AFP virus is a ransomware infection, which can also be called as Australian Federal Police virus. If you have heard about Ukash virus family, be aware that this program also hails from this dangerous group. The clearest sign that you are infected with AFP virus is system's lock down and a full-screen alert claiming 'Your computer has been locked down!'. Be aware that AFP virus is designed to swindle users' money because after reporting that you have violated various laws of Australia, it asks to pay a fine of 100 AUD or other amount of money. Before you do that, you should simply remember that such governmental organizations have never been blocking computers with warnings in order to collect their fines. Even more, they have never been asking to purchase a voucher and send the code to them. Please, remove AFP virus without any delay!
HOW CAN I GET INFECTED WITH AFP virus?
AFP virus starts displaying its huge alert as soon as it manages to get inside the system through computer's security barriers. For that, it relies on fake flash updates, video/audio codecs, spam emails and similar downloads that look legitimate. Once AFP threat is downloaded, computer becomes completely blocked and shows only a fake warning message, which illegally uses the name of the local police office and also displays invented online crimes. These crimes include viewing pornography, promoting terrorism, gambling and similar activities. Please keep in mind that you should never fall for such alert:
All activity of this computer has been recorded
If you use a webcam , videos and pictures were saved for identification
Your Computer has been locked!
The work of your computer has been suspended on the grounds of unauthorized cyber activity.Described below are possible violations, you have made:
Article 274 – CopyrightA fine or imprisonment for the term of up to 4 years (The use or sharing of copyrighted files – movies, software)
Article 183 – PornographyA fine or imprisonment for the term of up to 2 years (The use or distribution of pornographic files)
Article 184 – Pornography involving children (under 18 years)imprisonment for the term of up to 15 years (The use or distribution of pornographic files)
Amount of the fine is 100 AUD. Payment must be made within 48 hours after the discovery of the violation, if the fine has not been paid, you will become the subject of criminal prosecution.
After paying the fine your computer will be unblocked
If you see AFP virus alert, you can be sure that cyber criminals seeks to swindle your money. It can be said that this scam is designed for Australia, but there are many other viruses that are created to fool people from other countries. Please, never go and purchase Ukash or PaySafeCard voucher and enter its code to this fake alert. We highly recommend to remove AFP virus as soon as possible.
HOW TO REMOVE AFP VIRUS?
When trying to remove AFP virus, you should unblock your computer first. For that, follow one of these options:
* Flash drive method
1. Take another machine and use it to download reputable anti-malware program. We recommend choosing either Reimage or SpyHunterCombo Cleaner.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with Australian Federal Police Ukash virus once more and run a full system scan.
* Try to change your computer's time to the previous date and then run a full system scan with anti-malware program.
* Users infected with Ukash group of viruses are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.
* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.
* Manual AFP virus removal:
- Reboot you infected PC to 'Safe mode with command prompt' to disable virus (this should be working with all versions of this threat)
- Run Regedit
- Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
- Search the registry for these files you have written down and delete the registry keys referencing the files.
- Reboot and run a full system scan with updated Reimage, SpyHunterCombo Cleaner or Malwarebytes Malwarebytes to remove remaining files.