How To Remove The Canadian Police Cybercrime Investigation Department Ransomware Virus

Sean Doyle

Sean Doyle is an engineer from Los Angeles, California. Sean’s primary focuses include Internet Security, Web Spam, and Online Marketing.

79 Responses

  1. Prousarick says:

    Sean, you ROCK! I thank you for sharing your invaluable expertise.

  2. M-L says:

    is the virus works on mac’s because i saw the web page and didn’t have further problem just yet

  3. Anonymous says:

    Thank you!!!!!!

  4. Anonymous says:

    Thank you soooooooo much!

  5. Sean says:

    Thabk you so much, this was seriously freaking me out

  6. Anonymous says:

    Thanks a lot very good and useful information, I shared with.my friends as many are affected by this virus

  7. Doron says:

    Thank you so much. used the manual version to get up and running downloaded and am running Malwarebytes now.

  8. Anonymous says:

    what happens ifyou cant remove olice

  9. bob says:

    thank you soooo much! scared me haha totally freaked out a little till i could actually look at what it was asking for

  10. Abid says:

    Thank You very much … best advise ever had …

  11. Anonymous says:

    Thank you so much Sean. You save my day. I got scared by that virus!

  12. Sylph says:

    God damn thank you so much ! You’re my hero! I got so scared this virus popped in my face just as I was confirming a download xD I was able to use option 3 in like 10 min and now everything seems fine ! 🙂

  13. Anonymous says:

    My computer would not start in any sort of safe mode, but I figured out how to get past the lock screen in regular startup. When on the locked screen disconnect any Internet access to your computer, from there, in the second “credit card” pay option put the number “0” 16 times and enter it as a credit card number. That acted as a payment and took off the lock screen long enough for me to follow these steps to remove the virus!

  14. doodool says:

    Thank you so much for the instruction.

  15. Anonymous says:

    Seriously man i thought some little shit was on mylap top fucking with the stuff the warning sepcified. but then i saw how much money they wanted and i immediatly knew it was a virus.
    it took me close to 2 hours to get rid of the virus because i had to do it manually
    thanks you to whoever posted this
    and does anyone know how you actaully get the virus (site wise)

  16. Carey says:

    Awesome awesome awesome, thanx alot Sean, that one did kinda scare me, your the man!!!

  17. Doug in Canada says:

    Thanks for the help with this terrible virus. I found Supa_roost’s file was on my computer too.

  18. Alex says:

    Wow thanks a lot Sean. I’m no computer wiz and option 3 worked great for me thanks again

  19. Supa_roost says:

    The latest mutation is using the following reg string . [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    shell = “explorer.exe,%AppData%\skype.dat”. Delete the Shell string and the file skype.dat found under %AppData%\ (press windows key and r to get the run command and type in %AppData%). As always do this in safe mode. Safe mode with networking might fail, so use Safe Mode with command prompt.

  20. J. B. says:

    This guide was detailed, yet very simple and straight to the point. 15 minutes ago I just had my first (and hopefully last) experience with this Ransomware virus. It was so bad that I could not turn on my computer or access anything (even safe mode) until trying several times. I just managed to restore the system back to a few days ago and everything is looking good so far.

    I owe you big, thanks so much!!

  21. Bee Divine says:

    This just happened to me the file name it was under was:
    – kcheeyualpqzrons
    – kcheeyualpqzrons.exe

  22. Anonymous says:

    Very good thank you Good to see someone knows what is going on! Deleted that bad Bas dard for the registry.
    From Northern Canadian Suffer

  23. Anonymous says:

    very good thank you

  24. Anonymous says:

    THANKS DUDE RESTORE WORKS THANKS A LOT……..

  25. Anonymous says:

    Thanks a bunch man. System restore worked for me.

  26. Anonymous says:

    System Restore worked perfectly – THANKS!

  27. Anonymous says:

    Thank you so much Sean.

  28. Anonymous says:

    Thanks so much dude!!
    You are the boss!
    I thought what the hell?
    Is’n Canada a free country?
    Luckily it is.

  29. Howie says:

    Sean Doyle isTHE best Cyber Security Expert !!!!!
    I used option 2 fix my bug in 5 mins!!! Thanks from Victoria BC!!!

  30. Anonymous says:

    thank you so much!!!!

  31. Anonymous says:

    Sean, you are now one of my best friends in the world – THANK YOU!!

    After I used Malwarebytes I did all your Manual Removal steps and actually found a few misc items that were not removed by MBAM, so also deleted the few additional files that had the timestamp of when things went bad (JScript file and a few DATs) using your directions – again, THANK YOU

  32. Farzad says:

    Sean, you are awesome, they wanted to charge me 89$ online, with your help I got rid of the virus in no time!

  33. Anonymous says:

    If you can get task manager running, “End Process” the services.
    you’ll have about 5 seconds before you can use “del” from a cmd window to delete the major exe file that is bothering you.
    Mine was in the C:\Users\Adam\wgsdgsdsgs.exe something like that.

    for the longest time, i couldn’t use the “de” command from cmd to remove it, even in safe mode, even after removing read-only attribute. But killing the services fixed.

  34. S. Squires says:

    Had to use the safe mode with command line to do a system restore to the previous day. Booting to a GUI, normally or in safe mode, would cause the virus to lock my computer within seconds so couldn’t run virus scan or anything. The command line fix worked…back up and running in normal mode and running virus scan just to be sure.

    Thanks so very much…very much appreciated!!!!

  35. Anonymous says:

    How do you disable wifi?

    • Sean Doyle says:

      1. Navigate to your Network Connections.

      Control Panel > Network and Internet > Network Connections

      2. Right click the Wi-Fi icon and select Disable. Do the same to Enable Wi-Fi once again.

  36. Anonymous says:

    thers and easier way then useing command prompt just disable your wifi or internet from your computer and run system restore

  37. Anonymous says:

    Thanks! I was ready to toss my laptop!

  38. Anonymous says:

    thanks a lot! keep up the great articles, these virus creators make me sick.

  39. Pierre says:

    Thanks Sean it was very kind of you to help with this little nasty

  40. Anonymous says:

    Whew!What a relief!You are a great Man! Thank you!

  41. James Sprague says:

    Thank you! Did a restore following your advice and everything now working fine. Going to notify my virus software company that their program didn’t stop this virus. Thank goodness for your post – otherwise I was going to take computer over to have commercial firm fix problem. You saved time and money!

  42. Anonymous says:

    THANKS A MILLION!!!

  43. Anonymous says:

    Thank you so much for the help.. I almost paid until something made me look up possible scams! My computer is back to rights now thanks to you!

  44. Anonymous says:

    thank you so much.

  45. Anonymous says:

    I just want to say thank you for posting this help. Since we can’t get back at the guys who make these viruses its great to see community support in finding them and helping those that get infected. GOOD WORK!!!

  46. Anonymous says:

    whoever made this virus deserves to die, thankyou for your help

  47. Someone says:

    If you reboot in command prompt safe mode but can’t get explorer running in time, but it still lets you access the command prompt, type “notepad” and press Enter, then use Notepad’s Open box (Ctrl-O or File > Open) to navigate to the program you want to run (switch the file type from text files to all files or enter “*.*” in the name box & press Enter to see programs). Right-click the program and click Open, and it should start.

  48. Anonymous says:

    OK I got this on PC using a 64 bit edition of Windows 7. It got installed getting by AVG anti virus program. I found it as an exe file called lsass.exe. Enable hidden folder options. Open my computer. Click on drive ur using that has ur operating system ur using right now. Open hidden file folder called ProgramData. You will find the lsass.exe there. Delete that lsass.exe file. I did not have to go to reg or anywhere else to delete files. PC is ok now. I did this via using another operating system to access this affected drive. You can also do it using safe mode accessing the current drive directly to delete this file. Just make show you enabled hidden folder options. This files is about 44.0 KB in size. Good Luck. And dont panic .. u can always remove this affected drive from your pc and install to another friends family pc as a secondary drive to remove this file.

  49. Anonymous says:

    WOW THANK YOU SO MUCH

  50. anon says:

    OMFGGG THANK YOU SOOOO MUCH!!!!

  51. Anonymous says:

    Thank you!! My computer is still in the restore process, but not only did it unlock it, my roommate is terrified to look at porn now!

  52. Anonymous says:

    Thank you so much! The malware really had me scared there for a while but your advice helped me clean it up. Thanks!

  53. Anonymous says:

    Sorry didn’t have “.exe” on the end…

  54. Anonymous says:

    Thank you! Just used these steps and it worked, “rsturi” didn’t Jane “.exe” on the end, but it worked anyways!!!

  55. DAvid says:

    You are the best. Thanks so much for posting this. I used option 3 and it worked perfectly.

  56. Anonymous says:

    Thank you very much for having this information happen to me recently as well . This website helped me out a lot

  57. Anonymous says:

    phew….well done

  58. Quincy says:

    Thank you so much for this information. I’m computer savvy enough, ‘enough’ being the key term here, to know that any suspicious prompt that asks me for money is essentially bogus, but I’d never seen anything like this before. The lock-up page looked 100% legit and did, in fact, scare me into a standing position in front of my computer for a bit. But as per your suggestions, I ran a system restore and it worked like a charm. Once again, thank you, thank you, thank you.

  59. Anonymous says:

    Thanks so much, it worked! I wish we could go after these guys that came up with this stupid virus.

  60. Anonymous says:

    Thank you for the steps. I am not computer-savvy and yet was able to make it work. Thanks for sharing.

  61. bj says:

    thanks this worked well

  62. Scot says:

    Worked well, thank you

  63. Anonymous says:

    thanks really helpful

  64. Anonymous says:

    Thanks so much!!!

  65. Anonymous says:

    Thank you so much, it really helps me a lot!

  66. Anonymous says:

    thank you thank you. worked like a charm (safe mode option). much appreciated.

  67. Anonymous says:

    Thank you… This saved me from alot of headaches

  68. Anonymous says:

    Thnx

  69. Anonymous says:

    Thank you so much you just can even know how this helped me!!! Im so happy right now!! My computer is working like before all that!! I’ll never thanks you anough!!!!!

  70. Anonymous says:

    thank you

  71. Anonymous says:

    Thank you!!!

  72. Heatyher says:

    Thank you so much. This saved me a lot of misery.

  1. October 22, 2012

Leave a Reply

Your email address will not be published.