English articles Technology

Buma Stemra virus

securityBuma Stemra Politie Virus is a ransomware* infection which locks the computer and asks to pay money in order to unlock it. It is similar to Ukash virus which works the same way, just target the computer users in different countries. Buma Stemra infects the computers in the Netherlands.

*Ransomware is the special class of the malware which requires paying the fine, donation or ransom for the specific action or continuing specific procedures.

How Buma Stemra Politie virus works

Buma Stemra virus locks the computer screen on the startup. The window with the requirement to pay the fine appears and nothing else can be done, just entering the digits which identifies the payment provided. The virus asks 50 euros to unlock the computer. The text is in Dutch and tells about the fake crimes of the computer user has done. The owner of a computer is accused with violating the copyright laws and watching illegal information and storing it in his/her computer.

The computer is promised to be unblocked after the payment of 50 euro is done to Paysafecard account. This is fake. Dutch police does not block the computers and has nothing to do with this virus. Please be aware of that and do not panic.

Buma Stemra Virus does not steel any of your personal data. It just locks the computer and requests the single payment threatening the legal actions and even imprisonment. Also it may open the security holes to other viruses and hackers, so removal is essential task in order to save your online possessions.

How Buma Stemra virus infects the computer

Buma stemra virus may infect your computer any time. You may receive an strange email from your friends with link, click the intriguing banner ad or download some software and agree to all of the terms and conditions by automatically clicking Next during the installation. There are many ways of catching this ugly virus. Do not blame anyone if the computer gets infected by other people. The hackers are smart and vicious, so they really know, how to send the virus and infect everything that anti-virus software would not detect it immediately.

The infection may be crucial as it opens the door to other Trojan viruses which steel the login passwords to the bank account.

Please be careful with any unnatural information from your friends and relatives. Better ask what they have sent you over email, Facebook or Skype before clicking the link or opening unclear file.

How to remove Buma Stemra with SpyHunter

It is complicated as virus blocks the access to Start menu and even command button. In the first place you need to launch the SpyHunter, but this can be done only by activating the Safe Mode of his/her computer on the startup. In the beginning copy the SpyHunter installation files to CD or USB flash card at another computer.

Turn on the infected computer and quickly press F8 to launch the Safe Mode option. Choose the Safe Mode with Networking. When Safe mode launches, you will be able to see your files and do some actions. The first action is to delete the virus processes via Task Manager. Then launch the SpyHunter software and run the full system scan. It should clean the virus.

Now you can turn on your computer without that Buma Stemra virus screen and repeat the full system scan. Also please check the infected files manually to be 100% sure that virus has been removed.

How to remove the Buma Stemra Politie manually

Manual removal should be the same as the automatic one.

Step 1. Launch the Safe Mode with Networking by clicking F8 at the BIOS launch.

Step 2. Launch the Task manager. Look at the processes the computer is currently running. Delete the following processes:

%AppData%\Protector-[random].exe

%AppData%\NPSWF32.dll

%AppData%\result.db

%CommonStartMenu%\Programs\[random].lnk

%Desktop%\[Buma Stemra Politie].lnk

If you cannot see them, make sure you have set your Folder options to show your hidden files.

 

Step 3. Remove the following files:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Regedit32

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current\Winlogon\”Shell” = “{rnd}.exe”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0

 

Step 4. Restart the computer.

 

This virus is difficult to remove, so if you feel not confident for manual removal, please find someone who can help. Buma Stemra virus is a sophisticated creation which changes the file names in order to avoid the professional anti-virus software, therefore detecting all the infected files may be difficult. If you by accident remove wrong files, that may cause more problems for some software you use or entire computer, so make sure you always do backups.

Comments are closed.

Powered by: Wordpress