VilmaTech.com > VilmaTech Blog > Remove ACMA Virus – Australian Communications and Media Authority Android Virus

Remove ACMA Virus – Australian Communications and Media Authority Android Virus

Is ACMA Lock down Message Real?

ACMA is a statutory authority within the Australian Government, taking responsibility of regulating broadcasting, Internet, radio communications and telecommunications. However, such authority will not suddenly display a seal-screen message by intruding into a system and claim for ransom.

acma

What makes the fact that ACMC lock down message is a Android virus clear is that there are several Articles that victims are told to breach listed down on the message without a certain and specific reason for the violation of which Article. Besides, ACMC Android lock down message concludes to a ransom of AUD $100 after listing unbelievable amount of fines following each listed Articles without the reason why it cuts down so much, which sounds like a bargain, making victims willing to submit the fine. Obviously, ACMC lock down message is a Android virus. Therefore, victims, especially enterprises, should not submit the stipulated amount of money; otherwise, you are helping them to keep practicing fraud and you may very well to be blackmailed again. It is advisable to report such fraud to ACMA by emailing [email protected] to make them know and take correspondent actions.

About ACMA Virus

ACMA virus, belongs to Ukash virus, mainly targets PC as well as Android users in Australia. People who submitted the stipulated amount of money by Ukash goes without hope of getting money back when realizing that it is a fraud as Ukash is a repaid card, exchanging commodities, either tangible goods or intangible goods, with voucher, which indicating that there’s no charge-back or repudiation.

By virtue of Trojan, ACMA Android virus manages to smell vulnerability and make full use of it or create chances by affecting emails or sending spam links through instant messages in order to land on a compromised computer. Such vulnerability can exist on installed programs, web applications and Windows. As soon as ACMA Android virus registers, a lot of payloads will start to be learned:

  • to ensure that the fraudulent message will pops up and takes up the whole screen as soon as Windows logo disappears, ACMA Android virus adds its auto startup value to they key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run CryptoLocker = “%Application Data%\.
  • to perfectly hide itself up and to escape deletion by powerful anti-virus program installed into a target machine, ACMA Android virus makes image of your system to make anti-virus programs point to forged directory instead of the source one, which is the reason why deletion of detected Trojan by trustworthy security utilities.
  • to threaten victims to submit AUD $100, ACMA Android virus will further search for files used by users usually among the entire system catalogs and mapping drivers and remove them after it compresses them to encrypted zip files into hidden folder, convincing users that important documents are gone and making them to quickly hand over money in exchange for documents even though they know ACMA sealed screen message is a virus.
  • to prevent victims from using build-in services that can be easily assessed from desktop, ACMA Android virus would create Mutex so that no other programs will be able to run.

In such case, manual way is recommended to help remove ACMA virus. Bear in mind that strict compliance to the steps below is always required.

live chat

User Guide to Remove ACMA Virus

Steps applicable to situation where ‘Safe Mode with Networking’ is available.

One: Boot into Safe Mode with Networking.

> for Windows 8

  • Stay at the sealed screen by ACMA virus.
  • Press Alt,Ctrl and delete key together to get into a blue screen.

ctrl+alt+del

  • Please hold shift key and click on power buttonpower button at the right bottom together.
  • Select Restart.
  • Choose Troubleshoot with arrow keys.
  • Highly Advanced options and hit Enter key.
  • Hit Restart button.
  • Please hit F5 to get into safe mode with networking.

> for Windows 7/XP/Vista

  • As the computer is booting but before Windows launches, keep tapping on “F8 key” continuously.

f8

  • Highlight “Safe Mode with Networking” option on “Windows Advanced Options Menu” screen.
  • Press Enter key.

Two: Disable startup items to stop ACMA virus from automatically popping up.

> Windows 8

  • Type ‘Task’ in Charms bar.
  • Hit Enter key.
  • Find and tick items next to ACMA virus.
  • Press ‘Disable’ option.

win8 startup

> for Windows 7/XP/Vista

  • Start menu to select Search/ Run box.
  • Type ‘msconfig’ and hit Enter key.
  • Find and tick items next to ACMA virus.
  • Press ‘Disable All’ optionto confirm.

Three: Re-manage database (registry editor)

> for Windows 8

  • Move your mouse over lower right screen and type ‘regedit’ onto Search charm.
  • Hit Enter key.
  • Press and hold Ctrl+F to search for Winlogon.

ctrl+F

  • Locate key labeled Shell in the right pane.
  • Right click on it and replace it with ‘explorer.exe’.

> for Windows 7/XP/Vista

  • Put ‘regedit’ in Run box from start menu.
  • Press Enter key.
  • Press and hold Ctrl+F together to search for Winlogon.
  • Locate key labeled Shell in the right pane.
  • Right click on it and replace it with ‘explorer.exe’.

change to explorer

Four: Show hidden files to remove ACMA virus in C Disk.

> for Windows 8

  • Open Windows Explorer by clicking on Windows Explorer application from Start Screen.
  • Select View tab on Windows Explorer window.
  • Tick ‘File name extensions’ and ‘Hidden items’ options.
  • Navigate to Roaming folder and Temp folder respectively in C Disk to remove files with abnormal name, such as serial numbers with random letters.

win8 hidden file

> for Windows 7/XP/Vista

  • Open ‘Control Panel’ from Start menu and search for ‘Folder Options’.
  • Under View tab to tick ‘Show hidden files and folders and non-tick Hide protected operating system files (Recommended)’ and then click ‘OK’.
  • Navigate to Roaming folder and Temp folder respectively in C Disk to remove files with abnormal name, such as serial numbers with random letters.

Five: Remove all Temp folders and files under System 32 in C Disk.

  • Navigate into C Disk to find System 32 folder.
  • Right click on System 32 folder.
  • When a drop down list shows, press Shift and D key together.
  • A box comes up for confirmation.
  • Press Enter key.

Six: Restart computer make sure that ACMA virus is gone.

live chat

Steps applicable to situation where ‘Safe Mode with Networking’ is disabled but ‘Safe Mode with Command Prompt’ is available.

One: Boot into Safe Mode with Command Prompt.

> for Windows 8

  • Press Alt,Ctrl and delete key together to get a blue screen.
  • Hold shift key and click on power button together.
  • Select Troubleshoot with arrow keys.

arrow key

  • Select Advanced options.
  • Hit Restart button at the right bottom of the screen.
  • Please hit F6 to get into safe mode with command prompt.

> for Windows 7/XP/Vista

  • As the computer is booting but before Windows launches, keep tapping “F8 key” continuously.
  • Highlight “Safe Mode with Command Prompt” option.
  • Press Enter key.

safe mode with command prompt

Two: Create a new user account from cmd.

Three: Remove ACMA virus in the new user account.

  • Restart the computer normally.
  • Select the new user account when you are asked which is the intended account you wish you enter.
  • Follow step Two to step Five offered above in ‘Safe Mode with Networking’ section.

 

Notes:

Since ACMA Android virus is supported by Trojan which is a virus specializing in opening up backdoor that would give rise to additional virus attacks. That’s why some victims encounter mess including search results being redirected, ads popping up ceaselessly and sluggish computer performance.  The longer one spends to remove ACMA Android virus, the more residual damages will occur. Also be aware of the fact that with other types of virus alive on the computer, it is much likely to be affected by ACMA Android malware again. Therefore, manual method is highly recommended. Special reminder granted to victims who are still capable of using another user account that ACMA Android  threat is able to affect all functionality on the same machine generally should there be no solution to it as it is Trojan supportive. With the help of Rootkit technique, ACMA Android virus is capable of spreading its vicious codes to other clean places yet. To sum up, a thorough removal of ACMA Android infection is the key to keep computer healthy.

live chat

Comments are closed.

Subscribe to our RSS feed

Latest Posts

Categories

Archives