Related Posts


How to remove Police Central e-crime Unit Ransomware (Virus Removal)

What is the Police Central e-crime Unit ransomware virus (EPCU virus)?

As of June 2012 two separate forms new ransomware titled Police Central e-crime Unit ransomware 1. Win32/Weelsof and 2. Win32/Reveton have been infecting numerous computers disguised as police units such as the Specialist Crime Directorate or Metropolitan Police. The Police Central e-crime Unit ransomware locks computer systems (as ransomware does), claims the operating system is locked due to a violation of laws per IP geographical location (most notably the UK), which may include distributing and visiting illegal pornography, such as child pornography, and zoofila, among other fake claims. The e-crime Unit virus then demands a fine of 100 Euro or $100 be paid by UKash or Paysafecard services.

Related Ransomware: Citadel Reveton, FBI Moneypak, International Police Association

Police Central e-crime Unit ransomware symptoms

1. Win32/Weelsof

■ A fake alert from an online authority Metro Police  stating the infected computer has been violating the law which states “this computer was locked to stop your illegal activity.”

■ Fake violation claims include: Your IP address was used to visit websites containing pornography, child pornography, zoofila, and child abuse.

■ The infection claims “Your computer also contains video files with pornographic content, elements of violence, and child pornography. Spam-messages with terrorist motives were also sent from your computer.” (please be aware these are false claims)

■ A demand for a penalty fine is made by the infection in order for infected systems to become unlocked and accessible again. “To unlock the computer you must pay a fine of 100 E” by use of Ukash or Paysafecard services.

Metropolitan Police Police Central e-crime Unit Virus
The first variant belongs to the Win32/Weelsof malware family. Basically, it’s a Trojan that allows hackers to perform a number of actions on the infected computer. And they certain can launch such fake Police warnings as shown in the image below.

While Win32/Weelsof clearly targets the United Kingdom, the infection has spread to many other countries as well and is expected to progress, change, and adapt to other countries in the future.

2. Win32/Reveton

■ A fake alert from an online authority Specialist Crime Directorate stating the infected computer has been violating the law which states “Your computer is blocked due to at least one of the reasons specified below.”

■ You have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Great Britain.

■ Article 128 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years.

■ You have been viewing or distributing prohibited Pornographic content (Child Porno/Zoofilia and etc). Thus violating article 202 of the Criminal Code of Great Britain.

■ Illegal access to computer data has been initiated from your PC, or you have been… (incomplete wording)

■ Article 208 of the Criminal Code provides for a fine up to E 100,000 and/or a deprivation of liberty for four to nine years.

■ Illegal access has been initiated from your PC without our knowledge or consent, your PC may be infected by malware, thus you are violating the law on Neglectful Use of Personal Computer. (No such law)

Specialist Crime Directorate Police Central e-crime Unit virus

The second variant of Police Central e-crime Unit (PCeU) ransomware belongs to the Win32/Reveton malware family. The fake waning is different than the Weelsof version and much more sophisticated, claiming to be from Specialist Crime Directorate rather than Metropolitan Police.

Web cam control

Video RecordingWhen the infected computer user is taken to the fake Police Central e-crime Unit drive-by-download website, a video screen, which is streamed from the users connected webcam is displayed as “recording”. If you do not have a web cam connected the video screen will appear blank and will still show as recording.

How to remove The Police Central e-crime Unit virus

We have outlined different steps to remove The Police Central e-crime Unit ransomware virus for different progressions of the infection. Some infected users are still able to access the internet correctly, if this is the case please download the free version of Malwarebytes and proceed to scan and remove the Police Central e-crime Unit ransomware infection. Another simple solution is to restore your computer to a date and time before your computer became infected with the Police Central e-crime Unit ransomware Virus.

Police Central e-crime Unit ransomware removal options:
Different victims, depending on location and progression of the infection will require different removal options. Anti-Malware software and restore are the outlined solutions but may require different steps to achieve the initial process.

  1. Automatic Removal – Scan And Remove Fake Police Unit Malware
  2. For Tech Support - Call 1-888-879-0084 and they will kindly assist you with removing this infection
  1. Regular Installation
  2. Install using Safe Mode with Networking
  • System Restore – Restore PC To Date Before Infection
    1. Start Menu Restore
    2. Safe Mode with Command Prompt
  • Police Central E-Crime Unit Virus Removal Tips

    Use these tips to troubleshoot isssues facing the removal of the Police e-crime virus.

    Manual Removal

    Search for and remove Police E-Crime Virus Files. The files detailed below are common files associated with ransomware. [random] may represent a series of random letters and numbers such as 3jjda.exe or 111_0_0.exe.

    %AppData%\Protector-[random].exe
    	%AppData%\Inspector-[random].exe
    	%AppData%\vsdsrv32.exe
    	%AppData%\result.db
    	%AppData%\jork_0_typ_col.exe
    	%appdata%\[random].exe
    	%Windows%\system32\[random].exe
    	%Documents and Settings%\[UserName]\Application Data\[random].exe
    	%Documents and Settings%\[UserName]\Desktop\[random].lnk
    	%Documents and Settings%\All Users\Application Data\[random]
    	%CommonStartMenu%\Programs\[random].lnk
    	%Temp%\00u_l.exe
    	%Temp%\[random].exe

    The Police E-Crime Virus Process may be a series of random letters and numbers such as 3jjda.exe or 111_0_0.exe. Search for the Police E-Crime Virus Process by typing Ctrl+Shift+Esc and ending the located process under the Processes tab.

    [random].exe
    Deny Flash

    Most ransomware exploits Java or Flash vulnerabilities to load the malicious code. In some cases denying or disabling flash on your system may suspend The Police Central e-crime Unit and enable the user to navigate through the infected system. If this not a necessity for removal, skip to the removal options below these steps.
    To disable (deny) flash visit: http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html
    Deny Flash
    2. Select the “Deny” radio option
    3. Proceed to a removal option (detailed below): Anti malware software scan and removal or system restore.

    1. Antivirus/Anti-Malware Software

    The best solution to remove malware including ransomware is Malwarebytes. Malwarebytes provides a free and paid version for continued security. Try Malwarebytes, the Leader in Malware Removal or view other Antivirus recommendations to remove the Police Central e-crime unit virus.

    Purchase Malwarebytes PRO   Free Download

    Safe Mode With Networking

    Safe Mode with Networking is great for victims whose internet or network connectivity is compromised due to the fake police virus. These settings allow internet access in safe mode that can be utilized to troubleshoot issues such as manually remove the virus or download appropriate tools from the internet to scan for and remove the fake police virus.

    • This mode will also bypass any issues where Antivirus or Antimalware software has been affected because of the Police Central e-crime Unit infection’s overall progression.

    1. We highly recommend writing down the toll free number below in case you run into any issues or problems while following the instructions. Our techs will kindly assist you with any problems.

    1-888-879-0084
    if you need help give us a call

    2. Reboot your computer in “Safe Mode with Networking”.  As the computer is booting tap the “F8 key” continuously to reach the correct menu. Use your keyboard to navigate to “Safe Mode with Networking” and press Enter. Shown below.

    Safe mode with networking
    3. If you can easily access the internet to install removal software do so, otherwise launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab.
    Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.

    LAN Tab

    4. It is now recommended to download Malwarebytes and run a full system scan to remove the fake police malware, or manually remove the virus.

    2. System Restore

    Depending on the progression of The Police Central e-crime Unit ransomware virus, different steps may be needed to simply restore an infected computer depending on restrictions implied by The Police Central e-crime Unit infection. Outlined bellow are two different solutions. If you can not perform a start menu restore, proceed to the Safe Mode with Command Prompt restore instructions.

    Start Menu Restore

    Start Menu System RestoreStandard directions to quickly access Window’s System Restore Wizard.

    1. Access windows Start menu and click All Programs.
    2. Click and open Accessories, click System Tools, and then click System Restore.‌
    If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
    3. Restore your computer to a date and time before infection.

    Safe Mode With Command Prompt Restore

    If you can not access your operating system, this is the suggested step.
    1. Restart/reboot your computer system. Unplug if necessary.
    2. Enter your computer in “safe mode with command prompt”. To properly enter safe mode,repeatedly press F8 upon the opening of the boot menu.

    Safe mode with command prompt

    3. Once the Command Prompt appears you only have few seconds to type “explorer” and hit Enter. If you fail to do so within 2-3 seconds, the FBI MoneyPak ransomware virus will not allow you to type anymore.

    Comand Prompt Type Explorer

    4. Once Windows Explorer shows up browse to:

    • Win XP: C:\windows\system32\restore\rstrui.exe and press Enter
    • Win Vista/Seven: C:\windows\system32\rstrui.exe and press Enter

    System32 rstrui
    5. Follow all steps to restore or recover your computer system to an earlier time and date, before infection to complete.
    Restore system files and settings
    More information on Window’s system restore please visit:


    banner-1

    Leave a Reply

    Your email address will not be published.

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

    157 replies to “How to remove Police Central e-crime Unit Ransomware (Virus Removal)

    1. Anthony

      Thanks! This advice proved useful in getting rid of this problem. The virus had disabled safe mode but safe mode with command prompt worked.

    2. Jim

      Don’t usually comment on things like this but thank you for your expert advice!

      Tip for anyone also having this issue: Try logging onto a different user (if you can) I logged onto another downloaded the free malware and that killed the virus from their account. I had 160 virus files in total!!

      Using the free malware software was very quick and easy so I would recommend that as a good first option!

      Thank you Sean! Hero!

    3. john

      This one had me stumped for a good while. And a heads up to anyone else trying to download don’t mess with the zohan don’t do it

    4. anon

      thanks for that, I think my computer is ok… and I have learned a lesson, and that’s to wake the wife up, if you know what I mean.

    5. Andrew

      Your advice was priceless. Was expecting to at least have to take it to a local computer repairer but after following your simple instructions the virus was removed first time. It’s good to see that some websites can be trusted to give you helpful advice. Thank you.

    6. Alan

      Police Central e-crime Unit ransomware virus

      If It Helps You, These Are The Names Of The Virus.

      139d2e78.dll & 139d2e78.exe

      They Were Found In ‘C’ Drive / My Documents In A Folder With Photo’s

      Naming Themselves As FM Radio As Where The Photos.
      When Clicked On Their Properties They Were Named As,

      Adobe Collaboration Synchroniser 10.0

      As It Uses Adobe Flash Player To Pop Up The Screen On Your Computer.

    7. Anonymous

      Thanks a million to Sean Doyle. Your knowledge and help is a great influence. Once again, thank you very very much.

    8. Anonymous

      Got caught out with this one !!!!
      Started in safe with networking
      Then used system restore
      Seems to be ok now !!!
      Cost me £100
      Must search the net next time !!!!
      Thanks for the help

    9. Anonymous

      Big Thanks Sean, I was so scared when the block poped up. I was in fact watching porn but not child porn, and thought that this accusation might have been accessed through other pop up windows. I did indeed buy UKash voucher of £100 entered it and the block went off after 25-30 minutes bringing my laptop back to normal, but never had I thought that it would be a virus as it looked so convincing and demanding

    10. cookie

      this virus infected my laptop yesterday on my account,i simply then logged into my girlfriends account which wasnt blocked with the virus and deketed my account and set up a new one,my laptop is working fine but is this virus still on it???

    11. Anonymous

      Thanks!!! that was great! i called a tech center and they wanted me to pay £200 to solve the problem. Thought that was excessive so googled the virus an found this page. Everything is sorted now for free!!!