for your step by step guide on how to remove this threat. I’m doing a restart now so hopefully I’m virus free!
I Have used All of the Methods But none of them have worked for me .The Safe mode with command prompt boot dosent open the virus but as there are no back ups on the infected computer i cannot use it .Is there any other ways to remove the virus using the’ safe mode with command prompt ‘ method and if not i need HELP !! as the USB HitMan Pro method dosent work either as it just freezes on the windows boot screen , Please Help !!!!
Hello Joseph,
Boot your computer in Safe Mode with Command Prompt, and type msconfig in the Command prompt. This should start the Windows System Configuration tool. Go to the Start-up tab, and search for any suspicious or unknonw entries (random numbers or letter, ctfmon.exe and other suspicious entrie) and uncheck them from start-up. Next boot your computer in regular mode and perform a scan with HitmanPro and Malwarebytes as seen on the guide.
If it still doesn’t work,you’ll need to create a Kaspersky Rescue CD as seen HERE: http://malwaretips.com/blogs/remove-police-trojan/ , on Method 3.
If everything fails, then you’ll need to create an account on our forums and a member of the staff will help you (with more advanced tools) to remove this nasty virus: http://malwaretips.com/Forum-Malware-Removal-Assistance
Good Luck!
Thanks for your efforts it has taken me days to kill this vile virus off. I have Win 8 which is a nightmare to get to safe mode. F8 does not work. Hold shift and keep banging F8 can work but you can spend a long time trying. There are better ways. 1st create a visitor account (before you get this thing) if you only have one account, often the other account is not affected so you can log into it to use the malware suggested. If it’s to late here is what worked for me:
Load to your ‘password screen’. Hold down ‘shift’ click on the OFF bottom (usually bottom right) and click RESTART while holding the SHIFT key. The PC will restart on Recovery page. Choose ADVANCED REPAIR OPTIONS. Then TROUBLE SHOOT. Then ADVANCED OPTIONS. Then WINDOWS STARTUP SETTINGS finally hit RESTART. You will now have the choice of the many options including SAFE MODE. Safe Mode didn’t work for me so I went number 6 COMMAND PROMPT, then I followed the instructions above, restored to a safe time and bingo I could boot normally and let Malwarebytes and then Hitman Pro do their things. Virus DEAD! Thank you for you post it was a great help once I got to the ‘prompt screen’ and it inspired me to find a way there. Hope this helps the Win 8 users.
Addition to method 1: If you know the process that Ukash is using to hostage, you can ctrl-alt-del and Kill Process Tree the item in question. (Mine was skype – a program I don’t even have!)
Once that was done, I was able to stay in Safe Mode With Networking. It made following your guide for cleanup MUCH quicker.
This was the first virus I’ve ever had on my computer. I honestly freaked out. But the ukash thing looked suspicious so I googled it on my phone and came up with this page. I used the first method and my computer works fine now!
Ive never been good with technology but even I could understand this! THANKYOU!!!!!
Thank you for this information. It’s 3 in the bloody morning, and I’m beyond annoyed, but at least it’s gone.
Interesting thing I found was that the first time I tapped the power button to restart, the screenlock disappeared and let me save my work. Weird, but useful!
Might be worth adding, this virus will implement its own restore point at the point of infection..
I dont run system restore as I format regularly and try to play with these viruses to find new ways to remove them, and noticed that this guy had in fact created a restore point on the infected machine, even timestamped with the exact time of failure, 16/01 @ 4:00am..
I know neither window or myself created this point, so restorer’s beware on which restore point you choose, Pick one from a few weeks prior to the current date, If you don’t have one that far back, attempt removal via one of the other methods, else you risk re-infection
Worked brilliantly! You are a lifesaver. Many thanks!
Awesome thanks for the help – got rid of this disgusting malware. Thanks again!
Looks good so far thanks, it was on my daughters computer and she had let her anti virus run out.
Thanks again mate.
Thank you, thank you, thank you, thank you, thank you!
I commend you sir for taking the time to explain in full detail how to fix this virus.Not only have provided a solution to the problem but you have done it with no affixed cost.Give the man a medal!Look me up if your ever in oz….Would happily shout you a beer or two! Much obliged.
Oh yeah,luis Suarez is epl’s finest!
I have a serious problem that I need help with. I have the AFP Ukash virus on my laptop (Compaq V3703 running Windows XP). I cannot start in any of the Safe modes – Ukash actives a couple of seconds or so after restarting and the computer gets locked up once again – so most of the recommendations do not work for me. I then tried using HitmanPro Kickstart to circumvent this, but this also didn’t work. This provided me with the Kickstart boot menu, although this would then go into the Windows Advanced Options Menu (the screen you get after pressing F8). The computer then freezes whether I select start Windows normally or start in Safe Mode.
Oh yeah, I have tried reinstalling Windows XP on the C: drive partition, but this computer has a SATA hard drive which the installer does not recognise. I have tried going into the BIOS to change the SATA driver to IDE as suggested elsewhere, but the BIOS on this machine is very basic and will not allow me to make any changes.
What are my options? I desperately need access to this computer so I can save off a number of files that I have saved on D: drive (Windows is on C:), after which I am happy to reformat. I am not overly tech savvy so would appreciate a simple / lain language fix if one exists. Cheers.
Hello Jason,
You’ll need to create a Kaspersky Rescue CD as seen http://malwaretips.com/blogs/remove-ukash-virus/, on Method 3.
If everything fails, then you’ll need to create an account on our forums and a member of the staff will help you (with more advanced tools) to remove this nasty virus: http://malwaretips.com/Forum-Malware-Removal-Assistance
Thanks for getting back to me Stelian. I’ll give the rescue disk a shot and let you know how I go.
you are a diamond bro… thanks a lot…………
Thanks buddy worked well :)
I used the Hitman kickstart software and followed the two videos. Ihave XP and by following the videos everything worked and the virus was gone, Just to be sure I System restored my pc to an earlier date all seems as it was so a million thanks for the help , : )
Used Method 2. Absolutely brilliant. Thanks.
Messi = Football, Pilici = Computers
Mucho Gracios Mi Amigo!
Thanks for the advice. This insidious webpage locked my daughter laptop – using these steps cleared and unlocked the computer. Can’t imagine how much these mongrels fleece from unsuspecting users who get this. Thanks for your help
Thankyou seems ot have worked appreciate your assistance. ty
how do i get rid of the scam and can someone please explain the steps to me.
Hello Lisa,
This hole page is about how to remove AFP virus…Just read the article! :)
Sorry must have a later version of the AFP virus it keeps overriding the USB device boot and booting XP from the hard drive even when I set the bios to USB or CD drive and remove the HDD from the boot order, only thing I cand get into is CMD Prompt Window, nothing else works and it won’t see my CD drive or USB stick to launch from there, looks like a reinstall windows tommorrow if AVG support can’t help :/
Hello Pat,
You’ll need to created a Kaspersky Rescue CD as seen in this article, on Method 3.
If everything fails, then you’ll need to create an account on our forums and a member of the staff will help you (with more advanced tools) to remove this nasty virus: http://malwaretips.com/Forum-Malware-Removal-Assistance
Mine is strange, got the locked out screen, seemed fishy, so I turned my computer off, turned it on. And everything seems fine – my computer booted up then loaded all the websites etc I had before it got locked.
The scan has picked up some trojans though so hopefully that’s it. Thanks heaps!
Thank you Malware worked for me, I worry about the older people out there who may have limited computer knowledge and fall for this scam.
Method 2 worked for me. I followed the steps diligently and my laptop appears fixed. Thank you for sharing your expertise and knowledge. It is appreciated.
Hi, first of all thank you. I Had to use Method 2 cmd with command promt, however it would not let me go to C:\windows\system32 so i did a search and found out i have to do the following command I typed ( cd (space) windows\system32 ENTER) then I typed from there cd restore, waited a few seconds then typed rstrui.exe waited a few seconds and then it worked I was able to perform a system restore.
I then got a ERROR LOADING C:\documents…..\wgsdgsdgsgsd.dll clicked OK then just the windows wall paper screen appeared. I then restarted and went into SAFE MODE again start normally and am now doing a Virus scan to get rid of the stupid fake virus.
Its been over 5 hours of scanning now and I can now get into my Normal windows which is XP but still get that wgsdgsgdgsd.dll error, however i was not able to update the Malwarebytes which i am doing now. If all is good I will do another MW search and if that is good I will not post again. Thanks
OK GOOD news I updated my MW Bytes and did another full scan and it found 4 RANSOM Trojans and 1 other mall-ware i guess is associated with this terrible virus. So now i have rebooted 2 times and its all back to normal. Thank you so much for your post I really appreciate your time and effort. I also hope my information is helpful to you all. BTW when i said above fake virus i meant fake message. I will say i did sh*t myself and thought WT* but as soon as it said send money i smelled a rat and knew i would be able to find out how to beat them. If i did do anything wrong the police or government wouldn’t tell me about it via my computer LOL they would be knocking on my door. Thanks Again.
i love you, thx heaps!!!
Ignore my previous post – I realised the boot USB it a dual architecture bootable USB HOWEVER, I just did all this as instructed in the videos but after the scanning of the HDD got to about file 10’000 or so, the ransomware white screen took over and nothing else happened. Scan starts, it takes over but is then re-taken over by the ransomware again before it completes… I tried 3 times and same result and at the exact same file scan each time….. Any sugestions ?
Hi,
I have a little problem – all the computers I own and use are 64 Bit but my customers AFP Ransomware infected computer is 32 Bit. As a result, getting a bootable 32 Bit version of the reccommended program HITMAN PRO is pretty hard as you cant run the 32 bit on the 64 bit machine (unless I missed something) ?
I was forced to use an old HDD I had in a box with a 32 Bit image of Vista to boot using the customers computer to then go and download and create the 32 Bit version of the bootable USB drive and then swap the HDD’s, reboot from the 32 bit usb drive and go from there – is there an easier way ?
Thank you Stelian! I’ve used Method no. 1 and worked perfectly! Malwarebytes removed all the viruses from my computer!
Thank you and a Happy New Year from Sydney, Australia!
I have used Method 2, and it worked perfectly!
Thanks Stelian!
thankyou soo much throught i was screwed for a second there