As of June 2012 two separate variants of ransomware titled Police Central e-crime Unit ransomware 1. Win32/Weelsof and 2. Win32/Reveton have been infecting numerous computers disguised as police units such as the Specialist Crime Directorate or Metropolitan Police. The Police Central e-crime Unit ransomware locks computer systems, claims the operating system or internet browser is locked due to a violation of laws, which may include distributing and visiting illegal pornography, such as child pornography, and zoofila, among other false claims. The e-crime Unit virus then demands a fine of 100 Euro or $100 (or other) be paid by UKash, Paysafecard, or other currency services.
Police Central e-crime Unit ransomware symptoms
1. Win32/Weelsof
■ A fake alert from an online authority Metro Police stating the infected computer has been violating the law which states “this computer was locked to stop your illegal activity.”
■ Fake violation claims include: Your IP address was used to visit websites containing pornography, child pornography, zoofila, and child abuse.
■ The infection claims “Your computer also contains video files with pornographic content, elements of violence, and child pornography. Spam-messages with terrorist motives were also sent from your computer.” (please be aware these are false claims)
■ A demand for a penalty fine is made by the infection in order for infected systems to become unlocked and accessible again. “To unlock the computer you must pay a fine of 100 E” by use of Ukash or Paysafecard services.
The first variant belongs to the Win32/Weelsof malware family. Basically, it’s a Trojan that allows hackers to perform a number of actions on the infected computer. And they certain can launch such fake Police warnings as shown in the image below.
While Win32/Weelsof clearly targets the United Kingdom, the infection has spread to many other countries as well and is expected to progress, change, and adapt to other countries in the future.
2. Win32/Reveton
■ A fake alert from an online authority Specialist Crime Directorate stating the infected computer has been violating the law which states “Your computer is blocked due to at least one of the reasons specified below.”
■ You have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Great Britain.
■ Article 128 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years.
■ You have been viewing or distributing prohibited Pornographic content (Child Porno/Zoofilia and etc). Thus violating article 202 of the Criminal Code of Great Britain.
■ Illegal access to computer data has been initiated from your PC, or you have been… (incomplete wording)
■ Article 208 of the Criminal Code provides for a fine up to E 100,000 and/or a deprivation of liberty for four to nine years.
■ Illegal access has been initiated from your PC without our knowledge or consent, your PC may be infected by malware, thus you are violating the law on Neglectful Use of Personal Computer. (No such law)
The second variant of Police Central e-crime Unit (PCeU) ransomware belongs to the Win32/Reveton malware family. The fake waning is different than the Weelsof version and much more sophisticated, claiming to be from Specialist Crime Directorate rather than Metropolitan Police.
How to remove Police Central e-crime Unit (Removal Instructions)
1. We strongly recommend writing down the toll free number below in case you run into any issues or problems while following the instructions. Our techs will kindly assist you with any problems.
if you need help give us a call
2. Download and install the free or full version of Malwarebytes Anti-Malware.
3. Open Malwarebytes Anti-Malware.
4. Click the large Scan Now button or visit the “Scan” tab to scan your computer for Police Central e-crime Unit malware and malicious files.
5. Once the scan is complete, click the Quarantine All button to remove the files and restart your computer.
User accounts
Ransomware usually infects 1 user account on Windows systems at a time. Here are some tips to remove ransomware by using different user accounts.
- Log into an account not affected by malware (with administrative rights) and perform a scan with reputable software to detect and remove malware.
- You can also delete the infected account.
- Other options include creating a new user account to remove malware if only 1 Window’s user account is present on the computer system.
Internet/network issues
Safe Mode With Networking can be used to access the Internet for updates, drivers, removal software, or other files if internet and network connectivity is compromised.
My android tablet has this virus and i can’t access anything ….it just keeps showing the police screen…any ideas plz????
im having the same problem it popped up an hour ago i
I can’t download the anti malware software onto my tablet, any ideas?
How can i clear of my android tablet this virus
I always turn off my computer when this obviously bogus message comes up, then reboot, no problem. But why can’t the perpetrators be tracked down and stopped?
just uninstalled the browser and it worked
Starting in Safemode, and then doing a system restore did the trick! Cheers mate 🙂
how to remove metropolitan police virus from mac, please!!!!>>>?????
It’s just a browser lock. Reset your browser.
http://botcrawl.com/how-to-remove-apple-fbi-cyber-department-virus/
Thanks! This advice proved useful in getting rid of this problem. The virus had disabled safe mode but safe mode with command prompt worked.
To reiterate everyone else – thank you so much, you’re a true gem.
Thanks for the advice dude. It worked and saved me a lot of money.
You are an amazing person, literally saves my life
Saved*
Don’t usually comment on things like this but thank you for your expert advice!
Tip for anyone also having this issue: Try logging onto a different user (if you can) I logged onto another downloaded the free malware and that killed the virus from their account. I had 160 virus files in total!!
Using the free malware software was very quick and easy so I would recommend that as a good first option!
Thank you Sean! Hero!
Thank you very much you save not just my computer but my kids homework.
thank you sooo much
Thanks I was scared shirtless when this thing came up cheers
Thank you soo much you saved my f****** a**, shat myself when the thing came up.
wow i was jus abouts to commit so many vegences n im not a bad guy she lookt older than 20
So far so good, a real thank you to you…. Helped a huge amount
Seriously dude I fucking love you so much you properly saved my skin on this one 😀
This one had me stumped for a good while. And a heads up to anyone else trying to download don’t mess with the zohan don’t do it
thanks for that, I think my computer is ok… and I have learned a lesson, and that’s to wake the wife up, if you know what I mean.
Your advice was priceless. Was expecting to at least have to take it to a local computer repairer but after following your simple instructions the virus was removed first time. It’s good to see that some websites can be trusted to give you helpful advice. Thank you.
I just want to thank you so much Sean! I was scared I was going to have police round knocking for me
Police Central e-crime Unit ransomware virus
If It Helps You, These Are The Names Of The Virus.
139d2e78.dll & 139d2e78.exe
They Were Found In ‘C’ Drive / My Documents In A Folder With Photo’s
Naming Themselves As FM Radio As Where The Photos.
When Clicked On Their Properties They Were Named As,
Adobe Collaboration Synchroniser 10.0
As It Uses Adobe Flash Player To Pop Up The Screen On Your Computer.
Thanks Sean, very much indeed – that did the trick. Nasty little fella that one.
Thank you so very much. I was close to paying £100 and scared of police knocking on my door.
Thank you is too little to say
hi
Thankssss!!!!!!
i literally cannot thank you enough
i think i love you Sean Doyle
thankyou so much
thanks a lotttttt………………
Thanks a million to Sean Doyle. Your knowledge and help is a great influence. Once again, thank you very very much.
Got caught out with this one !!!!
Started in safe with networking
Then used system restore
Seems to be ok now !!!
Cost me £100
Must search the net next time !!!!
Thanks for the help
CAn I just use Mcafee anti virus in safe mode
Many Many thanks. At last nearly paid the £100 !!!
Big Thanks Sean, I was so scared when the block poped up. I was in fact watching porn but not child porn, and thought that this accusation might have been accessed through other pop up windows. I did indeed buy UKash voucher of £100 entered it and the block went off after 25-30 minutes bringing my laptop back to normal, but never had I thought that it would be a virus as it looked so convincing and demanding
Thank you so much, great help
Awesome.fantastic thank you very much
this virus infected my laptop yesterday on my account,i simply then logged into my girlfriends account which wasnt blocked with the virus and deketed my account and set up a new one,my laptop is working fine but is this virus still on it???
Your laptop should be virus free. I saw they wrote that as a solution for another virus like this one but I cant find it
Thanks great easy to follow steps, much appeciated.
thanks alot
thank you so much, fixed my computer!!!
thanks a million for the fantastic step by step help
Thanks!!! that was great! i called a tech center and they wanted me to pay £200 to solve the problem. Thought that was excessive so googled the virus an found this page. Everything is sorted now for free!!!
you r a life safer, thank you