For several months the BKA-virus is known primarily in German-speaking countries. This is a so-called ransom-, lockscreen- or winlock-trojan that gives access to the computer only against payment.

Recently, variants of this malware have appeared more frequently.

In case of infection the screen looks similar to this example:

Apart from the poor German and poor spelling, the very fact is already suspicious enough that the German federal police or the BKA would never resort to such methods to collect fines in connection with alleged Internet crimes.

Countermeasures:

First of all, it is recommended to check for the latest virus definitions. This can be accomplished in two different ways.
A third option is to perform a manual cleanup of the system.

1. Scan from a non-infested account

1. Update your Avira Internet Security client by starting the Avira Control Center and selecting Update → Start update.
2. Then restart the computer in the safe mode of Windows You should hit the F8 key (F5 on XP) repeatedly while booting your computer until the menu "Advanced Boot Options" appears.
   
   Select "Safe Mode" and confirm the selection with the Enter - key. The operating system will be restarted by hitting Enter after the reconfirmation of Windows.
   Log on as "administrator"
   
   
3. Configure the scanner by selecting Start → All Programs → Avira → Avira Desktop → Start Avira Internet Security. Within the Avira Control Center, click on Extras → Configuration.
   
   Turn on the Expert mode, click in the submenu on “System Scanner”. Within this category choose the option “All files” and not the default selection “Use smart extensions”. Set the “Scanner priority” on “high” and click OK.
   
   
4. Now perform the scan by selecting on the left side of the Avira Control Center “System Scanner”. Then click with the right mouse button on "Local Hard Disks" and select "Start Scan".
   
   
5. Thereafter, restart the computer normally.
6. In case the virus clean-up was unsuccessful, we would like to ask you to create the latest info-file with our support collector. Send this file together with the most detailed information possible using our support form.

2. Scanning the system with our Rescue CD

Download our daily updated Avira Rescue CD.

After the cleanup, it can happen that neither the task bar nor the desktop appear after the restart.

In this case, please proceed as follows

1. Press Ctrl + Alt + Delete simultaneously and then choose "Start Task Manager".
2. Under the tab "Applications" click on the button New task... on the lower right bottom, enter "regedit" in the input window (without the quotes) and confirm it by pressing the Enter - key.
   
   
3. In this registry editor you should go to the following path:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
   There, look for the entry "shell", click with the right mouse button on it and then select Modify....
   
   
   
   In the new input dialog Type "explorer.exe" (without the quotes) and confirm it with OK.
4. Restart your PC.

Please run approximately 24 - 48 hours thereafter an update of your AVIRA software and, subsequently, a full system scan. This will repair further possible changes made by the virus in the system and removes the file permanently.

Please do not just simply delete the file; this may cause that further repair routines can’t be performed thereafter.

If the above mentioned measure does not lead to the removal, you can try alternatively to remove the Trojan manually. Therefore take notice of our article manual cleanup of the system.

If the methods for the clean-up are not available or successful, there is still the possibility to perform a system restore in safe mode with command prompt using the following instructions from Microsoft:

System Restore in Windows XP

System Restore in Windows Vista / Windows 7

Note:
The screenshots of the Avira client are also valid for Avira Free Personal, Avira Antivirus Premium and Avira Professional Security.