What is Linkup Ransomware:
Threat Classification: Ransomware
Linkup Ransomware, Trojan-Ransom.Win32.Linkup or Council of Europe virus is a ransomware trojan, which targets computers running Windows operating system. Linkup Ransomware was first seen in January 2014. The infection might come from various sources – infected files from various P2P networks, torrents or other file sharing applications, email attachments etc.
Linkup Ransomware has a different approach compared with similar ransomware. Unlike its predecessors it would not lock you out completely of your computer or encrypt your files. What Linkup Ransomware does is to modify your DNS settings in order to block the internet access on your system, asking the user to pay. It can also utilize your PC`s processing power to turn your machine into a Bitcoin mining bot.
Once the infection is executed on your computer, it will inject itself deep into the system by modifying the registry in order to start with Windows on every boot. Linkup Ransomware will take over your system and will present a fake message stating that it`s issued by the Council of Europe, and your access to the internet is blocked. Furthermore, the bogus text says that you have to fill out your personal details in order to use the web. You will notice a fill-out form, whereas you`ll have to type your full name, address and contact phone number. The payment should be made through either Bitcoin or a pre-paid voucher – both are untraceable payment methods. The fake notification would look like the following or similar:
“The Provisions on the fight against sexual exploitation of children and child pornography on the Internet complies with the provisions of an EU Council decision from December 2003. It gives the police powers to arrest those who are responsible for child pornography, calls for the creation of the National Centre to combat child pornography on the internet and establishes that Internet Service Providers have a legal obligation to adopt a filtering system to avoid access to sites censored by the Centre.”
When you click on the “Confirm” button, you`ll be taken to another window, where you`ll need to confirm your details. For the verification process to be completed, you will also need to provide your credit card details. Linkup Ransomware claims that one euro cent will be withdrawn from your card.
Please note that these notifications are bogus and are used with the only purpose of making you believe that you are at risk and fooling you to submit your personal details.
Linkup Ransomware will not only block your internet access and lock your computer. It will also collect information that may be used to compromise you. Additionally your PC`s performance will decrease dramatically as your enslaved machine will be involved in Bitcoin mining (calculating long algorithms) utilizing all its power capabilities to mine Bitcoins.
The Ransomware may steal other relevant information, and send it over to the creators. That is the reason why this malware infection should not be left unattended, and it needs to be terminated immediately, as it is a serious threat to your online security. We, at MalwareKillers.com, recommend you to use SpyHunter for automatic removal.
There are two ways to remove this infection. It is totally up to you to decide which way you want to go:
1. Automatic Removal Method (recommended for regular or novice users) using a Professional Malware Removal Software.
2. Manual Removal (recommended for PC Experts or Enthusiasts).
Automatic Linkup Ransomware Removal:
We recommend using SpyHunter Malware Security Suite.
You can download and install SpyHunter to detect Linkup Ransomware and remove it, by clicking the button below. Once installed, SpyHunter will automatically scan and detect all threats present on your system, but in order to use it as a removal tool, you need to purchase a subscription.
SpyHunter will automatically scan and detect all threats present on your system.
Learn more about SpyHunter (EULA). You can find Install Instructions here: (LINK) SpyHunter`s free diagnosis offers free scans and detection. You can remove the detected files, processes and registry entries manually, by yourself, or to purchase the full version to perform an automatic removal and also to receive free professional help with any malware related queries by their technical support department.
Manual Linkup Ransomware Removal:
!!! Please note: You can remove Linkup Ransomware manually, however, you should proceed at your own risk, as any of the interventions might render your system inoperable. Therefore this manual removal method is highly recommended for PC Experts or Enthusiasts. For regular users, MalwareKillers.com recommends using SpyHunter or any other reputable security application.
1. Remove Linkup Ransomware by restoring your system to a previous state.
1. Reboot your computer into Safe Mode with Command Prompt. To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard.
***For Windows 8:
If you are using Windows 8, you need to hold the Shift button and tap the F8 key repeatedly, this should boot you into the new advanced “recovery mode”, where you can choose the advanced repair options to show up. On the next screen, you will need to click on the Troubleshoot option, then select Advanced Options and select Windows Startup Settings. Click on the Restart button, and you should now be able to see the Advanced Boot Options screen.
2. Using the arrow keys on your keyboard, select the option “Safe Mode with Command Prompt” and press Enter on your keyboard.
3. When the command prompt loads up, type:
Windows XP: C:\windows\system32\restore\rstrui.exe and press Enter
Windows Vista/7/8: C:\windows\system32\rstrui.exe and press Enter
4. System Restore should initialize, and you will be displayed a list of restore points. Try using a restore point created just before the date and time before the Your-computer-has-been-locked virus has infected your computer.
When System Restore has completed its task, start your computer in Windows normal mode, you would need to perform a scan with anti-spyware software as the infection might still be on the system.
2. Remove Linkup Ransomware under Safe Mode or Offline using a Rescue Disc:
1. Reboot your computer by using the information above but select Safe Mode with networking. Alternatively, you can boot the computer from a Rescue CD that you need to prepare before the removal process.
2. *If you are under Safe Mode or Normal Mode, check for the following process in memory and kill it:
%CommonAppData%\[RANDOM CHARACTERS]\ <random>.exe
3. Open Registry Editor (If using Rescue CD -> load the registry hive.)
4. Check the following registry keys for any entries related to the infection and remove them, if any found:
*Default entry must be: Explorer.exe
*Default entry must be: C:\WINDOWS\system32\userinit.exe,
*Default entry must be:
Windows XP: rundll32 shell32,Control_RunDLL “sysdm.cpl”
Windows Vista/7/8: SystemPropertiesPerformance.exe /pagefile
*Please be extremely careful of modifying the default entries of Shell; UserInit and AppInit as you can break your system.
5. Check and remove/modify the following entries/values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore “DisableSR ” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’
6. Delete any files or folders related to Linkup Ransomware by checking the following locations:
Look for the following files or similar:
%Documents and Settings%\All Users\Application Data\Linkup Ransomware
doguzeri.dll; 3948550101.exe; 3948550101.cfg