Home » Blog » Cybersecurity » Cybersecurity » How To Remove The Interpol Department Of Cybercrime Ransomware Virus (Fake Interpol Virus, Interpol Trojan)
How To Remove The Fake Interpol Virus

How To Remove The Interpol Department Of Cybercrime Ransomware Virus (Fake Interpol Virus, Interpol Trojan)

What Is The Interpol Department Of Cybercrime Ransomware Virus?

Interpol RansomwareThe Interpol Department Of Cybercrime virus (Interpol Virus) is ransomware  controlled by the use of trojans that holds computer systems hostage and displays a fake Interpol screen which frightens computer users to suspect their computer was used in cybercrime such as child porn, zoofilia, and the Interpol virus will most likely state the computer was used to download or distribute video, music, and software against copyright and related rights laws in the country of Great Britain. The Internpol Department Of Cybercrime virus then demands a penalty fine to be paid either by Paypal, UKash, or Playsafecard in order to unlock and use the locked computer. Though this fake Interpol malware is likely to strike in Europe, users have been infected throughout other continents.
Similar ransomware: Citadel Reveton, FBI Moneypak, International Police Association (IPA)
Like most ransomware the fake Interpol virus creates files and registry entries which in turn will allow the infection to  run itself every time the computer system is turned on. Luckily this article will describe options to remove this dangerous Interpol Department Of Cybercrime virus.

Interpol Department Of Cybercrime Ransomware Virus

Interpol Department Of Cybercrime Ransomware Virus Symptoms

  • The Interpol Department Of Cybercrime ransomware virus installs onto computer systems without permission.
  • The Interpol Department Of Cybercrime ransomware virus is capable of hijacking, redirecting, and changing internet browser settings and installing other forms of malware such as adware and spyware. Infected users often have other bundles of malware.
  • Once infected with the Interpol Department Of Cybercrime ransomware virus the computer system becomes locked. The computer user can not access the internet, nor properly navigate through their operating system.
  • A fake Interpol website or screen states: “YOUR PC IS BLOCKED DUE TO AT LEAST ONE OF THE REASONS SPECIFIED BELOW”
  • You have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Great Britain. Article 128 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years.
  • You have been viewing or distributing Pornographic content (Child Porn/Zoofilia etc.) This vilating article 202 of the Criminal Code of Greatb Britain. Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years.
  • Illegal access to computer data has been initiated from your PC, or you have been… (concludes the rest of the article)
  • Article 208 of the Criminal Code provides for a fine up to €100,000 and/or a deprivation of liberty for four to nine years.
  • Illegal access has been initiated from your PC wtihout yoour knowledge or constent, your PC may be infected by malware, thus you are violating the law of Neglectfil Use of Personal Computer. Article 210 of the Criminal Code provides for a fine of €2,000 to €8,000.
Interpol Department Of Cybercrime Virus Webcam
Web Cam Control

When the computer user is taken to the fake drive-by-download website or fake Interpol screen, a video connection, which is streamed from the users connected webcam is displayed as “recording”. If you do not have a web cam connected the video screen will appear blank and will still show as recording.

  • You can stop your webcam stream against this virus by denying flash. To deny flash please click here.

How to remove the Interpol virus (Ransomware)

  1. Anti-Malware Software – Scan and remove Interpol malware.
  2. Manual Removal – Kill process, delete directory files, remove registry values.
  3. System Restore – Restore your computer to a date and time before infection.
  4. For Tech Support – Call 1-888-986-8411 and they will kindly assist you with removing this infection

1. Anti-Malware Software

1. We highly recommend writing down the toll free number below in case you run into any issues or problems while following the instructions. Our techs will kindly assist you with any problems.

if you need help give us a call

2. Install the free or paid version of Malwarebytes Anti-Malware.

Purchase   Download

3. Once Malwarebytes is installed, run the program. If you are using the free version of Malwarebytes you will be prompted to update the database, make sure to do so.

4. On the first tab labeled “Scanner” select the Perform full scan option and click the Scan button to perform a full system scan. Malwarebytes will automatically detect malware infecting the computer system.

Malwarebytes Perform Full Scan

5. Once the malware scan is complete, Malwarebytes may prompt a notice stating malicious objects were detected. Select the malicious objects and click the Remove Selected button to completely remove the malicious files from your computer (the image below shows a file that is NOT selected) or click the Delete button to remove files.

Malwarebytes Gadgetbox

2. Interpol Virus Manual Removal Procedure

To manually remove fake Interpol malware please follow all outlined steps. First kill the malicious processes, then remove directory files created by the infection, and finally delete registry entries (values) created by the Interpol Department Of Cybercrime ransomware virus.

Kill Process

Launch the Task Manager by pressing keys “CTRL + Shift + ESC”

Windows Task Manager Processes Tab

Select the “Processes” tab and search for both Interpol Department of Cybercrime Ransomware processes and right-click to end them.

  1. %System%\winlogin.exe
  2. %Windir%\winrun.exe
Remove Directory Files

Click on Window’s “Start” menu and then click on the “Search programs and files” box and search for and delete the files created by Interpol Department of Cybercrime Ransomware:

You can also enter %AppData% into Window’s Start Menu search box and press enter to enter the Application Data folder which these files are located in.


  1. %AppData%\NPSWF32.dll
  2. %AppData%\random.exe
  3. %AppData%\result.db
Remove Registry Values

Open Registry Editor by navigating to Window’s “Start” Menu, and typing “Regedit” into the seach box then click “OK” to proceed.


When Window’s Registry Editor is open, search and remove of the following registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\random.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd]
HKCU\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe\Debugger svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe\Debugger svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe

3. System Restore

Option 1: Windows Start Menu rstrui.exe Restore

1. Access Windows Start menu
2. Type rstrui.exe into the search field and press Enter
3. Follow instructions in Window’s Restore Wizard

Option 2: Windows Start Menu Restore

Start Menu System RestoreStandard directions to quickly access Window’s System Restore Wizard.

1. Access windows Start menu and click All Programs.
2. Click and open Accessories, click System Tools, and then click System Restore.‌
If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. Restore your computer to a date and time before infection.

Option 3: Windows Safe Mode With Command Prompt Restore

During instances where the computer user can not access Windows desktop and the computer has become infected with malware, viruses, or other conflicts and malfunctions, entering Windows utilizing sage mode with command prompt is the suggested step to access Window’s restore center. If it is difficult to start windows in safe mode or if Windows’s brings up a black screen, with “safe mode” in the four corners – Don’t panic. Move your cursor to the lower left corner, where the Search box is usually visible in Windows Start Menu and it will come up, including the “Run” box.

1. Restart/reboot your computer. Unplug if necessary.
2. Enter Windows in “safe mode with command prompt”. To properly enter safe mode, repeatedly press F8 upon the opening of the boot menu.

Safe mode with command prompt

3. Once the Command Prompt appears type “explorer” and hit Enter. Sometimes during infections of malware and viruses you only have the opportunity to do this within 2-3 seconds. In some cases if this is not performed during the allotted seconds, viruses such as the FBI MoneyPak ransomware virus will not allow you to type “explorer” anymore.

Comand Prompt Type Explorer

4. Once Windows Explorer shows up browse to:

  • Win XP: C:\windows\system32\restore\rstrui.exe and press Enter
  • Win Vista/Seven: C:\windows\system32\rstrui.exe and press Enter

System32 rstrui
5. Follow all steps to restore or recover your computer system to an earlier time and date, before infection to complete Windows restore.
Restore system files and settings

Lead Editor

Sean is a tech author and engineer with over 20 years of experience in cybersecurity, privacy, malware, Google Analytics, online marketing, and other topics. He is featured in several publications.

More Reading

Post navigation


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

How to remove MCrypt2018 Ransomware (Free Guide)

How to remove The Guardians of the Peace of Ireland virus – Ransomware removal Instructions

How to remove Remcos (Malware Removal Guide)