Trojan.Ransomgerpo

Trojan.Ransomgerpo will lock the desktop of the infected computer making it unusable. It will replace the wallpaper with a message that demands payment for the unlock code.

Trojan.Ransomgerpo is a Trojan Horse that will lock compromised computer’s desktop and make it unusable. Trojan.Ransomgerpo will advise victims to purchase the unlock code to be able to restore access to the locked computer. Desktop will be replaced with German messages:

Die offizielle Mitteilung der Bundeskriminalamt
BUNDES POLIZEI
Achtung!
Ein Vorgang illegaler Aktivitaten wurde erkannt.
Das Betriebssystem wurde im Zusammenhang mit Verstossen gegen die Gesetze der Bundesrepublik Deutschland gesperrt! Es wurde folgender Vertoss festegestellt: Ihre IP Adresse lautet “” mit dieser IP wurden Seiten mit pornografischen Inhalten, Kinderpornographie, Sodomie und Gewalt gegen Kinder aufgerufen.
Auf Ihrem Computer wurden ebenfalls Videodateien mit pornografischen Inhalten, Elementen von Gewalt und Kinderpornografie festgestellt!
Es wurden auch Emails in Form von Spam, mit terroristischen Hintergr?nden, verschickt. Diese Sperre des Computers dient dazu, Ihre illegalen Aktivitaten zu unterbinden.

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Windows Vista

Characteristics
Upon execution, Trojan.Ransomgerpo will configure itself to run every time Windows starts. It will add several registry entries to accomplish this task. See Added Registry Entries section. The Trojan also manipulates the behavior of the infected computer when running an application or opening certain files.

Trojan.Ransomgerpo will connect to a remote server to download more harmful files in order to perform additional tasks:

  • Ends running processes of task manager and windows explorer
  • Disable anti-virus programs on the infected computer
  • Prevent access to legitimate security web sites

Lastly, Trojan.Ransomgerpo will lock the desktop and force user to pay for the unlock code using Ukash online transaction. The message is written in German language. See pictures below.

Image of Trojan.Ransomgerpo or BundesPolizei Virus

Distribution
Normally, this type of threat can be acquired by visiting web sites created to specifically spread the Trojan. Security weak file-sharing networks also contribute to the propagation of Trojan.Ransomgerpo. It will disguise as useful free programs or updates to popular software.

[cf]regis[/cf]

How to Remove Trojan.Ransomgerpo

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus program and update the virus definitions.
3. Restart Windows in Safe Mode.
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. Please refer to 'Added Registry Entries.'[how to edit registry]

Scan with Norton Power Eraser:

Free tool from Symantec called Norton Power Eraser provides deep scanning technology to detect and remote threats like Trojan.Ransomgerpo. NPE targets and eliminate threats that regular virus scan fails to identify. Download NPE here.

Important! Because of Norton Power Eraser’s aggressive method, it can select even legitimate files as suspicious. Please use this tool very carefully.

Alternative Removal Method for Trojan.Ransomgerpo

Option 1 : Use Windows System Restore to return Windows to previous state

If Trojan.Ransomgerpo enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Trojan.Ransomgerpo infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.

Option 2 : Trojan.Ransomgerpo manual uninstall guide

IMPORTANT! Manual removal of Trojan.Ransomgerpo requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to Trojan.Ransomgerpo.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Trojan.Ransomgerpo files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by Trojan.Ransomgerpo.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Technical Reference

Added Registry Entries: