Koda is known as a severe computer locker. It is another malicious sample presented by Ukash virus, developers. The viruses of such type are wide-spread on the globe. All of them are named on behalf of governmental authorities depending on a country the computer is located. The virus the article is devoted to is specifically designed for Denmark computers.

If Koda hijaces a vulnerable PC it displays the warning notification with the following content:

Der er fundet musik, som er ulovligt downloadet (piratkopieret), på din computer. Ved at downloade musikken er den blevet reproduceret, hvilket er en kriminel handling i henhold til Afsnit 106 i Loven om ophavsret. …… Du kan identificeres ved, at din IP-adresse og det tilhørende værtsnavn analyseres.

The PC owner is accused for illegal usage and distribution of copyrighted content, such as movies, music or other and even for using of pornographic content. To make a PC useable again it is necessary to pay a fine of 1000 DKK. This tick is counted on gullible people. This is tactic of hackers that works fine and the scammers are getting richer day by day.

Koda virus squeezes to a computer employing exploit kits. The malicious codes are also dropped on the computers with security leakages. The virus behaves invisibly inside a computer-victim untill necessary changes to the system are done. Typically there is no gap between the time you login to your computer and warning screen loads. It locks the user the desktop and make it is impossible PC in a safe mode with networking. So the unlocking procedure is not an easy task. Nevertheless it is possible to cope with this problem. Below you will find a solution:

Removal guide of Koda virus:

STEP 1.

Before the very boot process begins keep repeatedly hitting F8 button on your keyboard. In the window that appeared select Safe mode with command prompt option and press Enter.

STEP 2.

Launch regedit. Search for Winlogon. Press Start --> Run

or press [Win]+R on keyboard Type regedit

STEP 3.

There will be a key labeled Shell under Winlogon. It should reference Explorer.exe or be blank. If there is something else referring an executable in one of user’s folders, replace it with explorer.exe.