AFP – Australian Federal Police Trojan

Threat Summary

Threat Name:Australian Federal Police (AFP)
Type:RansomLock
Brief Description:This type of malware locks the computer or desktop making it unusable.
Detected as:Trojan.Ransomlock.T

Description

AFP – Australian Federal Police that blocks the PC upon infection is a Trojan or mostly known as Windows Locker malware. It usually enters the computer via Trojan that is expert in cultivating known software and security faults in order to get inside the system. AFP – Australian Federal Police Trojan strikes the registry first and modifies various settings that cause blocking of your access to your own computer.

During the presence of AFP – Australian Federal Police, computer will suffer from an inaccessible desktop that displays a full-page warning message. It looks like a legitimate alert due to the illegal use of agencies’ logo and title. However, it clearly uses a technique, which is very similar to other ransom malware. That emphasizes the true purpose of invasion. In order to unblock your access to the computer, AFP – Australian Federal Police ask you to pay a fine of AUD 100 via UKASH. It declares that you have made copyright violations such as unlawful use and distribution of video, music, and software.

For you to be able to remove AFP – Australian Federal Police Trojan, running a specialized Windows Unlocker program is the best solution. It allows you to run a scan without loading a malicious script, thus, it prevents the blocking of the PC.

What are symptoms of AFP – Australian Federal Police Trojan Infection?

AFP – Australian Federal Police Virus locks the desktop and prevents your access. It will display a full-page warning message as shown in the image below.

Fake Australian Federal Police

On December 2012, new version of fake AFP (Australian Federal Police) was spotted. Its main target at this point is computer users from western region. Please refer to the image below for the new design.

Australian Federal Police Trojan

Procedures to Remove Australian Federal Police (AFP)

Removal steps on this page will help you get rid of the threat effectively using tools and virus scanners. Please make sure that you will carry out the guide in exact order.

Create a USB Bootable Device

Ransom Trojans and viruses will lock the screen and makes the computer unusable. Common ways to deal with this type of infection is to boot the PC using another device. For this tutorial we will do a bootable disk that contains Australian Federal Police (AFP) remover.

1. Download Kaspersky Rescue Disk from their official server. Click the button below. The file will be in .ISO format.

2. Download this utility called rescue2usb to record your .ISO file into the USB drive. Obviously you need a USB thumb drive at least 512MB in capacity. Plug it to the computer.

3. Once you have the two programs, double-click on the rescue2usb.exe to start creating a bootable USB drive.
4. You will see on the screen in the program called Kasperksy USB Rescue Disk Maker. Click on Browse and locate the .ISO file.
5. Under USB Medium, select the proper drive of your USB device.
6. Click on START. It will now begin to create a bootable USB drive with Kaspersky Rescue Disk in it.

Start the Computer with Kaspersky Rescue Disk.

1. You must set the computer to use other bootable device aside from hard drive. For this procedure, enable your BIOS to boot to USB device. If you are not familiar with this, please refer to your computer's instruction manual.

2. Another option is to access the Boot Menu right after you turn one the PC. It will present a Menu so that you can select a preferred boot drive. Select Removable Devices.

Boot Menu

3. Your computer will now start and load Kaspersky Rescue Disk.
4. If you see a message on the screen, please Press any key to enter the menu. You only have 10 seconds to do this, otherwise it will boot with the hard drive.

5. Next screen will be the interface language. Please select desired language to use.
6. You must run the program in Graphic Mode. This gives you easy access to all commands and menus.
7. End User License Agreement will appear. Please accept to continue using the program. Press 1 to proceed.

Using WindowsUnlocker to Remove Australian Federal Police (AFP)

1.Click on the K button at the lower left corner of the screen.

2. Select Terminal on the list. It will open a command prompt.
3. Type windowsunlocker and press Enter on your keyboard.

4. On WindowsUnlocker menu, please type 1 to Unlock Windows. This utility will clean the registry for malicious entries.

5. After the cleanup process, it will display the menu once more.
6. Press 0 on your keyboard to exit WindowsUnlocker.

Run a Virus Scan

1. After removing Australian Federal Police (AFP), you need to delete all remaining components.
2. Click on the K to display the menu.

3. Select Kaspersky Rescue Disk. This will open the virus scanning tool.
4. You need to update the program first. Select My Update Center tab and click on Start update. This requires an Internet connection.

5. After updating the program, select Object Scan tab and click on Start Object Scan. You must scan the following:

  • Disk boot sectors
  • Hidden startup objects
  • All drives

6. Scanning the entire hard drive may take some time. Please let the scan to finish.
7. Once the scan process is complete, the tool will prompt you for preferred actions on detected threats. Deleting all threats is recommended.
8. You can now turn off the computer, unplug the USB drive, and start Windows in normal mode.

6 thoughts on “AFP – Australian Federal Police Trojan

  1. Tim says:

    Great guide, I tried this but when I accessed my BIOS and tried to boot from there it just reads ‘boot error’ I wiped the USB and downloaded Kasper again but still the same thing, any ideas?

  2. Phil says:

    Didn’t work. Brand new USB drive. 3 goes at downloading and installing and it didn’t even make the boot usb. Missing files or ISO coruupt message every time.

  3. Addrian says:

    Hi there, you have a great guide however I only get as far as clicking graphic mode after that I get an error and something called dracult comes up, what can I do about this I really need my computer repaired.

    Kind regards, Addrian

  4. Red-Devil says:

    Hi all.

    Being dealing with this virus some time as is it my job. The easy way to fix this is to download Avira AntiVir Rescue System cd, choose the iso file. When download is finish just double-click it and burn it with windows image burner.

    Restart you computer booting up with cd, usually press F8 to get the boot menu, if that does not work, press your bios button. (Different buttons on different computer. “Delete, esc, F1, F2, F9 F10, F11 and F12”) The F buttons is usually for laptops but F8 is boot up menu for a Desktop pc and Delete to enter bios. When in bios, go to boot and change boot order to cd/dvd as first priority.

    When avira start press 1 and enter, then when it is loaded up press scan system at the left down corner. It takes maybe 1-2 hours to complete the scan. When finish restart pc and it will work, but you will get one error because the virus can’t start, do this.

    Click start, all programs and delete the file in startup folder who has the same name as the popup error when you start your computer.

    Now you have your computer back so happy surfing.

    Best wish.
    Red-Devil

  5. Russ says:

    I made up a boot cd offline defender by Microsoft and used that , it cleaned my computer, you can also make it on a USB key at bootup. Works very well.
    Cheers Russ

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>