Information and countermeasures about the BKA-Virus.

A new variant of the BKA/ransomware trojan (BKA stands for German Federal Criminal Police) has found a more convincing way to fool computer users to pay. The new malware attempts to blackmail the owners of infected computers by copying several pornographic pictures of children with their names and birth dates on the user’s computer.

The malware is distributed via drive by downloads as an executable file with temporary names. The cybercriminals are constantly trying new texts in order to look as convincing as possible.

For further information see our Avira TechBlog.

BKA_trojan_2013-01-31



Countermeasures:

First of all, it is recommended to check for the latest virus definitions. The deletion of the virus can be accomplished afterwards in two different ways.


Scan from a non-infested account

Scanning the system with our Rescue CD



Once the cleanup of the system has been successfully performed and the computer has been rebooted, it may happen that after the reboot neither the taskbar nor the desktop will be displayed.

In such a case, please proceed as follows:


  1. Press the Ctrl + Alt + Delete keys simultaneously and select afterwards the option "Start Task Manager"

  2. Go to the tab "Applications" and click on the button New task... on the lower right bottom. Type regedit in the input window and press the Enter key for confirmation

    Windows Task Manager- Applications

  3. Once the registry editor opens, go to the specified path:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
    Look for the entry "Shell", click with the right mouse button on it and select Modify...

    Winlogon - Shell
     
  4. In the new input dialog type explorer.exe and confirm it with OK

  5. Restart your computer

It is recommended to run approximately 24 hours after the malware has been disabled a subsequently antivirus update and a system scan. This will repair further possible changes made by the virus in the system and removes the file permanently.

Note
If the methods for the clean-up are not successful, there is still the possibility to perform a system restore in safe mode with command prompt using the following instructions from Microsoft:

System Restore in Windows XP

System Restore in Windows Vista / Windows 7

Affected products

  • Avira Professional Security [Windows]
  • Avira Free Antivirus [Windows]
  • Avira Antivirus Premium 2013 [Windows]
  • Avira Internet Security [Windows]
  • Avira Professional Security, Version 2012 [Windows]
  • Avira Antivirus Premium, Version 2012 [Windows]
  • Avira Free Antivirus, Version 2012 [Windows]
  • Avira Internet Security, Version 2012 [Windows]
  • Created : Wednesday, August 17, 2011
  • Last updated: Friday, June 7, 2013
  • Rate this article
Was this helpful?