Remove “Attention! Your phone has been blocked up” Android virus

If your Android smartphone is locked, and you are seeing a “ATTENTION! Your phone has been blocked up for safety reasons” notification from a law enforcement agency (FBI, Australian Federal Police, Metropolitan Police, U.S. Department of Justice) asking you to pay a fine via GreenDot MoneyPak, Ukash or Paysafecard code, then your Android phone is infected with a piece of malware known as Trojan Koler.

The “ATTENTION! Your phone has been blocked up for safety reasons” virus is distributed through malicious websites, or legitimate websites that have been hacked, which will say that you need to install a special “video player” app, and then offering it for download. Note that because Koler has not made it into the Google Play Store, you need to have “Allow installation of apps from unknown sources” enabled in your Android security settings to be at risk.
The threat may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software, for instance a bogus update for Adobe Flash Player or another piece of software.

What is the “ATTENTION! Your phone has been blocked up for safety reasons” Android virus?

The “ATTENTION! Your phone has been blocked up for safety reasons” virus is part of the Troj/Koler Ransomware family of computer infections that target Android users from all over the world.
When the malicious app is installed the “ATTENTION! Your phone has been blocked up for safety reasons” virus will display a bogus notification that pretends to be from an official law enforcement agency (examples: Irish An Garda Síochána, Royal Canadian Mounted Police, Police Central e-crime Unit, Australian Federal Police) and states that your Android phone has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.

The malicious ransomware app will lock you out of your Android phone and applications, so whenever you’ll try to unlock or use your smartphone, it will display instead a lock screen asking you to pay a non-existing fine of $300 in the form of an MoneyPak, Ukash, Paysafecard or MoneyGram Xpress voucher. The malware’s authors prefer these payment services because transactions made through them cannot be reversed and are hard to trace.

Furthermore, the malicious app will claim that all your file are encrypted. The good news is that “Attention! Your phone has been blocked up” virus doesn’t scramble any of your data or exfiltrate audio and video as it claims; it merely locks your phone with a popover browser window that quickly reappears if you try to get clear of it. The bad news is that the continually reappearing pop-over window makes it as good as impossible to get into the Settings menu to remove the malware.
Even rebooting won’t help as the malware kicks back in early in the process of restarting. A factory reset will get rid of it, but that also removes all your other installed apps and stored data.

How to remove Your phone has been blocked up virus from Android (Removal Guide)

This page is a comprehensive guide, which will remove the Android Your phone has been blocked up infection from your phone. Please perform all the steps in the correct order. If you have any questions or doubt at any point, STOP and ask for our assistance.

OPTION 1: Remove the Your phone has been blocked up malicious app from your Android phone

OPTION 2: Remove Your phone has been blocked up lock screen with avast! Ransomware Removal

OPTION 1: Remove the malicious app from your Android phone

STEP 1: Reboot your Android phone to “Safe Mode” to avoid the Your phone has been blocked up lock screen

The Android Your phone has been blocked up virus effectively locks your phone with a pop-over browser window, like the one you see above, that quickly reappears if you try to get rid of it. The continually reappearing pop-over window makes it as good as impossible to get into the Settings menu to remove the malware, and a plain reboot won’t help, because the malware comes back to life early in the restart.
To avoid the Your phone has been blocked up lock screen, we will need to start your Android phone in “Safe Mode”.
Safe Mode for Android is a mode that allows a phone to load all the default settings and software the phone originally came with, most importantly your system starts up without loading any third-party apps (including the malicious Koler app).
There are a few methods to enter the “Safe Mode”, depending on the model of your Android phone.

Method 1: Reported to work on Google devices and various Android Open Source Project, or AOSP, derivatives like CyanogenMod

1. Press and hold the power button as you would to power down or reboot.
2. A menu will pop-up on your Android device. TAP and HOLD the “Power off” option.
   
   If nothing happens long press the “Reboot” option instead of  “Power off”.
3. A dialog should appear offering you to reboot your Android device to “Safe Mode”. When this happens, click on “OK” to enter “Safe Mode”
   
4. If you have managed to select “Safe Mode”, you will see the text “Safe Mode” at the bottom left corner of the screen.
   

Method 2: Reported to work on Samsung Galaxy S4 and Samsung Galaxy S5

1. Power down your Android phone.
2. Turn on and repeatedly tap the soft-button for “Menu.”
3. If you have managed to select Safe Mode, you will see the text “Safe Mode” at the bottom left corner of the screen.

Method 3: Reported to work on Samsung Galaxy S3 and other devices

1. Power down your Android device.
2. Turn on, then press and hold Volume Down (Galaxy S3 and others), Volume Up (HTC One and others), or Volume Down and Volume Up together (various Motorola devices) when the vendor’s logo appears.
3. If you have managed to select Safe Mode, you will see the text “Safe Mode” at the bottom left corner of the screen.

STEP 2: Uninstall the malicious app from your Android phone

The Your phone has been blocked up virus for Android installs itself under the name BaDoink (apparently the name of a well-known online porn service), so we will need to uninstall it from your smartphone.

1. To uninstall the malicious app from your Android device, go to the Settings menu, then click on Apps or Application manager (this may differ depending on your device).
   
2. This will bring up a list of installed apps, including the malicious app that is responsible for the Your phone has been blocked up lock screen.
   At this moment the malicious app that is locking Android phones goes by the name of “BaDoink”, however cyber criminals will most likely change the name of the app in the future (other known names: Video Player, Network Driver System, Video Render and other names). Search in the list of apps for any unknown or suspicious apps. In our case the malicious app is “BaDoink“.
   
3. Touch the app you’d like to uninstall.This won’t start the app, but will open up the program’s App Info screen, then click on “Uninstall” button:
   

   If you cannot uninstall the malicious because the Uninstall button is not available, we will need to follow these steps:

   • Go to Settings, then click on Security and select Device administrators.
     
   • Here, you can see the various apps checked for Device Adminstrator access, just uncheck the app that you would like to uninstall and Deactivate it in the next screen.
     
   • Now you can go back and the Uninstall button should be now available.
4. A confirmation dialog should be displayed for the malicious app, click on “OK” to remove the malicious app from your Android phone.
   
5. You may now reboot your Android phone out of the “Safe Mode”.

STEP 3: Remove Your phone has been blocked up virus from Android phone with Avast Free Mobile Security

As you have seen cyber criminals have started targeting Android users for malware, and we do expect that in the months to come the number of infections will grow. In this final step, we will scan your Android phone for malware with Avast Free Mobile Security, and provide a real-time protection from future malware attacks.

1. You can download Avast Free Mobile Security from the below link:
   AVAST FREE MOBILE SECURITY DOWNLOAD LINK (This link will open a new web page from where you can download Avast Free Mobile Security)
2. Click on the “Install” button, and when the app permissions will be displayed click on “Accept” install Avast Free Mobile Security on your Android phone.
   
3. Avast Free Mobile Security will be installed on your phone, this will only take a few seconds.
   
4. Avast Free Mobile Security will automatically update its virus definition database, and then will start to scan your Android phone for malware and malicious apps.
   
5. The scan may take a few minutes depending on how many apps you have installed, and if any malicious app are detected, Avast Free Mobile Security will automatically remove them from your Android phone.
   
6. Your Android phone should now be free of the Your phone has been blocked up virus, and most importantly Avast Free Mobile Security will protect your Android phone from future infections.
   

---

OPTION 2: Remove Your phone has been blocked up lock screen with avast! Ransomware Removal

Avast! Ransomware Removal quickly and easily removes malware from your device and decrypts all your files held hostage for free, so you don’t have to pay a ransom.

1. Using your computer or another device with is not infected with Your phone has been blocked up virus, go to the below link:
   AVAST RANSOMWARE REMOVAL DOWNLOAD LINK (This link will open a new web page from where you can download avast! Ransomware Removal)
2. Login to the “Google Play” with the same user information (your Gmail account) you use to login to your Android phone
   
3. Click on the “Install” button, and Avast! Ransomware Removal app will be installed on your device in a minute
4. After the app is remotely installed on your Android phone, click the app name in the notification bar.
   
5. The “Avast! Ransomware Removal” app will start and provide you will need to follow the on-screen instructions.
   
6. “Avast! Ransomware Removal” will remove the Your phone has been blocked up virus. When this app has completed its task, you will need to uninstall it from your phone.
7. Install Avast Free Mobile Security on your Android phone to protect your smartphone from future infections

Below you can read a few quick tips to help you keep your Android smartphone free of malware.

1. Always research the publisher of the app. What other apps does it offer? Do any of them look a bit shady? If so, you should probably stay away.
2. Read online reviews. Android Market reviews may not always be truthful. Check around to see what reputable Websites are saying about the app before you hit the download button.
3. Always check app permissions. Whenever you download or update an app, you get a list of permissions for it. An alarm clock app, for instance, probably shouldn’t need to look through your contacts. The general rule of thumb: If an app is asking for more than what it needs to do its job, you should skip it.
4. Avoid directly installing Android Package files(APKs). When Angry Birds first came to Android, you could get it only through a third party. This is called “sideloading,” or installing apps using an .APK file. Although Angry Birds wasn’t malware, in general it is highly advisable not to download and install .APK files that you randomly come across. Most of the time you won’t know what the file contains until you install it–and by then it’s too late.
5. Install an antivirus on your phone (we have installed Avast Free Mobile Security). Although many people still think that antivirus scanners on phones are useless, maybe outbreaks such as this one will change minds.