While ransomware such as Ukash Virus and FBI MoneyPak Virus have been around for a while, they only targeted PC users with Windows operating system. An increasing popularity of mobile devices has made hackers diversify their businesses and now they have created a virus, that locks Android devices demanding victims to pay a fine of around $300 for allegedly committed a crime browsing banned illegal pornography websites.
Better known as Android-Trojan.Koler.A, the virus uses a similar scheme of its’ Windows counterparts: it locks the device preventing the user from launching any app and demands a fine to be paid using Ukash or Paysafecard prepaid cards. The reason they are using prepaid cards is that it is very difficult to trace the payments, hence track the hackers down.
It is relatively easy to get infected with Android-Trojan.Koler.A. Once a person visits certain websites with (not necessarily) pornographic or erotic content, one is asked to download a “codec” to view the videos. When the installation package is on the device, the user has to install the .apk file manually. Android has a protection against malicious apps that allows apps to be installed only from the Play Store, so the virus requires the user to enable installation of unknown sources, which opens a hole for various viruses and trojans. Once Android-Trojan.Koler.A is installed, it will immediately lock the device showing its’ screen with the information about the allegedly committed crimes with added victim’s IP address to scare him/her even more.
Removal Of The Virus
Due to the fact that Android works differently from Windows, and there are so many devices with different Android versions and shells, it can be tricky to deal with this infection. If you have a device infected with Android-Trojan.Koler.A virus, and you can manage to go to the list of apps without seeing the screen of the ransomware, you may be in luck. Look for an app called BaDoink and uninstall it. If you can manage do to that, you’re probably free of the virus. However, if BaDoink’s window is constantly shown, you would have to restart the device in Safe Mode.
If you are using Android 4.1 and up:
- Long-press power button
- In the displayed menu, long-press “Power Off“
- Press “OK” to reboot into Safe Mode
If you are using Android 4.0 or lower:
- Long-press power button
- Press “Power Off” to shutdown the device
- Long press power button to power on the device
- When the device is starting, keep holding Volume Down button until you see home screen
Once in Safe Mode:
- Locate BaDoink app
- Long press on the app and drag to the “Uninstall” button
- Reboot your device into normal mode
To ensure the security of your device, disable “Unknown Sources” checkbox in phone’s settings (usually in the “Security” screen). We also recommend that you only install apps from Play Store. Not all apps there may be safe, but at least Google is doing its’ best to add some verification of the apps listed on Play Store.
If you have any difficulties having the virus removed from your device, please drop a comment including the name of your device and the version of Android OS.
i have a htc one phone and it has the fake fbi virus and i boot the phone into safe mode and open apps in settings located the virus app but does not let me unistall it… what can i do?
Having trouble removing this from a tablet using Jelly Bean android 4.2.
Samsung galaxy 4, in safe mode, no app named badoink, cant find anything suspicious either…don’t know what to do next. My sons phone. Can I download some kind of security app while in safe mode to locate it and get rid of it since it is not obvious to me where it is?
Hello Debra,
you could try installing avast! Ransomware Removal from Google Play Store: https://play.google.com/store/apps/details?id=com.avast.android.malwareremoval. Please note that it’s better to install the removal tool from the link provided above, not from Play Store app on your phone. Also, you should be logged in the same Google account on the web version of Play Store as your primary account on your phone. Once it’s on your phone, launch avast! Ransomware Removal and perform a scan. If it finds the infection, it should allow you to remove it.
Android 4.4.2
ive tried the aforementioned on my Lg Optimus running android 4.1 ice cream but the stupid virus has rooted itself as an active device administrator, there for nothing anyone has offered me in terms of a solution works because the virus does not allow me to uninstall as I would any other app, it purposefully greys out the “uninstall” “force stop” options.
Other than a factory reset, and no the device is not rooted so I cannot go into dev options, is there anyway to run a scan through my pc while my cell phone is tethered to my pc and try to scan the files this way to remove the trojan?????
Nothing I find on the net comes close to even explaining if there is any alternative to a full out factory reset??? ( I have no problems doing this but only as a last resort). And yes the phone is in safe mode when I try to run any antivirus program,right now the phone works fine but only while in safe mode. I have Sophos Security scanner, and it detects the virus, which looks like an Adobe file btw but when it tries to delete it this is exactly what it reads
“Cannot uninstall : this package is an active device administrator.”
Hi Brandon,
there might be a way to actually deactivate that program, but it requires some patience, as you would have to reboot your phone into safe mode several times. Once in safe mode, try going to “Settings > Security > Device administrators” and deactivate the suspicious app. Then reboot phone into Safe Mode again, and perform the same procedure. It may take a few reboots to really deactivate the app (as many times as the virus has activated itself as a device administrator). I hope this method helps.
Im exhusted with the number of malware ive installed in one day to remove this. Ive gone into safemode and I cannot locate this malware anywhere…HELP!!!!
LG G2, Android OS version 4.4.2
I have a galaxy note 3 a Android 4.4.2 can’t find the app BaDoink
Hi, i have a lg motion 4g and every time i try to go to a website i get redirected to a porn site i believe it’s called badoink . I have tried everything i know and nothing is working. Every anti virus app claims that my phone has no malware but it does. I would really appreciate any help you can offer. Thank you so much
I have a metro pcs LG optimus and it says it’s vulnerable and it’s risky..I’ve tried all kinds of apps to get rid of it and even reset my phone, but it’s still there..somebody hacked into my phone
the uninstall button will not work? what next?
I have an lg g2 phone which has gained this virus i rang my network supplier who told me to reset my phone to factory restore this didn’t work, i rang lg direct they told me to hold power off and volume button together to get phone into safe mode this hasn’t worked either. waiting for lg to ring back with another solution.
anybody any ideas
High Adam! The one I have is that goofy lookin Obama! When I go to safe mode I find the ugly f**k that has me locked but the uninstall tab is not functional! From what I have read it is kind of new!
IM having trouble to uninstall VideoPlayer ADULT
Clicked a webpage today that ransomwared my android tablet. No downloading of any apps. No requests to manually install anything. Rebooted in to safemode, opened browser settings and cleared all cookies, data, history, etc…. rebooted and seems to be fixed.
I have the android LG. I cant do anything, the virus just pops up the window where it says to pay. I had to forcefully shut it off. I was able to get into safe mode following your instructions. Once in safe mode when I go to apps in settings I dont see anything named badoink. There are a few apps in there that Im not sure what they are and afraid to delete because I dont knoe if there important. Im not tevh savy at all, but any guidance would help. I really cant afford the 150 the guy said it would cost at best buy to fix. Please any advice. Thank you for your time.
I installed it on my phone after my husband recommended it for (adult) movie downloads. I haven’t seen it on my Samsung S6 since I uninstalled it, but while I was hooking up my printer a few minutes ago I opened the devices and printers settings on my PC and there it was under connected devices, as if I had something plugged into my lap top… I searched my computer for hours the day I plugged the phone in with no trace of this app, now all of a sudden it appears out of thin air. Not sure what they’re up to, but it can’t be good… how do I get rid of it (FOR GOOD)? I’m the complete opposite of technologically inclined and have already restored and restarted my laptop, I’m afraid to do anything else. I have to make this computer last at least another couple months until I can afford a new one, Please help!!