Specialist Crime Directorate virus. How to unlock your system
There are various modifications of the same virus that attacks PCs located in the UK today. One of the first variants of this scam had the name “Metropolitan Police virus”. A little bit later another version of it appeared, known as “Police Central E-Crime Unit virus” (PCEU). Some users also complain that their PCs are infected with some Specialist Crime Directorate ransomware. All these names tell about the same infection – the ransomware program that has been specifically developed by the team of cyber hackers who want to become richer by means of applying various fraudulent and tricky techniques.
Specialist Crime Directorate ransomware, therefore, primarily attacks the PCs of those users who live in Great Britain and, possibly, some other English-speaking countries. However, the very ransomware virus infection we’re talking about right now has certain international character. It may be implanted into the PC of any country of the world, irrespective of its wealth status. The purpose of the ransomware program is to scare PC users to death with the bunch of untrue information that is presented in the text of the ransomware locker.
The ransomware program that claims to be coming from Specialist Crime Directorate accuses users of performing various crimes through the computer, thus explaining the locked status of it. In particular, the accusation contains the information about user downloading, storing and distributing illegal copies of audio, video and software, watching and spreading a lot of illegal explicit information, sending unsolicited spam to various addressees and even visiting the sites of terrorist organizations for the purposes of supporting them. As you see, this is quite a scary portion of information, and users who don’t realize that it is fake might be really scared with it. So, you need to be very careful not to follow the tricks of the crooks that have developed this malicious utility.
Please do not indicate any Ukash or Paysafecard voucher or PIN codes as instructed by the virus. Doing so is a very serious mistake, because hackers will never give your money back to you. Thus, stay on the alert permanently! In order to get rid of Specialist Crime Directorate virus that locked your system please carefully follow the removal guide that will help you unlock your system effectively from ransomware infection.
Automatic removal solution (recommended):
- Go to your friend, relative or anybody else who has computer with Internet connection.
- Take your USB flash drive / Memory Stick with you.
- Download GridinSoft Trojan Killer installation file from this site https://trojan-killer.net/download.php and save it to your USB flash drive / Memory Stick.
- Get back to your infected PC and insert the USB Drive / Memory Stick into the respective USB slot.
- Perform hard reset (press reset button on your computer) if your infected PC has been on with Metropolitan Police background. If not, then simply turn your PC on.
- Before the very boot process begins keep repeatedly hitting “F8” button on your keyboard.
- In the window that appeared select “Safe mode with command prompt” option and press Enter.
- Choose your operating system and user account which was infected with Metropolitan Police virus.
- In the cmd.exe window type “explorer” and press “Enter” button on your keyboard.
- Select “My Computer” and choose your USB flash drive / Memory Stick.
- Run the installation file of GridinSoft Trojan Killer. Install the program and run scan with it. (update of the program will not work for “Safe mode with command prompt” option)
- When the hijackers are successfully disabled (fixed) by GridinSoft Trojan Killer you may close GridinSoft Trojan Killer application.
- In the cmd.exe window type “shutdown /r /t 0” and press “Enter” button on your keyboard.
- Upon system reboot your PC will be unlocked and you will be able to use it just as before the infection took pace.
- However, it is recommended that you now update GridinSoft Trojan Killer and run the scan with it again to remove the source of the infections causing Metropolitan Police virus to infect your PC.
Automatic removal video:
Metropolitan Police manual removal (optional):
- Restart your system into “Safe Mode with Command Prompt”. While the PC is booting press the “F8 key” continuously, which should present the “Windows Advanced Options Menu” as presented in the image below. Apply the arrow keys in order to move to “Safe Mode with Command Prompt” and hit Enter key of your keyboard. Login as the same user you were previously logged in under the normal Windows mode.
- Once Windows boots successfully, the Windows command prompt would appear as described at the screenshot below. At the command prompt, type-in the word “explorer”, and press Enter. Windows Explorer should open. Please do not yet close it. You can minimize it for a while.
- Afterwards open the Registry editor by applying the same Windows command prompt. Type-in the word “regedit” and hit Enter button of your keyboard. The Registry Editor should open.
- Find the following registry entry:
In the right-side panel select the registry entry named Shell. Right click on this registry key and select “Modify” option. Its default value should be “Explorer.exe”. However, Metropolitan Police virus did its job, and so after you click “Modify” you would see totally different value of this registry entry.
- Copy the location of the modified value of the above-mentioned registry entry to the piece of paper or memorize its location. It shows where exactly the main executable of Metropolitan Police virus is located.
- Modify the value of the registry entry back to “explorer.exe” and save the settings of the Registry Editor.
- Go to the location indicated in the value of modified registry entry. Remove the malicous file. Use the file location you copied into the piece of paper or otherwise noted in step in previous step. In our case, “Metropolitan Police” virus file was located and running from the Desktop. There was a file called “contacts.exe”, but it may have different (random) name.
- Get back to “Normal Mode”. In order to reboot your PC, when at the command prompt, type-in the following phrase “shutdown /r /t 0” (without the quotation marks) and hit Enter button.
- The virus should be gone. However, in order to clean your PC from other possible virus threats and malware remnants, make sure to download and run GridinSoft Trojan Killer downloadable through the button below.
You know how it normally looks like, don’t you? Well, here is the screenshot of it:
Associated virus files to be removed:
Associated virus registry entries to be removed:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[random].exe"