Metropolitan Police virus warning. How to remove

70 Responses

  1. Andrew says:

    I tried the above – unfortunately i am being told that ‘registry editing has been disabled by your administrator’. any idea how to get around it?

  2. andreas says:


    If you have questions or problems, please, write us here:

    We will help you to cope with your problem.

  3. Misa says:

    Help! Im on windows 7, and when I modified Shell, it said ‘explorer.exe’ what should I do?

  4. Saw says:

    The shell has not been changed mine is still explorer.exe so how do I remove the virus?!

  5. ivan says:

    I didn’t get the messed up shell entry either.

    I opened “system configuration” from the start menu and looked at the startup tab. There was one entry that was gibberish and it was located in the temp folder. I just deleted everything there from the last couple of days. To be honest, I didn’t think it would work…
    My antivirus software, which is supposed to be a full version, didn’t help AT ALL. It’s mcafee by the way.

  6. Vexx says:

    I followed and i also had the same problem, when i right click on shell and modify, it says explorer.exe

  7. Cloud says:

    I had issue with following this step and found out that Shell already had explorer.exe. I managed to Find/Remove the virus by going into safe mode with networking, and in the start menu’s Search function i just typed “.exe” and immediately it found a file that was for example “0.81179398D9d.exe” which when i opened it, it loaded a internet page made my screen enter full screen mode and pretty much did what the virus does. i restarted my computer and found it again, it said it was located in system/rundll… and this time i delted it, and restarted my computer, no more virus appeared.

  8. me says:

    I tried this too but found that the shell line in the registry was still explorer.exe

    but in the end found the virus hiding rather simply as a random exe in the program files startup folder from the start menu, worth taking a quick look there and if there is an exe you dont regognise delete it.

  9. Tan says:

    Thanks a lot … I have tried it but this time it did not changed the reg file … Rather found the virus after searching in explorer under safe mode … At least this blOg helped me tO realise that its a virus and .exe file needed to remove …

  10. Calan says:

    There’s a slightly easier way.

    1) Start PC in safe mode
    2) Navigate to Windows > Startup
    3) You’ll see a random file listed, right click it and view properties. It will have been created today and will display its location
    4) Find it, delete it
    5) Delete the startup entry
    6) Job done

  11. HELP says:

    Will it work if I restore my laptop? And how did this happen and more importantly. how do I stop this from happening in the future??? Please reply asap!

  12. Lu says:

    will it get rid of it if you delete the account it happened on?

  13. Marina says:

    Trojan remower лучшая програмулька для этого. Загрузка по F8 c поддержкой сети , скачать и установить программу (она есть 30дневная) ,обновить базы и запустить скармливание. Работа мин на 20. Удачи!

  14. ambro says:

    when i type in shutdown /r /t 0 my computer turns off but it wont turn on back again. pls help

  15. Lorenzo says:

    non capisco perchè infilarvi in queste guide tanto complesse quanto parlando chiaro la maggior parte di coloro che proveranno questa guida chiameranno il “tecnico” di fiducia e si faranno formattare il pc….troppo complessa per i miei gusti!! ci sono capitato anch’io in questo virus! e dico che è una cavolata uscirne….basta riavviare il pc normalmente e prima ancora che il virus agisca,portarsi su start,scrivere nella barra di ricerca “msconfig” andare nel menu strumenti ed avviare il ripristino configurazione di sistema!! (il virus agirà comunque ma almeno avete il pannello di configurazione sistema a vostra disposizione,e avendo il pannello avete pieno accesso al pc ) tempo 5 minuti e il vostro pc si dimenticherà di aver incontrato quella sottospecie di virus!!!

  16. andy w says:

    what happens if i access safe mode but can’t get a command prompt/ says ‘a problem has been detected and windows has shut down to avaoid damage to your computer’

  17. marg says:

    done everything as advised, but when i try to load the trojan killer, my computer will not recognise the usb and i cant run the program, please help :)))

  18. Dan says:

    Hello People
    This is a ransomware which I think is from from the nazis who think that they could get away from trying to threaten people and get some money out of people in British Pounds. This Trojan virus comes into your computer if you visit some porn sites with .eu extension.
    These nazis are also getting smarter as and when people post remidies on this website they try and find out ways and means of hiding thier files.
    I had to sort out a laptop which had both administrator and user accounts. The user had used the user account to visit some .eu porn site and this virus had blocked his laptop.
    Unlike what has been said in the forum that the “shell” when being modified using regedit would show the place where the file would be available won’t be true any more as these guys have left the shell to show However they have started hiding the files that they are using to block your computer.
    What I did was to remove the hard drive from the laptop and connected it to another computer using an USB adapter. Then I made sure that, when exploring the hard drive, I had set the folder options to show hidden files.
    When I went into the the C: drive and then into ‘doucments and settings folder’, I saw the user folder(which is hidden if the folder option is set to not show hidden files). I went into it and found some applications called 0.2944330001364994 and 0.96683332612963674h7i. This hard drive had XP installed in it.
    I deleted these files and there you go, the laptop is back on line. No more metropolitan threats. I had also done a regedit as suggested on this forum just to ensure that the shell had some funnies in it. But it did not.
    No Antivirus or malware software does detect this.

  19. Dan says:

    Hello People,
    Sorry for an omission. The hidden folder was in ‘document and settings\user\applicationdata’ (which is a hidden folder).
    Hope this helps

  20. Phil says:

    Hi all, I removed this with the Trojankiller. I couldn’t do it automatically once Trojan killer found all the problems because I was in safe mode and couldn’t register with them. So I copied the registry list by hand and deleted manually. My file was hiding in my users file/appdata/roaming/cgs8ho.exe. Plus there are 10 registry items to find. Seems to have worked though.

  21. Tom says:

    i also had this problem today it came up as a random file won’t say anymore but if i were you id talk about this privately they read these posts to figure out how they improve their schemes if youre running on windows do the msconfig in the run menu then startup go through the files and it will come up with a random file like ‘cd128.exe’ and next to it where it sais author or origin it will say unknown untick the box and download a malware removing device hope this helped


  22. Alice says:

    J’ai fait le systeme automatique mais ca n’a pas marché, j’ai toujours le “message de la Gendarmerie” au démarrage. Comment faire?

  23. Peter says:

    I found myself with this last night (price has gone up to £100 BTW). As I didn’t have an alternative PC, I simply disabled my wireless, then (as the laptop was SLOWLY starting up) dived in quickly and ran System Restore back to a restore point from a couple of days ago.
    Once this was completed, I ran an AV scan (Symantec) which found nothing. Having read this article, I’ll be running an alternate Trojan scan, but so far all seems OK.

  24. isabella says:

    if i can remove it with the trojan killer program i will absolutely buy this program.just i wait to see what it is scaning.

  25. Filipe says:

    Não consigo, quando ligo no modo de segurança com linha de comandos, o ecrã fica branco. Por favor respondão para aqui se faz faor:

  26. Graham Revens says:

    Metropolitan police virus

    Safe mode
    Safe mode with command etc
    All seem to have been disabled
    They either return me to the boot page or windows starts in normal mode

  27. Petar says:

    Got this today on a coleagues laptop but virus web page stays on top of everything so it is impossible to do anything from task manager or Command prompt in safe mode. Managed to remove it by starting repair fron windows boot and doing system restore.

  28. Jack says:

    I used system restore, and scanned with malbytes, nothing appears,

    is the virus still on my pc?

    Checked regedit and the shell says ‘explore.exe’ so cant find the location if there is one hiding?

    is it nesscary to run trojan killer? and does it cost anything?

  29. dino says:

    não veem que estão a ser comidos?!?!?!o fulano está-vos a dizer exactamente como se instalar ele próprio no vosso computador,a maioria que se disponibiliza para vos ajudar(programas e pessoas) é sempre com outro intuito..não façam nada acima mencionado…este deve ser exactamente o q lançou o virus,agora é a forma dele de entrar..ACORDEM..DAHHHHH

  30. Fabio says:

    per sbaglio ho eliminato il file “shell”…qualcuno sa dirmi quali rischi comporta e se la rimozione del virus si puo’ effettuare lo stesso??? Help me grazie

  31. Julia says:

    Dear Fabio,
    We will help you to sort out this issue. Please contact us via ticket system
    Best regards,
    Trojan Killer customer support team.

  32. Lorraine says:

    Thanks to this website I finally got rid of this pesky Trojan. In our case, the explored.exe option had been covered by the bug so I scanned the comments section and tried the user/application data advice and there it was! An ugly cartoon face and the name was “fnpmxlqf” Which is nowhere to be found on the Internet. I am now trying to down load some antivirus to prevent it coming right back! Thanks !!!

  33. Because says:

    Ok so I’m having problems from the start. First of all it does not come up on the second screen shot on my computer. There is no documents and settings written. I write explorer but then it doesn’t come up. Even wen I reach the redi t settings. I don’t see shell anywhere ? Please help if u can

  34. Jack says:

    Will any of these methods wipe files off of the computer though?

    I can’t afford to lose files!

  35. nigel says:

    didnt work ,said it found virus and remove but it, still there?

  36. nigel says:

    update, now tried the manual way, at edit string, mine does say explorer.exe to start with ,so no point in changing it.

  37. nigel says:

    ps, on my xp system,reads Garda Siohana as im in ireland, dont knnow if i have a updated version of ths virus,so the trojan killer dont work?

  38. nigel says:

    Just done a system restore,seems to have done it, computer unlocked and working, should have done this in the place.

  39. ritchie says:


    Ok what i did i went into the command prompt then typed in “msconfig”, I then clicked the option for the programmes that are used when starting your computer up, look firstly at the publisher catgory for “unknown” it will be one of them i then found one with unknown, or one that sounds really werid and it would normally be in your app data folder i then diasbled it, restart then i went on start computer, found some werid file when i hovered my mouse over this file it said the date created was the day of the virus so i removed this file emptied recycle bin, and did a full virus scan on my computer, Hope this help, please tell me if you didnt understand any steps!


  40. Glen says:

    Done the Gridinsoft to USB option, worked perfect, thank you for the guidence.

  41. Colin says:

    Your solution has worked for me. Thanks

  42. Mike says:

    I start my computer in safe mode but it shuts itself off befor I can do much. Help

  43. Hayley says:

    The regedit didn’t work for me either, my Shell file was still at explorer.exe.
    I went into System Config, Startup an saw a bunch of letters I didn’t recognize, in my program data, sure enough, when I went to the folder, had to use windows key + R, because it was hidden, the file was there with a stupid cartoon pic. I deleted the file and now my laptop is back to normal. Easy peasy once you work it out!

  44. John says:

    I managed to remove this by pressing F8 to get the screen where you can start in safe mode, but instead of doing that I selected “repair you computer”. I followed through this and chose “system restore” and simply restored the system from about a week earlier.

  45. Rols says:

    Worked fine, went to safe mode, msconfig, killed suspicious looking service, deleted the relevant hidden folders, rebooted the pc and scanned with antimalware/antivirus and pc good to go…


  46. Nas says:

    For me the virus was located in C:\Users\(User)\AppData\Roaming\msconfig.dat. It took me a long time to find it and many anti-spyware/virus software could not find it. Hope this helps.

  47. Jimbob says:

    Nice one ‘JACK’….SYSTEM RESTORE…thought ‘what a waste of time that’ll be’..IT WORKED!!(I had already tried all regis.etc..WELL DONE!!

  48. Chris says:

    Under ‘msconfig’ then ‘Start up’. I have a start up item named ‘Conime’..this is the only item in the list that is listed as ‘unknown’. Im wondering if this is where the problem is coming from. If i un-tick/disable this item will that solve the problem?
    The location of ‘Conime’ is ‘HKLM/SOFTWARE/Wow6432Node/Microsoft/Windows/CurrentVersion/Run


  49. AG says:

    the downloaded trojan killer worked perfectly first time. i had a very nasty case of the Police Virus and Trojan Killer did exactly what was on the box.

    I would reccommend this product.

  50. Lisa says:

    Omg! My now ex bf!!! Locked my laPtop out completely with this virus, he eventually admitted that he got the virus after looking at porn!!

    Safe mode doesn’t work, just goes round in a looP?

    Simple fix, DON’T LOOK AT PORN!!!

  51. Keith says:

    System Restore works every time. Just make sure you roll back to the point *before* the session before the screen actually appeared as it is installed prior to shutdown and is not evident until the next reboot.

  52. Lisa says:

    Omg! So many pervs on here looking at porn! No wonder it’s mostly men!

  53. sean mc larnon says:

    thats a lot of effort. Simply remove by booting in safe mode and use system restore to roll back your pc to a time before it was infected.

  54. andy says:

    can anybody help me get this virus off my daughters school laptop, ive tried everything,

  55. Julia says:

    Dear Andy,
    we recommend you carefully reading this post. Here you will find the effective removal instructions. If any other questions occur, we kindly ask you to contact us via
    Best regards,
    Trojan Killer customer support team

  56. Terry says:

    Thank you for your kind instructions. Have faith in humanity again! ;-))

  57. bhu says:

    the virus keeps retsarting my PC when I try to use trojen killer and the same when i try to remove it manually. I got to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon once in time before it rebooted but it was normal with explorer.exe!!! ANy more ideas? Please help

  58. Adrian says:


    I did this, went to Change the explorer.exe – the entry was as should be.

    I was using safari when this ransom ware took effect, is there any other thing I should be checking?


  59. tony says:

    yeah lisa because women dont watch porn…

  60. Paul says:

    Cannot boot to safe mode keep getting blue screen …

  61. N says:

    Persoanlly, I found ‘lsass’ located in folder: C:/Program Data/
    Another place to look.

  62. Unknown says:

    You could always do it the easy way.. start PC tapping F8, repair your computer, system restore…

    I deal with this scam daily.. why download other programs when your PC has everything needed.

  63. Caroline says:

    Tried this but when I type explorer it just goes straight to the virus window. Im on windows XP can anyone tell me how to get to the explorer page so that I can fun the virus fix file which I downloaded from this page

  64. Dinoderk1 says:

    please help, pressed f8 on boot up and tried to boot up in safe mode with comd promt but it will not go to safe mode it just keeps booting back up to the police virus screen. The axact same thing happens when i try to boot up in safe mode with networking. i am using windows XP Pro.

  65. Victim says:

    My laptop “Toshiba” from 2000 has been infected with this “Metrolian police” but it’s more advanced and it’s Spanish. What it does is that it doesn’t allow you to start on safe mode, neither enter the F1 in the start. I can’t find a way of removing it. It does not allow you to do ANYTHING. It’s fake I know but nothing happenes when we try to remove it. PLEASE HELP!

  66. Victim says:

    Also my windows is an XP

  67. Rod Smith says:

    Dissapointed that the softwear does not let you remove your first infection before asking for money for the programme.

    Publishers will find if a good softwear publisher is trusting enough, people will still buy the softwear, especially if it has solved a problem.

    Initial reaction, will find another way to remove, try, Malwarebytes.

  68. andy says:

    We can issue the free trial code for 15 days to all interested users

  69. 00st says:

    Got this on a windows 7 machine. Got rid of it by using “safe mode with command prompt”, minimizing that & then using system restore. Normal safe mode would just cause a restart.Tried the regedit thing, but like so many others I only found “explorer.exe”.

  70. John says:

    I have disabled the bug from startup as Rich suggested. However, when I go to delete the file from Appsdata folder it is not there?
    Do I have to enable it for it to appear?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.