Interpol Department of Cybercrime Virus removal

andy | September 15, 2012

The scary warning supposedly coming from Interpol, the Department of Cybercrime, is a fake notice that is peculiar to a new ransomware program prepared by online frauds. We carried out a thorough research of this malicious application, and here is what we were able to discover. First, the ransomware is localized depending on the country where the PC became infected. Thus, the very screenshot of it would be different, with consideration of specific location in the world where the system was targeted by this scam. The virus locks the entire computer screen and doesn’t give the option for user to do anything with the infected PC. Attempts to reboot PC in a general manner fail – the locked status remains. The very accusation message of this malicious ransomware utility sounds in the following manner:

Interpol Department of Cibercrime

Attention!
Your PC is blocked due to at least one of the reasons specified below.

You have been violating «Copyright and Related Rights Law» (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of World Department of Cybercrime.
Article 128 of the Criminal Code provides for a fine of 2 to 5 hundred minimal wages or a deprivation of liberty for 2 to 8 years.
You have been viewing or distributing prohibited Pornographic content (Child Porn/Zoophilia and etc). Thus violating article 202 of the Criminal Code of World Department of Cybercrime.
Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years.
Illegal access to computer data has been initiated from your PC, or you have been…
Article 208 of the Criminal Code provides for a fine of up to €100,000/E100,000 and/or a deprivation of liberty for 4 to 9 years.
Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law On Neglectful Use of Personal Computer. Article 210 of the Criminal Code provides for a fine of €2,000/£2,000 to €8,000/£8,000.
Spam distribution or other unlawful advertising has been effected from your PC as a profit-seeking activity or without your knowledge, your PC may be infected by malware.
Article 212 of the Criminal Code provides for a fine of up to €250,000/£250,000 and a deprivation of liberty of up to 6 years. In case this activity has been effected without your knowledge, you fall under the above mentioned article 210 of the Criminal Code of World Department of Cybercrime.
Your personality and address are currently being identified, a criminal case is going to be initiated against you under one or more articles specified above within the next 72 hours.
Pursuant to the amendment to the Criminal Code of World Department of Cybercrime of August 28, 2012, this law infringement (if it is not repeated – first time) may be considered as conditional in case you pay the fine to the State.
Fines may only be paid within 72 hours after the infringement. As soon as 72 hours elapse, the possibility to pay the fine expires, and a criminal case is initiated against you automatically within the next 72 hours!
The amount of fine is €100 or £100. You can pay a fine Ukash or PaySafeCard.
When you pay the fine, your PC will get unlocked in 1 to 72 hours after the money is put into the State’s account.

You should be aware of the fact that program is extremely malicious. For this reason please stay away from performing any of the scary and fraudulent recommendations this program insists on. Do not listen to its faulty statement and do not pay any fine via Ukash or Paysafecard payment systems. This is a serious mistake, and in such case the chances are that you will never get your money back. What you should do is to remove this program and unlock your PC with the help of clear and simple malware removal recommendations. Below please find the guidelines that we’ve developed for you to follow.


Malware removal steps:

  1. Reboot your PC into Safe Mode with Command Prompt
  2. After you hit “Restart” button or choose the appropriate menu, the computer will begin to reboot. While the boot begins, keep hitting “F8” repeatedly, until the following window comes up:

    Use up and down arrows to choose the necessary menu and press “Enter“.

  3. Sign up as the user of the machine that became infected.
  4. In the cmd.exe windows that appeared type “regedit” and press “Enter“.
  5. Remove the parameter “Shell” from the registry entry HKCUSoftwareMicrosoftWindows NTCurrentVersionWinlogon
  6. Remove the files that were created by this ransomware program:
  7. %APPDATA%msconfig.dat
    %APPDATA%msconfig.ini
    %TEMP%error.png
    %TEMP%header.jpg
    %TEMP%ic_1.png
    %TEMP%ic_2.png
    %TEMP%ic_2_1.png
    %TEMP%ic_2_2.png
    %TEMP%main.html
    %TEMP%nosignal.jpg
    %TEMP%notice.png
    %TEMP%style.css

  8. Restart your computer into normal mode via the command “shutdown /r /t 0“.
  9. Scan your computer with our recommended security software:

5 Comments

  1. fire fighter says:

    I used to be suggested this website via my cousin. I am now not sure whether or not this submit is written through
    him as no one else know such unique about my difficulty.
    You’re incredible! Thanks!

  2. Kieran malt says:

    Hi I have this virus but don’t have the shell parameter ?

    Please help

  3. stu says:

    start pc as normal when it boots be quick click on start and control panel but be quick you only have 3 seconds to do this, the interpol screen will appear but control panel will open on top of it. restore computer to time before virus struck after restore is complete scan with a good anti malware program job done

  4. guy radford says:

    When I type “Regedit” it is not recognised as a command. Any ideas?

  5. Guy Radford says:

    Good Morning. I have this virus and I’m struggling. I can get my PC into safe mode but when I type “regedit” as suggested above, it says this is not a recognised command. Any ideas how I can progress would be most welcome.

1 Trackbacks

Leave a comment

*