Luxembourg Police (Cybercriminalité Département) virus removal

1 Star2 Stars3 Stars4 Stars5 Stars (39 votes, average: 5.00 out of 5)
loadingLoading...

Hackers attack various computers, irrespective of gender, wealth status or race of the user of the infected PC. So, today they attack citizens of Luxembourg with another ransomware program that is classified as Reveton trojan. This generally means that there will be ways how to unlock the PC infected with this scam, at least certain safe modes will be available for this purpose.

Luxembourg Police virus

It suddenly happens that users in Luxembourg get quite an unusual message at their screen, instead of the common desktop background. The entire PC becomes disabled, user cannot do anything with his/her PC. And, by the way, it doesn’t matter how many times the reboot attempts are accomplished. The locked status remains. The locker gives the following scary notification on the infected computer:

Luxembourg Police
Cybercriminalité Département

Toute activité dans cet ordinateur est enregistrée. En cas de l’utilisation du caméra Web, tout vidéo et photo sont gardés pour l’identification.

Votre ordinateur a été bloqué!
le fonctionnement de votre ordinateur est arrêté pour les signes de la cyberactivité défendue.
Les violations possibles commises sur votre ordinateur:
Article 274 – Oroit d’auteur
Amende ou privation de liberté jusqu’à 4 ans
[utilisation ou diffusion des fichiers protégés par le droit d’auteur – films, logiciel)
Article 183 – Production pornographique Amende ou privation de liberte jusqu’à 2 ans (Utilisation ou diffusion des fichiers pornographiques)
Article 184 – Production pornographique avec participation des enfants (jusqu’à l’âge de 18 ans)
Privation de liberté jusqu’à 15 ans
(Utilisation ou diffusion des fichiers pornographiques)
Article 104 – vulgarisation du Terrorisme
Privation de liberté jusqu’à 25 ans
(Vous avez visité des sites des organisations terroristes)
Article 297 – Usage négligent de l’ordinateur ce qui a entrainé des conséquences sérieuses Amende ou privation de liberté jusqu’à 2 ans
(Votre ordinateur est infecté par le virus, qui, à son tour, a infecté d’autres ordinateurs)
Article 108 – Jeux de hasard
Amende ou privation de liberté jusqu’à 2 ans
(Vous avez ioué aux jeux de hasard, mais d’après la loi de votre pays le business de hasard est interdit)
En vertu de la décision du Gouvernement du 22 août, tous ces délits peuvent être jugés comme conventionnels en cas du paiement de l’amende.
La somme de l’amende fait 100 euros. Le paiement doit être produit pendant 48 heures, après la révélation de la violation.
Si l’amende n’est pas payée, une action pénale sera automatiquement ouverte contre votre personne.
Votre ordinateur sera débloqué après le paiement de l’amende.

Summarizing the above-mentioned information, we can surely give you the piece of advice. Please do not ever obey the scary and fraudulent instructions of the crooks that have elaborated Luxembourg Police virus. This ransomware has the only thing in mind – to scare users into believing their PC is locked by the police. Even though, in reality, this locker is the product of cyber hackers. So, please do not share any information with them. Do not disclose Ukash or Paysafecard voucher or PIN codes to them. Instead, please follow the simple and clear malware removal guide that will assist you in unlocking your PC from this scam.

Automatic removal solution (recommended):

  1. Go to your friend, relative or anybody else who has computer with Internet connection.
  2. Take your USB flash drive / Memory Stick with you.
  3. Download GridinSoft Trojan Killer installation file from this site https://trojan-killer.net/download.php and save it to your USB flash drive / Memory Stick.
  4. Get back to your infected PC and insert the USB Drive / Memory Stick into the respective USB slot.
  5. Perform hard reset (press reset button on your computer) if your infected PC has been on with Metropolitan Police background. If not, then simply turn your PC on.
  6. Before the very boot process begins keep repeatedly hitting “F8” button on your keyboard.
  7. In the window that appeared select “Safe mode with command prompt” option and press Enter.
  8. Choose your operating system and user account which was infected with Metropolitan Police virus.
  9. In the cmd.exe window type “explorer” and press “Enter” button on your keyboard.
  10. Select “My Computer” and choose your USB flash drive / Memory Stick.
  11. Run the installation file of GridinSoft Trojan Killer. Install the program and run scan with it. (update of the program will not work for “Safe mode with command prompt” option)
  12. When the hijackers are successfully disabled (fixed) by GridinSoft Trojan Killer you may close GridinSoft Trojan Killer application.
  13. In the cmd.exe window type “shutdown /r /t 0” and press “Enter” button on your keyboard.
  14. Upon system reboot your PC will be unlocked and you will be able to use it just as before the infection took pace.
  15. However, it is recommended that you now update GridinSoft Trojan Killer and run the scan with it again to remove the source of the infections causing Metropolitan Police virus to infect your PC.

Automatic removal video:

Metropolitan Police manual removal (optional):

  1. Restart your system into “Safe Mode with Command Prompt”. While the PC is booting press the “F8 key” continuously, which should present the “Windows Advanced Options Menu” as presented in the image below. Apply the arrow keys in order to move to “Safe Mode with Command Prompt” and hit Enter key of your keyboard. Login as the same user you were previously logged in under the normal Windows mode.
  2. Safe Mode with command prompt
    Safe Mode with command prompt
  3. Once Windows boots successfully, the Windows command prompt would appear as described at the screenshot below. At the command prompt, type-in the word “explorer”, and press Enter. Windows Explorer should open. Please do not yet close it. You can minimize it for a while.
  4. Afterwards open the Registry editor by applying the same Windows command prompt. Type-in the word “regedit” and hit Enter button of your keyboard. The Registry Editor should open.
  5. You know how it normally looks like, don’t you? Well, here is the screenshot of it:

  6. Find the following registry entry:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

    In the right-side panel select the registry entry named Shell. Right click on this registry key and select “Modify” option. Its default value should be “Explorer.exe”. However, Metropolitan Police virus did its job, and so after you click “Modify” you would see totally different value of this registry entry.

  7. Copy the location of the modified value of the above-mentioned registry entry to the piece of paper or memorize its location. It shows where exactly the main executable of Metropolitan Police virus is located.
  8. Modify the value of the registry entry back to “explorer.exe” and save the settings of the Registry Editor.
  9. Go to the location indicated in the value of modified registry entry. Remove the malicous file. Use the file location you copied into the piece of paper or otherwise noted in step in previous step. In our case, “Metropolitan Police” virus file was located and running from the Desktop. There was a file called “contacts.exe”, but it may have different (random) name.
  10. Get back to “Normal Mode”. In order to reboot your PC, when at the command prompt, type-in the following phrase “shutdown /r /t 0” (without the quotation marks) and hit Enter button.
  11. The virus should be gone. However, in order to clean your PC from other possible virus threats and malware remnants, make sure to download and run GridinSoft Trojan Killer downloadable through the button below.

Associated virus files to be removed:

[random].exe

Associated virus registry entries to be removed:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[random].exe"

Manual removal video:

Leave a Comment

*