How to remove “La policia ESPANOLA” fake alert

andy | September 6, 2011

“La policia ESPANOLA” is the virus alert elaborated by cyber crooks in order to force the users to effect the payment in favor of these cyber criminals. Indeed, the creativity of malware developers is becoming more and more “fascinating” as days go by. This post is meant to tell you about another way the cyber hackers use to get richer. So, they use the technique resulting in jacking up user’s desktop and replacing its common view by the indeed horrifying message having the title “La policia ESPAÑOLA” which supposedly originates from the Spanish police. But this is not the true case, of course. This fake alert would also claim that your IP address has been detected as the one involved in viewing adult content.

La policia ESPANOLA

La policia ESPANOLA virus

According to the text in Spanish (see the screenshot above) you are going to have serious legal problems soon if you don’t pay the required penalty within 24 hours since this warning first came up. These crooks are hoping some users would really actually get scared into getting “tracked” and then transfer or deposit the required amount of funds through the suggested interface. The truth of the matter is that this is simply the trick and fraud technique. “La policia ESPAÑOLA” alert has nothing to do with the governmental authorities of Spain, nor has it been represented in front of you because of certain actual violation on your part. In this case, you find yourself helpless in using your computer because all or the majority of its functions appear to be locked. Below please find the important tutorial on how to remove this virus. Keep in mind that several preparatory steps should be done, so go ahead and attentively follow our removal guide. The video tutorial is also provided. By the way, this “La policia ESPANOLA” fake alert and virus is similar to the one we discussed today, named as Metropolitan Police virus. You can remove this one, “La policia ESPANOLA”, in the same manner.

“La policia ESPANOLA” important removal milestones:

  1. Restart your system into “Safe Mode with Command Prompt”. While the PC is booting press the “F8 key” continuously, which should present the “Windows Advanced Options Menu” as presented in the image below. Apply the arrow keys in order to move to “Safe Mode with Command Prompt” and hit Enter key of your keyboard. Login as the same user you were previously logged in under the normal Windows mode.
  2. Safe Mode with command prompt

    Safe Mode with command prompt

  3. Once Windows boots successfully, the Windows command prompt would appear as described at the screenshot below. At the command prompt, type-in the word “explorer”, and press Enter. Windows Explorer should open. Please do not yet close it. You can minimize it for a while.
  4. Afterwards open the Registry editor by applying the same Windows command prompt. Type-in the word “regedit” and hit Enter button of your keyboard. The Registry Editor should open.
  5. You know how it normally looks like, don’t you? Well, here is the screenshot of it:

  6. Find the following registry entry:

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon

    In the right-side panel select the registry entry named Shell. Right click on this registry key and select “Modify” option. Its default value should be “Explorer.exe”. However, Metropolitan Police virus did its job, and so after you click “Modify” you would see totally different value of this registry entry.

  7. Copy the location of the modified value of the above-mentioned registry entry to the piece of paper or memorize its location. It shows where exactly the main executable of Metropolitan Police virus is located.
  8. Modify the value of the registry entry back to “explorer.exe” and save the settings of the Registry Editor.
  9. Go to the location indicated in the value of modified registry entry. Remove the malicous file. Use the file location you copied into the piece of paper or otherwise noted in step in previous step. In our case, “Metropolitan Police” virus file was located and running from the Desktop. There was a file called “contacts.exe”, but it may have different (random) name.
  10. Get back to “Normal Mode”. In order to reboot your PC, when at the command prompt, type-in the following phrase “shutdown /r /t 0″ (without the quotation marks) and hit Enter button.
  11. The virus should be gone. However, in order to clean your PC from other possible virus threats and malware remnants, make sure to download and run GridinSoft Trojan Killer downloadable through the button below.

Associated virus files to be removed:

[random].exe

Associated virus registry entries to be removed:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon"Shell" = "[random].exe"

2 Comments

  1. sara says:

    gracias

  2. amy says:

    I have this virus but the explorer.exe file is not changed. any ideas?

1 Trackbacks

Leave a comment

*