Remove acma virus – australian communications and media authority virus blocks computer

Page 1

Is ACMA Lock down Message Real? ACMC is a statutory authority within the Australian Government, taking responsibility of regulating broadcasting, Internet, radio communications and telecommunications. However, such authority will not suddenly display a seal-screen message by intruding into a system and claim for ransom.

What makes the fact that ACMC lock down message is a virus clear is that there are several Articles that victims are told to breach listed down on the message without a certain and specific reason for the violation of which Article. Besides, ACMC lock down message concludes to a ransom of AUD $100 after listing unbelievable amount of fines following each listed Articles without the reason why it cuts down so much, which sounds like a bargain, making victims willing to submit the fine. Obviously, ACMC lock down message is a virus. Therefore, victims, especially enterprises, should not submit the stipulated amount of money; otherwise, you are helping them to keep practicing fraud and you may very well to be blackmailed again. It is advisable to report such fraud to ACMA by emailing online@acma.gov.au to make them know and take correspondent actions.

About ACMA Virus


ACMA virus, belongs to Ukash virus, mainly targets PC users in Australia. People who submitted the stipulated amount of money by Ukash goes without hope of getting money back when realizing that it is a fraud as Ukash is a repaid card, exchanging commodities, either tangible goods or intangible goods, with voucher, which indicating that there’s no charge-back or repudiation. By virtue of Trojan, ACMA virus manages to smell vulnerability and make full use of it or create chances by affecting emails or sending spam links through instant messages in order to land on a compromised computer. Such vulnerability can exist on installed programs, web applications and Windows. As soon as ACMA virus registers, a lot of payloads will start to be learned: ◆ to ensure that the fraudulent message will pops up and takes up the whole screen as soon as Windows logo disappears, ACMA virus adds its auto startup value to they key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run CryptoLocker = “%Application Data%\. ◆ to perfectly hide itself up and to escape deletion by powerful anti-virus program installed into a target machine, ACMA virus makes image of your system to make anti-virus programs point to forged directory instead of the source one, which is the reason why deletion of detected Trojan by trustworthy security utilities. ◆ to threaten victims to submit AUD $100, ACMA virus will further search for files used by users usually among the entire system catalogs and mapping drivers and remove them after it compresses them to encrypted zip files into hidden folder, convincing users that important documents are gone and making them to quickly hand over money in exchange for documents even though they know ACMA sealed screen message is a virus. ◆ to prevent victims from using build-in services that can be easily assessed from desktop, ACMA virus would create Mutex so that no other programs will be able to run. In such case, manual way is recommended to help remove ACMA virus. Bear in mind that strict compliance to the steps below is always


required.

User Guide to Remove ACMA Virus Steps applicable to situation where ‘Safe Mode with Networking’ is available. One: Boot into Safe Mode with Networking. > for Windows 8 • •

Stay at the sealed screen by ACMA virus. Press Alt,Ctrl and delete key together to get into a blue screen.

Please hold shift key and click on power button

• • • • •

right bottom together. Select Restart. Choose Troubleshoot with arrow keys. Highly Advanced options and hit Enter key. Hit Restart button. Please hit F5 to get into safe mode with networking.

> for Windows 7/XP/Vista

at the


As the computer is booting but before Windows launches, keep tapping on “F8 key” continuously.

Highlight “Safe Mode with Networking” option on “Windows Advanced Options Menu” screen. Press Enter key.

Two: Disable startup items to stop ACMA virus from automatically popping up. > Windows 8 • • • •

Type ‘Task’ in Charms bar. Hit Enter key. Find and tick items next to ACMA virus. Press ‘Disable’ option.

> for Windows 7/XP/Vista


• • • •

Start menu to select Search/ Run box. Type ‘msconfig’ and hit Enter key. Find and tick items next to ACMA virus. Press ‘Disable All’ optionto confirm.

Three: Re-manage database (registry editor) > for Windows 8 • • •

• •

Move your mouse over lower right screen and type ‘regedit’ onto Search charm. Hit Enter key. Press and hold Ctrl+F to search for Winlogon.

Locate key labeled Shell in the right pane. Right click on it and replace it with ‘explorer.exe’.

> for Windows 7/XP/Vista • • • • •

Put ‘regedit’ in Run box from start menu. Press Enter key. Press and hold Ctrl+F together to search for Winlogon. Locate key labeled Shell in the right pane. Right click on it and replace it with ‘explorer.exe’.


Four: Show hidden files to remove ACMA virus in C Disk. > for Windows 8 • • • •

Open Windows Explorer by clicking on Windows Explorer application from Start Screen. Select View tab on Windows Explorer window. Tick ‘File name extensions’ and ‘Hidden items’ options. Navigate to Roaming folder and Temp folder respectively in C Disk to remove files with abnormal name, such as serial numbers with random letters.

> for Windows 7/XP/Vista • •

Open ‘Control Panel’ from Start menu and search for ‘Folder Options’. Under View tab to tick ‘Show hidden files and folders and nontick Hide protected operating system files (Recommended)’ and then click ‘OK’.


Navigate to Roaming folder and Temp folder respectively in C Disk to remove files with abnormal name, such as serial numbers with random letters.

Five: Remove all Temp folders and files under System 32 in C Disk. • • • • •

Navigate into C Disk to find System 32 folder. Right click on System 32 folder. When a drop down list shows, press Shift and D key together. A box comes up for confirmation. Press Enter key.

Six: Restart computer make sure that ACMA virus is gone.

Steps applicable to situation where ‘Safe Mode with Networking’ is disabled but ‘Safe Mode with Command Prompt’ is available. One: Boot into Safe Mode with Command Prompt. > for Windows 8 • • •

• • •

Press Alt,Ctrl and delete key together to get a blue screen. Hold shift key and click on power button together. Select Troubleshoot with arrow keys.

Select Advanced options. Hit Restart button at the right bottom of the screen. Please hit F6 to get into safe mode with command prompt.

> for Windows 7/XP/Vista


• • •

As the computer is booting but before Windows launches, keep tapping “F8 key” continuously. Highlight “Safe Mode with Command Prompt” option. Press Enter key.

Two: Create a new user account from cmd. • • •

Type ‘explore’ where a slash is flashing behind ‘System32′. Hit Enter key to see if you are able to see the desktop. Created a new user account with administrator right.

Three: Remove ACMA virus in the new user account. • • •

Restart the computer normally. Select the new user account when you are asked which is the intended account you wish you enter. Follow step Two to step Five offered above in ‘Safe Mode with Networking’ section.

Notes: Since ACMA virus is supported by Trojan which is a virus specializing in opening up backdoor that would give rise to additional virus attacks. That’s why some victims encounter mess including search results being redirected, ads popping up ceaselessly and sluggish computer performance. The longer one spends to remove ACMA virus,


the more residual damages will occur. Also be aware of the fact that with other types of virus alive on the computer, it is much likely to be affected by ACMA virus again. Therefore, manual method is highly recommended. Special reminder granted to victims who are still capable of using another user account that ACMA virus is able to affect all functionality on the same machine generally should there be no solution to it as it is Trojan supportive. With the help of Rootkit technique, ACMA virus is capable of spreading its vicious codes to other clean places yet. To sum up, a thorough removal of ACMA virus is the key to keep computer healthy.


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.