Sunday, 27 April 2014

Removal Problems with Serious Organised Crime Agency (SOCA) Ransomware

The current version of this malware does not allow logging in through any form of Safe Mode on Windows XP.  Consequently, most "solutions" will not work with new versions of the virus.  However, in my case, because the malware still allows programs to operate, my Avast Antivirus eventually picked it up and offered to do a boot scan (this was the first time in 3 days that I was actually presented with a screen IN FRONT of the offending malware article).  The consequent scan found and neutralised the virus which was lodged in file Documents and Settings\"My name"\Application Data\Sun\Java\Deployment\cache\6.0\9\5da9d3c9-70af23b2 and an associated file with the same prefix.  It seems that the trojan entered the system through a bogus pop-up inviting me to update Java.  Deleting the offending files by other means (eg, through Kaspersky Rescue Disk 10) may also solve the problem.