Home Guides Remove BKA Trojan Bundespolizei virus from Windows and Android

Remove BKA Trojan Bundespolizei virus from Windows and Android

6 min read
This entry dissects the notorious BKA Trojan, or Bundespolizei ransomware, targeting German users and provides techniques to remove it from an infected device.
  1. What is the BKA Trojan?
  2. BKA Trojan ransomware removal in Windows
  3. Get rid of the browser variant of BKA Trojan
  4. BKA Trojan (Bundespolizei virus) removal for Android
  5. Ransomware Prevention Tips

What is the BKA Trojan?

The acronym “BKA” stands for “Bundeskriminalamt”, which is the name of the German Federal Criminal Police Office. What does the “Trojan” part have to do with the law enforcement agency? The fans of conspiracy theories may get the impression that it’s about super-secret governmental surveillance rumored to be underway in Germany via sophisticated, elusive code. In fact, no, it’s a completely different story. BKA Trojan is a piece of malware that passes itself off as an instrument allegedly used by the police to punish cyber offenders. It comes in different forms that may infect Windows PCs and Android devices alike. There is also a variant whose deleterious effect is isolated to the victim’s default web browser. Regardless of the spinoff, the culprit tries to lock the user out of their desktop or browser and displays a rogue warning screen. This has been the case since 2013, so this plague is one of the longest-running and most durable infections to date.

BKA Trojan displays a fake lock screen with framed-up accusations
BKA Trojan displays a fake lock screen with framed-up accusations

The lock screen also mentions Bundespolizei, the general name of the country’s Federal Police. There are logos of different agencies and departments all over the place that try to give the victim a false sense of trust for the messages on the alert. The main idea is to deceive the user into thinking that they are being officially accused of storing prohibited materials on the computer or mobile gadget. Specifically, the claims are about child pornography and other dirty adult content that’s a felony to keep and distribute. The scare element of the hoax also involves abstracts from several provisions of the German criminal code (Artikel 161/148/202/210) with indications of the associated penalties that range from 3 to 11 years in jail and huge fines. For yet more persuasiveness, the alert contains a section displaying the victim’s IP address, region, and city of residence. This one is backed by a script that easily fetches those details once the malware gets inside.

Browser lock variant of the BKA Bundespolizei ransom Trojan
Browser lock variant of the BKA Bundespolizei ransom Trojan

That being said, the main component of the lock screen shown by BKA Trojan is dedicated to the extortion proper. While asserting that the user may face harsh prosecution for their embarrassing misdemeanor, the phony notification says there is a way to avoid the worst-case scenario. The prerequisite of this “settlement” boils down to paying a fee of 100 EUR. This amount can be submitted via Paysafecard, a service relying on prepaid cards that can be purchased in various retail stores and shopping malls. Some iterations of the BKA Bundespolizei ransom Trojan additionally accept Bitcoin cryptocurrency. Either way, the crooks’ privacy is on the safe side.

Android version of BKA Trojan in action
Android version of BKA Trojan in action

It’s worth pointing out that there are several editions of the BKA Trojan in the wild. The prevalent one targets Windows machines and prevents the victims from even viewing their desktop along with all the installed applications. The other one zeroes in on Android devices and acts in a similar fashion, keeping the user from getting to their home screen. The activity of the least harmful version is restricted to disrupting the web surfing facet of computer usage – it hijacks one’s browser and displays the bogus lock screen, whilst the rest of the operating system remains fully functional. Another smart move of the attackers that has been reported in newer builds of the virus is about actually downloading some X-rated content onto the host so that the allegations appear truer-to-life. The contamination vectors employed by the operators of this hoax may include tricky software bundles, booby-trapped application updates, and exploit kits that use the vulnerabilities in outdated programs as the entry point.

The good news about this ongoing nefarious wave is that, unlike crypto ransomware, the BKA Trojan doesn’t affect any data and so it doesn’t hold anything valuable for ransom. It means that removal of the malware is enough to sort things out. Speaking of which, the following instructions will help eradicate the Bundeskriminalamt (Bundespolizei) Trojan locker, no matter which variant of it has been encountered.

BKA Trojan ransomware removal in Windows

BKA Trojan locks victims out of their regular operating system interface and may prevent them from using popular antimalware tools in order to stay on board for as long as possible. Under the circumstances, it may be necessary to utilize the Safe Mode with Networking.

1. Remove BKA Trojan using Safe Mode with Networking

1. Remove BKA Trojan using Safe Mode with Networking

Boot into Safe Mode with Networking. The method to do it depends on the version of the infected operating system. Follow the instructions below for your OS build.

  • Click on the Search icon next to the Start menu button. Type msconfig in the search field and select the System Configuration option in the results. Go to the Boot tab in the upper part of the GUI.Boot options on Windows 8, 8.1 and 10
  • Under Boot options, select Safe boot and click the Apply button. A prompt will appear to reboot the computer so that the changes take effect. Select the Restart option and wait for the system to load into Safe Mode. Again, log on with the ransomware-stricken user account.
  • Restart the machine. When the system begins loading back up, keep pressing the F8 key with short intervals. The Windows Advanced Options Menu (Advanced Boot Options) screen will appear.Boot into Safe Mode with Networking on Windows Vista and 7
  • Use arrow keys to select Safe Mode with Networking and hit Enter. Log on with the user account infected by the ransomware.

In Safe Mode, the ransom Trojan won’t keep security software from running or otherwise thwart troubleshooting. Open your preferred web browser, download and install an antimalware tool and start a full system scan. Have all the detected ransomware components removed in a hassle-free way.

Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following:

• Download and install the antimalware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button

Download BKA Trojan virus remover

• Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.

2. Get rid of BKA Trojan using System Restore

2. Get rid of BKA Trojan using System Restore

System Restore enables Windows users to roll back all changes made to the OS since the latest restore point creation time. This feature can help eliminate the most persistent ransomware. Before going this route, though, make sure System Restore had been enabled prior to the breach, otherwise the method will be inefficient.

  • Open Windows Advanced Options Menu as described in the previous section: hit F8 repeatedly when the PC is starting up. Use arrow keys to highlight the Safe Mode with Command Prompt entry. Hit Enter.Safe Mode with Command Prompt
  • In the Command Prompt window, type cd restore and hit Entercd restore command
  • Type rstrui.exe in the new command line and press EnterType rstrui.exe command
  • When the System Restore screen pops up, click Next, select a restore point that predates the contamination, and use the application’s controls to roll back the system to this earlier state.System Restore window

If performed correctly, this technique is an effective countermeasure for screen lockers like the Bundeskriminalamt (BKA), or Bundespolizei, Trojan. Depending on the specific version of the infection, though, it may be necessary to focus on other repair vectors covered below.

Get rid of the browser variant of BKA Trojan

In the circumstances of a complex browser hijack like this, executing a reset makes the most sense despite a few obvious downsides. Customizations such as saved passwords, bookmarked pages etc. will be gone, but so will all the changes made by the potentially unwanted program. The instructions below address the workflow for the web browsers most targeted by the BKA ransom Trojan.

Reset Google Chrome

• Open Chrome, expand the Customize and control Google Chrome menu and choose Settings
Go to Settings in Chrome
• Scroll down the settings screen and click Advanced down at the bottom
Advanced settings in Chrome
• Move on to the Reset and clean up sub-section and select the option that says Restore settings to their original defaults
Restore Chrome settings to their original default
• Finally, confirm the restoration by clicking Reset settings on the warning message
Reset Chrome settings
• Restart Chrome.

Reset Mozilla Firefox

• Open Firefox, type about:support in the URL area and press Enter. Alternatively, you can click on the Open menu icon in the top right-hand part of the browser window, then select the Help option and proceed to Troubleshooting Information
Access Troubleshooting Information page in Firefox
• On the Troubleshooting Information screen, spot the Refresh Firefox button and click on it
Refresh Firefox button
• Follow subsequent directions to reset Firefox to its original settings
Complete refreshing Firefox
• Restart the browser.

Reset Internet Explorer

• Select Internet options under IE’s Tools (Alt+X)
Open up Internet options in Internet Explorer
• Proceed by clicking on Advanced tab, then select Reset
Locate and click the Reset button in IE
• To confirm the intended changes, click Reset on the Reset Internet Explorer Settings screen after ascertaining that the Delete personal settings checkbox is enabled
IE reset confirmation
• Reboot the machine to fully implement the fix.

Reset Safari

• Go to the Safari menu and select Preferences
Go to Safari Preferences
• When on the Preferences screen, select the Privacy tab and hit the Remove All Website Data button if you are up to erasing all website data stored on your Mac. Otherwise, you can use a site-specific removal option described below
Remove All Website Data button
• A dialog will appear, asking you to validate your choice. Click the Remove Now button if you are sure. Be advised this will log you out of online services and undo personalized web browser settings such as saved passwords, etc.
Confirm website data removal
• Safari also allows deleting data for specific sites rather than all sites in general. To use this option, click the Details button under Privacy tab
Details button under Privacy tab
• Select the websites for which you would like to erase data and click the Remove button
Removing data for selected sites in Safari
• Click the Done button to confirm and exit. You can also select the Remove All option to remove all data stored by the listed websites.

BKA Trojan (Bundespolizei virus) removal for Android

Here’s a walkthrough to sort out the BKA Trojan issue on an Android device, which might also be a target in this blackmail campaign. Keep in mind, though, that uninstall attempts in regular mode may be futile due to the mechanics of this persistent infection. Therefore, you need to perform the procedure in safe mode. Go ahead and do the following:

• Press and hold the Power button. Then, tap and hold the Power off option on the screen. Doing so will boot your device into safe mode
Android power off
• Android will ask you to confirm that you’d like to enter safe mode. Tap OK on the dialog
Safe mode reboot confirmation
• You will now see the Safe mode inscription at the bottom left of your screen. Go to Settings and choose Apps
Go to Settings - Apps
• Scroll down the list of applications, focusing on the ones that were installed recently. Find a sketchy entry that could be the culprit
Spot the unwanted app
• Select the misbehaving app and tap Uninstall
Uninstall the PUA
• Confirm removal on the relevant dialog box and reboot your device. By default, Android will get you back into regular mode. You should now be good to go – the BKA Trojan virus won’t be generating any lock screens anymore.

Ransomware Prevention Tips

To avoid the BKA Trojan and other ransomware infections in the future, follow several simple recommendations:

  • Toggle your email provider’s anti-spam settings to filter out all the potentially harmful incoming messages. Raising the bar beyond the default protection is an important countermeasure for ransom Trojans

  • Define specific file extension restrictions in your email system. Make sure that attachments with the following extensions are blacklisted: .js, .vbs, .docm, .hta, .exe, .cmd, .scr, and .bat. Also, treat ZIP archives in received messages with extreme caution

  • Rename the vssadmin.exe process so that ransomware is unable to obliterate all Shadow Volume Copies of your files in one shot

  • Keep your Firewall active at all times. It can prevent crypto ransomware from communicating with its C&C server. This way, the threat won’t be able to obtain cryptographic keys and lock your files

  • Back up your files regularly, at least the most important ones. This recommendation is self-explanatory. A ransomware attack isn’t an issue as long as you keep unaffected copies of your data in a safe place

  • Use an effective antimalware suite. There are security tools that identify ransomware-specific behavior and block the infection before it can do any harm.
These techniques are certainly not a cure-all, but they will add an extra layer of ransomware protection to your security setup.

Revise your security status

Post-factum assessment of the accuracy component in malware removal scenarios is a great habit that prevents the comeback of harmful code or replication of its unattended fractions. Make sure you are good to go by running an additional safety checkup.

Download Bundespolizei ransomware removal tool

Rate article

5/5 (2)

Leave a Reply

Your email address will not be published. Required fields are marked *