Las operaciones sobre las actividades ilegales se detectaron en el ordenador is a new cyber threat spreading in the IT world today, also known as a ransomware program. Ransomware implies the application which hacks your PC and then asks for the ransom to have it unblocked. This particular pest primarily attacks the PCs of Spanish-speaking countries. Please bear in mind that we told you in several of our previous posts about such type of virus. They were known as Metropolitan Police and La policía ESPAÑOLA ransomware viruses. So, this one we’re talking about is just an insignificantly amended version of the previous PC enemies of such type.
You should be aware of the fact that the very malware performance and fake statements about you and your PC sending spam e-mails and observing/promoting illegal content remained without any significant moderations. So, this scareware hijacks your PC and then requires of you to pay certain ransom fee in order to allegedly obtain further guidelines on how to unblock your workstation. It says that you should exchange cash in the amount of $150 for a Ukash or Paysafecard voucher and email the pin code to firstname.lastname@example.org e-mail address. It actually promises you that you will get the unlock code within the next 24 hours. If you, however, refuse to effect the fee as the ransom the virus states that your IP address and personally identifiable data will be sent to Interpol. Well, this is quite a scary piece of information to receive indeed. However, don’t forget that we are actually dealing with virus when it comes to the program titled as “Las operaciones sobre las actividades ilegales se detectaron en el ordenador”. The reality is that this tool cannot encrypt or get rid of your files. It cannot steal personally identifiable data either. So, this is nothing but the bogus notice aimed to scare you. If your PC is hacked with this Las operaciones sobre las actividades ilegales se detectaron en el ordenador ransomware message and you don’t know what to do with it then please follow the removal tips stipulated in the section below. Make sure to carefully watch our video tutorial on the example of fixing the similar problem (known as Metropolitan Police virus).
Important removal milestones:
- Restart your system into “Safe Mode with Command Prompt”. While the PC is booting press the “F8 key” continuously, which should present the “Windows Advanced Options Menu” as presented in the image below. Apply the arrow keys in order to move to “Safe Mode with Command Prompt” and hit Enter key of your keyboard. Login as the same user you were previously logged in under the normal Windows mode.
- Once Windows boots successfully, the Windows command prompt would appear as described at the screenshot below. At the command prompt, type-in the word “explorer”, and press Enter. Windows Explorer should open. Please do not yet close it. You can minimize it for a while.
- Afterwards open the Registry editor by applying the same Windows command prompt. Type-in the word “regedit” and hit Enter button of your keyboard. The Registry Editor should open.
- Find the following registry entry:
In the right-side panel select the registry entry named Shell. Right click on this registry key and select “Modify” option. Its default value should be “Explorer.exe”. However, the virus did its job, and so after you click “Modify” you would see totally different value of this registry entry.
- Copy the location of the modified value of the above-mentioned registry entry to the piece of paper or memorize its location. It shows where exactly the main executable of this virus is located.
- Modify the value of the registry entry back to “explorer.exe” and save the settings of the Registry Editor.
- Go to the location indicated in the value of modified registry entry. Remove the malicous file. Use the file location you copied into the piece of paper or otherwise noted in step in previous step. In our case, the virus file was located and running from the Desktop. There was a file called “contacts.exe”, but it may have different (random) name.
- Get back to “Normal Mode”. In order to reboot your PC, when at the command prompt, type-in the following phrase “shutdown /r /t 0” (without the quotation marks) and hit Enter button.
- The virus should be gone. However, in order to clean your PC from other possible virus threats and malware remnants, make sure to download and run GridinSoft Trojan Killer downloadable through the button below.
You know how it normally looks like, don’t you? Well, here is the screenshot of it:
Associated virus files to be removed:
Associated virus registry entries to be removed:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[random].exe"