Remove Bundespolizei Police Ransomware Virus Manually

Revision as of 08:36, 10 August 2016 by Kipkis (Kipkis | contribs) (importing article from wikihow)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

The “Bundespolizei” virus holds your computer ransom by demanding a fine for your allegedly illegal internet activities. If you’ve contracted this virus, use the following instructions to remove it manually.

Steps

  1. Restart your computer. If your computer isn’t working properly enough to run its own restart, force one by hitting the restart button (if you have one) or by turning the power button off and then back on.
  2. As the computer starts back up, tap the F8 key. This will open an Advanced Options menu. Tapping the key several times will increase your odds of sending the command at the right moment.
    Note that if you hit F8 too soon on certain operating systems, you may get a keyboard error message and have to restart the computer; if you hit it too late, Windows will simply open normally and you’ll have to try again.
  3. Choose “Safe Mode with Command” from the Advanced Options menu. When you log in, you will see a command window (cmd.exe). This will allow you to modify the computer while still in safe mode.
  4. Optional Step: Type “Taskmgr.exe” and press enter to open the Task Manager. (Do not type the quotation marks.) Only do this step if you already know or could easily recognize executable files associated with the virus.
    • Go to the Processes tab to find and end all processes associated with the virus. Simply click on the process and hit End Process at the bottom right-hand corner of the window. If you aren’t sure whether or not a process is associated with the virus, don’t end it.
    • Close the Task Manager. This will take you back to the command window.
  5. Type "Regedit" and press enter. (Again, do not type the quotation marks.) This will open the Registry Editor.
  6. Locate a folder named “Winlogon” in the panel to the left. The full directory is “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.”
  7. In the panel to the right, find the registry key named “Shell.” The complete filename should be something like “C:\Documents and Settings\username\desktop\VIRUS INFO.exe.”
    Though the virus-info portion of the filename will be different for different computers, common examples include “contacts.exe,” “jashla.exe,” and “mahmud.exe.” Write down this information: you will need it again later.
  8. Right-click the word “Shell” and choose Modify. A dialogue box should pop up that gives you the value name (Shell) and the value data (C:\Documents and Settings\YOUR USERNAME\desktop\VIRUS INFO.exe).
  9. Modify the value data to read “Explorer.exe” and hit okay. (Again, do not type the quotation marks.) This restores the default value.
  10. Go to Edit > Find and type the virus info you wrote down earlier. (Ex. “contacts.exe,” “jashla.exe,” “mahmud.exe,” etc.) Make sure that Keys, Values, and Data are all checked in the Find options.
  11. Find and delete all the virus’s registry keys. Hit Find Next to find a registry key containing your virus info, then right-click the name and choose Delete. Do this until there are no more registry keys associated with this virus.
  12. When you’re done, exit the registry editor. You should now be back at the command window.
  13. Type “shutdown /r /t 0” and hit Enter. (Again, do not type the quotation marks.) This will restart your computer in normal mode.
  14. If this doesn't work or you cannot find any entries related to the 'Police' virus, Reboot your PC in safe mode (tapping F8 key whilst booting)
  15. - Go to Start -> Run and type 'msconfig'
  16. - In the folder Boot Options turn of everything
  17. - Save
  18. - Reboot your PC
  19. Virus gone
  20. You can leave it this way or repeat steps above and turning on the options one by one. When the virus reappears after reboot, you know where the virus is hiding

Tips

  • When you’re done, consider using a free program like Malwarebytes, Spybot Search & Destroy, or Spyware Doctor to clean up any last remnants of the virus.
  • If possible, report this abuse to the payment provider and authorities. They may be able to help you or catch the criminals. Often, the criminals demand payment via Ukash, a company in the UK that is working to resolve this problem.
    • If you believe you have passed on the Ukash code details, please call Ukash ASAP, on 00800 247 85274, so they can try to block the payment. You should also report the crime, in the UK to Action Fraud on 0300 123 2040, or to their local police.

Warnings

  • The original warning, which reads “BUNDESPOLIZEI Achtung! Ein Vorgang illegaler Aktivitaten wurde erkannt” in German, translates to: “FEDERAL POLICE Attention! An operation of illegal activities has been detected.” The virus then demands that you pay a penalty or the data on the computer will be deleted. Unless you are using a trusted intermediary, never agree to any unprompted online scans or give your financial information away over the web.

Related Articles

  • Get Rid of Ransomware
Retrieved from "https://kipkis.com/index.php?title=Remove_Bundespolizei_Police_Ransomware_Virus_Manually&oldid=42109"