|Threat Name:||Police Cybercrime Investigation Department|
|Brief Description:||This type of malware locks the computer or desktop making it unusable.|
If your PC is blocked Police Cybercrime Investigation Department then you are the unlucky one to catch one of the ransom Trojan. This kind of Windows locker malware intends to demand ransom money from you after it holds your computer as its hostage. Police Cybercrime Investigation Department virus will decline you from accessing your own computer. However, the malware is kind enough to give you a chance to regain access by paying the specified cash penalty. We just need to remind you that Ukash is the only preferred payment method of this virus.
One can only hit by this malware if computer is not well protected against online threats. Also, some people who are careless on executing links might as well be infected with Police Cybercrime Investigation Department virus.
When this threat takes control of your computer, it launches the attack by making changes to your system. This results to a locked computer and a disabled desktop. All you can see is a message that admits to be coming from Canadian authorities charging you of online violation. Here is part of the excerpt.
Police Cybercrime Investigation Department (Canada)
Attention! Your PC is blocked due to at least one of the reasons specified below.
You have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Canada.
It is clear to you that none of these allegations is true and you do not have to pay for the imposed penalty. Most of all, keep in mind that legal fines does not have to be settled through Ukash. Thus, we advise instant removal of the malware. Follow the instructions on this page to Police Cybercrime Investigation Department virus from blocking your PC.
What are symptoms of Police Cybercrime Investigation Department Virus Infection?
When Police Cybercrime Investigation Department virus hits the computer, it replaces the desktop with warning message showing messages about your alleged offense. It demands immediate payment for a penalty imposed due to said violations. Here is the screenshot image.
Update: October 15, 2012
There is a new version of Police Cybercrime Investigation Department. It seems that malware authors renewed the face of the fake warning message and everything else remains the same. See screenshot image below.
Update: December, 2012
TrendMicro detects new variants of the Police Cybercrime virus. As shown in the image below, it contains new design. It is believed that this version is targeting computer users in western regions.
Procedures to Remove Police Cybercrime Investigation Department
Removal steps on this page will help you get rid of the threat effectively using tools and virus scanners. Please make sure that you will carry out the guide in exact order.
Create a USB Bootable Device
Ransom Trojans and viruses will lock the screen and makes the computer unusable. Common ways to deal with this type of infection is to boot the PC using another device. For this tutorial we will do a bootable disk that contains Police Cybercrime Investigation Department remover.
1. Download Kaspersky Rescue Disk from their official server. Click the button below. The file will be in .ISO format.
2. Download this utility called rescue2usb to record your .ISO file into the USB drive. Obviously you need a USB thumb drive at least 512MB in capacity. Plug it to the computer.
3. Once you have the two programs, double-click on the rescue2usb.exe to start creating a bootable USB drive.
4. You will see on the screen in the program called Kasperksy USB Rescue Disk Maker. Click on Browse and locate the .ISO file.
5. Under USB Medium, select the proper drive of your USB device.
6. Click on START. It will now begin to create a bootable USB drive with Kaspersky Rescue Disk in it.
Start the Computer with Kaspersky Rescue Disk.
1. You must set the computer to use other bootable device aside from hard drive. For this procedure, enable your BIOS to boot to USB device. If you are not familiar with this, please refer to your computer's instruction manual.
2. Another option is to access the Boot Menu right after you turn one the PC. It will present a Menu so that you can select a preferred boot drive. Select Removable Devices.
3. Your computer will now start and load Kaspersky Rescue Disk.
4. If you see a message on the screen, please Press any key to enter the menu. You only have 10 seconds to do this, otherwise it will boot with the hard drive.
5. Next screen will be the interface language. Please select desired language to use.
6. You must run the program in Graphic Mode. This gives you easy access to all commands and menus.
7. End User License Agreement will appear. Please accept to continue using the program. Press 1 to proceed.
Using WindowsUnlocker to Remove Police Cybercrime Investigation Department
1.Click on the K button at the lower left corner of the screen.
2. Select Terminal on the list. It will open a command prompt.
3. Type windowsunlocker and press Enter on your keyboard.
4. On WindowsUnlocker menu, please type 1 to Unlock Windows. This utility will clean the registry for malicious entries.
5. After the cleanup process, it will display the menu once more.
6. Press 0 on your keyboard to exit WindowsUnlocker.
Run a Virus Scan
1. After removing Police Cybercrime Investigation Department, you need to delete all remaining components.
2. Click on the K to display the menu.
3. Select Kaspersky Rescue Disk. This will open the virus scanning tool.
4. You need to update the program first. Select My Update Center tab and click on Start update. This requires an Internet connection.
5. After updating the program, select Object Scan tab and click on Start Object Scan. You must scan the following:
- Disk boot sectors
- Hidden startup objects
- All drives
6. Scanning the entire hard drive may take some time. Please let the scan to finish.
7. Once the scan process is complete, the tool will prompt you for preferred actions on detected threats. Deleting all threats is recommended.
8. You can now turn off the computer, unplug the USB drive, and start Windows in normal mode.