Home Malware Programs Fake Warning Messages 'Die offizielle Mitteilung des Bundeskriminalamtes' Fake Message

'Die offizielle Mitteilung des Bundeskriminalamtes' Fake Message

Posted: May 25, 2011

'Die offizielle Mitteilung des Bundeskriminalamtes' is a message that Trojan ransomware use to lock down your computer with the excuse of monitoring child pornography-related activities. The 'Die offizielle Mitteilung des Bundeskriminalamtes' Trojan will request a fine of 100 Euros and threaten to delete all files on your PC if the fine isn't paid. However, 'Die offizielle Mitteilung des Bundeskriminalamtes' isn't a real message from any legal authority, German or otherwise, and the 'Die offizielle Mitteilung des Bundeskriminalamtes' Trojan neither monitors your online activities nor deletes your files if you refuse to pay the fine. You can unlock your PC and get rid of 'Die offizielle Mitteilung des Bundeskriminalamtes' infections by using standard anti-malware techniques like Safe Mode and anti-malware scanners.

A Not So Official Report from a Not So Legal Source

'Die offizielle Mitteilung des Bundeskriminalamtes' is part of an error screen that tries to convince you that your PC is being locked down for illegal child pornography-related activities. This alert claims to come from the BKA, which is more properly referred to as the 'Bundeskriminalamt' and is translated in English as the Federal Criminal Police Office (of Germany). In reality, the alert is a fake message that criminals use to incite panic in victims of 'Die offizielle Mitteilung des Bundeskriminalamtes' attacks.

'Die offizielle Mitteilung des Bundeskriminalamtes' screen uses an official seal, notes some basic statistics like your browser version and OS, and generally tries to look like a real and serious message. However, 'Die offizielle Mitteilung des Bundeskriminalamtes' can't detect illegal files or delete files as 'Die offizielle Mitteilung des Bundeskriminalamtes' claims to be able to do; the only purpose 'Die offizielle Mitteilung des Bundeskriminalamtes' has on your PC is to frighten you into paying a fake fine.

Like other types of ransomware, the 100 Euro ransom that the 'Die offizielle Mitteilung des Bundeskriminalamtes' message requests is transferred via UKash, an online cash payment service. There's no reason to pay this high fee, however, since you can easily remove 'Die offizielle Mitteilung des Bundeskriminalamtes' and access your computer normally by using the solutions detailed below.

Kicking Out the Fake German Police

'Die offizielle Mitteilung des Bundeskriminalamtes' will prevent you from accessing most functions of your PC, including your Windows Task Manager. 'Die offizielle Mitteilung des Bundeskriminalamtes' will also launch by default whenever you start up your computer in a normal fashion. However, there are several ways you can disable a 'Die offizielle Mitteilung des Bundeskriminalamtes' Trojan and get on with your life:

  • Using Safe Mode, which can be accessed on any Windows PC. Simply hit F8 before Windows starts to load and you'll be able to access the relevant menu. Safe Mode with Networking will even allow you to have basic Internet access, while standard Safe Mode has your Internet connectivity disabled.
  • Rebooting to a different and pre-installed operating system.
  • Booting your OS from a CD or other external source. Many backup, minimalist operating systems can easily be booted from small storage devices for emergencies like 'Die offizielle Mitteilung des Bundeskriminalamtes' attacks.

Although the above options let you use your computer normally again, you should still be ready to remove 'Die offizielle Mitteilung des Bundeskriminalamtes' from your PC. As long as you have access to good anti-malware application and remember to update your software for the latest threats 'Die offizielle Mitteilung des Bundeskriminalamtes' should be deleted with no real further trouble.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 [SET OF RANDOM CHARACTERS].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"CleanShutdown" = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[SET OF RANDOM CHARACTERS].exe"
Loading...