As of June 2012 two separate variants of ransomware titled Police Central e-crime Unit ransomware 1. Win32/Weelsof and 2. Win32/Reveton have been infecting numerous computers disguised as police units such as the Specialist Crime Directorate or Metropolitan Police. The Police Central e-crime Unit ransomware locks computer systems, claims the operating system or internet browser is locked due to a violation of laws, which may include distributing and visiting illegal pornography, such as child pornography, and zoofila, among other false claims. The e-crime Unit virus then demands a fine of 100 Euro or $100 (or other) be paid by UKash, Paysafecard, or other currency services.

Police Central e-crime Unit ransomware symptoms

1. Win32/Weelsof

■ A fake alert from an online authority Metro Police  stating the infected computer has been violating the law which states “this computer was locked to stop your illegal activity.”

■ Fake violation claims include: Your IP address was used to visit websites containing pornography, child pornography, zoofila, and child abuse.

■ The infection claims “Your computer also contains video files with pornographic content, elements of violence, and child pornography. Spam-messages with terrorist motives were also sent from your computer.” (please be aware these are false claims)

■ A demand for a penalty fine is made by the infection in order for infected systems to become unlocked and accessible again. “To unlock the computer you must pay a fine of 100 E” by use of Ukash or Paysafecard services.

Metropolitan Police Police Central e-crime Unit Virus
The first variant belongs to the Win32/Weelsof malware family. Basically, it’s a Trojan that allows hackers to perform a number of actions on the infected computer. And they certain can launch such fake Police warnings as shown in the image below.

While Win32/Weelsof clearly targets the United Kingdom, the infection has spread to many other countries as well and is expected to progress, change, and adapt to other countries in the future.

2. Win32/Reveton

■ A fake alert from an online authority Specialist Crime Directorate stating the infected computer has been violating the law which states “Your computer is blocked due to at least one of the reasons specified below.”

■ You have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Great Britain.

■ Article 128 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years.

■ You have been viewing or distributing prohibited Pornographic content (Child Porno/Zoofilia and etc). Thus violating article 202 of the Criminal Code of Great Britain.

■ Illegal access to computer data has been initiated from your PC, or you have been… (incomplete wording)

■ Article 208 of the Criminal Code provides for a fine up to E 100,000 and/or a deprivation of liberty for four to nine years.

■ Illegal access has been initiated from your PC without our knowledge or consent, your PC may be infected by malware, thus you are violating the law on Neglectful Use of Personal Computer. (No such law)

Specialist Crime Directorate Police Central e-crime Unit virus

The second variant of Police Central e-crime Unit (PCeU) ransomware belongs to the Win32/Reveton malware family. The fake waning is different than the Weelsof version and much more sophisticated, claiming to be from Specialist Crime Directorate rather than Metropolitan Police.

How to remove Police Central e-crime Unit (Removal Instructions)

1. We strongly recommend writing down the toll free number below in case you run into any issues or problems while following the instructions. Our techs will kindly assist you with any problems.

1-888-986-8411
if you need help give us a call

2. Download and install the free or full version of Malwarebytes Anti-Malware.

download buy now

3. Open Malwarebytes Anti-Malware.

malwarebytes

4. Click the large Scan Now button or visit the “Scan” tab to scan your computer for Police Central e-crime Unit malware and malicious files.

malwarebytes anti-malware

5. Once the scan is complete, click the Quarantine All button to remove the files and restart your computer.

If you are still having issues with malware it is recommended to download and install a second opinion scanner, such as HitmanPro by Surfright to eradicate existing malicious files.

User accounts

Ransomware usually infects 1 user account on Windows systems at a time. Here are some tips to remove ransomware by using different user accounts.

  1. Log into an account not affected by malware (with administrative rights) and perform a scan with reputable software to detect and remove malware.
  2. You can also delete the infected account.
  3. Other options include creating a new user account to remove malware if only 1 Window’s user account is present on the computer system.

Internet/network issues

Safe Mode With Networking can be used to access the Internet for updates, drivers, removal software, or other files if internet and network connectivity is compromised.

Reader Interactions

Comments

  1. My android tablet has this virus and i can’t access anything ….it just keeps showing the police screen…any ideas plz????

  2. I always turn off my computer when this obviously bogus message comes up, then reboot, no problem. But why can’t the perpetrators be tracked down and stopped?

  3. Thanks! This advice proved useful in getting rid of this problem. The virus had disabled safe mode but safe mode with command prompt worked.

  4. Don’t usually comment on things like this but thank you for your expert advice!

    Tip for anyone also having this issue: Try logging onto a different user (if you can) I logged onto another downloaded the free malware and that killed the virus from their account. I had 160 virus files in total!!

    Using the free malware software was very quick and easy so I would recommend that as a good first option!

    Thank you Sean! Hero!

  5. This one had me stumped for a good while. And a heads up to anyone else trying to download don’t mess with the zohan don’t do it

  6. thanks for that, I think my computer is ok… and I have learned a lesson, and that’s to wake the wife up, if you know what I mean.

  7. Your advice was priceless. Was expecting to at least have to take it to a local computer repairer but after following your simple instructions the virus was removed first time. It’s good to see that some websites can be trusted to give you helpful advice. Thank you.

  8. Police Central e-crime Unit ransomware virus

    If It Helps You, These Are The Names Of The Virus.

    139d2e78.dll & 139d2e78.exe

    They Were Found In ‘C’ Drive / My Documents In A Folder With Photo’s

    Naming Themselves As FM Radio As Where The Photos.
    When Clicked On Their Properties They Were Named As,

    Adobe Collaboration Synchroniser 10.0

    As It Uses Adobe Flash Player To Pop Up The Screen On Your Computer.

  9. Thank you so very much. I was close to paying £100 and scared of police knocking on my door.

  10. Thanks a million to Sean Doyle. Your knowledge and help is a great influence. Once again, thank you very very much.

  11. Got caught out with this one !!!!
    Started in safe with networking
    Then used system restore
    Seems to be ok now !!!
    Cost me £100
    Must search the net next time !!!!
    Thanks for the help

  12. Big Thanks Sean, I was so scared when the block poped up. I was in fact watching porn but not child porn, and thought that this accusation might have been accessed through other pop up windows. I did indeed buy UKash voucher of £100 entered it and the block went off after 25-30 minutes bringing my laptop back to normal, but never had I thought that it would be a virus as it looked so convincing and demanding

  13. this virus infected my laptop yesterday on my account,i simply then logged into my girlfriends account which wasnt blocked with the virus and deketed my account and set up a new one,my laptop is working fine but is this virus still on it???

    • Your laptop should be virus free. I saw they wrote that as a solution for another virus like this one but I cant find it

  14. Thanks!!! that was great! i called a tech center and they wanted me to pay £200 to solve the problem. Thought that was excessive so googled the virus an found this page. Everything is sorted now for free!!!

  15. thanks a lot, u just saved my £100, i almost paid! i actually just used the “safe mode” and after running the scan, evrythng was cleaned. cheers!!!! continue the good work!

  16. Hi,
    I was unfortunate to get this virus and had my system blocked.
    I tried to get to the Task manager but could’t do it so I tried to swich the user and logged on to my guest’s account.
    From there it was easy to start Norton Security which found and cleaned 46 threats then I restored the computer settings to a previous date using the system restore.

  17. cant believe I actually got this ransome virus, So grateful to person who put this online, well done. saved me a fortune

  18. Horrible experience but with iPad on the side giving me your instructions got through it. Cannot thank you enough. These virus guys should be dealt with.

  19. Thanks Sean, I was unable to access windows except using the command prompt technique. I was unable to restore my computer though as apparently system protection was not turned on?? I did manage to download malware bytes on a different computer and managed to install and run it through the safe mode cmd promt screen. This picked them up and cleared the problem. Many thanks!

  20. That was great. but I had this virus last night (30/01/2013) on my wife’s laptop and neither avast (free version) nor superantispyware professional version could detect the virus! probably its a new version. but the good thing is that restoring the system is still resolve the problem.

  21. Thank you mate, your a legend. Unfortunately I was so scared that I bought a UKASH voucher for £100 and entered it as said on the screen but still could not acess the computer. So I lost £100 but than I managed to get online using the different user account on the same computer and restored it to previous date and it is working fine. Hope there will be no more problems. once again thank you mate and keep up the good work.

  22. Sean, You seriously ROCK, thanks to your very detailed post, I was able to restore my pc in less than 45 minutes.
    Many thanks @ RESPECT!!

  23. Thank you for your help. Was really scared when first saw it appear – then guessed it was a horrible virus so googled it and found this. Thanks a bunch man. I did a system restore and all seems ok now.

  24. Thankyou very much, thank god there is someone trying to resolve these problems instead of creating them for no apparent reason. Much appreciated.

  25. Thanks very much for the help. It can be quite panicking when you’re told you’ve committed a crime, especially when you know you didn’t do so, so it’s great to know there are sites like this to help clear it up. Keep up the great work.

  26. God bless Sean Doyle . Beautiful. Followed instructions and got rid of the virus in less than 5 minutes. Thanks Sean for sharing your knowledge and expertise.

  27. Thank you. I have been able to get my system back after using the safe mode with command prompt. The virus had blocked anything else.
    I have windows 7 and didn’t get the rstrui.exe window but a help menu from where I could access the restore to an anterior date.
    Again thank you very much

  28. Great help. Thank you. I have Vista Ultimate and virus was removed. I run (as per your instructions) C:\windows\system32\rstrui.exe and press Enter and then followed all steps to restore my computer system to an earlier time and date, before infection. Spiros from Athens Greece.

  29. Well, I’ve just fallen victim to this fake email so will be trying these steps in the morning to get my lappy back on track, cheers

  30. Thank you so much for this!!!!! Fantastic advice – worked a treat. My PC was also auto-logging off when going into safe mode. Safe mode with command prompt was the only way to salvage the PC using the software via the command prompt.
    really can’t thank you enough

  31. thank you so much when I saw the screen I ,was like I’m dead my heart stopped,
    I do not have words god guided me here to this page. The system restore in safe mode worked. God bless you.

  32. If you find that you have paid cash to paypoint or paysafe and the read its a scam then phone up to block the payment and get a refund back to an account before the virus organizers take the money from paysafe paypoint. it worked for me i got my money back from paysafe

  33. Thank you so much, i had read online that i should purchase mcafee and install in safe mode to get rid of the epcu virus. i tried for 2 days only to be told by the second technician that it wont work as virus will block install (why the first technician didn’t tell me this is beyond me). I was really angry as they had already taken my money and wanted another $80 to remove the virus!!!!!. I read your blog and downloaded the free malware in safe mode and it removed the virus. After 2 days i am so happy – thanks you soooooooooooooooooooo much :o) I am back on my computer and running the scan and theres nothing woohoo! :o) you’re a genuis ;o)

  34. Thanks for your help on this. I was reading your advice off my phone and your clear directions definately helped to reduce panic and solve the problem quickly. Thanks. Hope you get paid a ton.

  35. Thanks I was so scared that I started crying me and my dad found your site and now we have done it you are a lifesaver

  36. Excellent advice – I couldn’t access te Internet at all so used safe mode with command prompt to get to system restore which did the trick. I had Malware bytes installed on my computer but had not updated it (it needs manual updating). Mille Grazie

  37. How rediculous is this. I was literally on my way out to buy a voucher for £100 when I thought I would just check it out. Thank god I did. Thanks for the help

  38. Thank you so very much!!! I swear I never panicked so much! I was thinking shit I dont have 100 quid! Called my internet provider -weird point explaining to them that the people says I might be guilty of all sorts, the bit of child abuse was AWKWARD (especially claiming my innocence! well they couldnt hell. Thank GOD for google and good samaritan like you.

  39. Thank-You Sean! You’re a lifesaver! I was only watching YouTube when this came up and I thought ‘What’s illegal about YouTube?!’. They asked for £100!! Holding innocent people to ransom, the bastards! Without this blog I woukdn’t have had a clue! Thank-you so much!!

  40. thank god for people like you. Just restored my daughters laptop to get rid of this shite.she panicked and covered the webcam up with tape and then just turned off the laptop.i found your site before we turned it back on. top man!! thanks !!

  41. This just literally popped up on my screen after downloading a song. I was panicking!!! I have followed the steps and I’m currently waiting to see if my computer is fine and if my files are still saved, (let’s hope so)!!

  42. Thank you. Thjis has helped me so much after getting a huge scare when I saw this. Thanks so much Sean. Good to see someone is looking out for people.

  43. Luckily I had heard of this happening this week so had a feeling it was a virus… Just annoying that it completely blocks your whole laptop you can’t even ctrl alt dlt… Safe mode and system restore is in process as we speak… Will be downloading malware cleaner once I’m on xx thankyou xx

  44. harmlessly browsing the web and this comes up. Cant acc believe theyre viruses out there like this. Despite my innocence i was scared to death! thank god this page exists. thankss!

  45. This litterally just popped up on my computer! I’m quite scared as I only went on facebook to check notification and it was telling me my comp was blocked, and now it won’t let me use my computer at all :/

  46. I have just shat my pants, thinking i have really got to start using iTunes insted phewwwwwwww, system recovery worked for me your a top lad !!

  47. Cheers lad system restore helped there! Thought it was going to pack in just when uni has started up as well. Appreciated.

  48. I was planning to run away to France, I couldn’t eat my dinner last night. I was going to call the police and say my laptop had been stolen. Thanks to you, I’m now more vigilante then most people think.

  49. I was going to take my PC to the police station and say f*****g check it! Im not guilty of anything other than music downloads! It makes VERY serious allegations! against you! B******’s Im fuming!

  50. Just got hit by it after downloading something I S**T myself and nearly paid it!!!! Utter B******’s! Thanks buddy much appreciated! just knowing it was a virus in the first place was a big help! Cant be doing with s**t like that.

  51. Thank you soooooo much we just got hit by it and we were really scared managed to do a system restore and download malware etc thank you so much

  52. Thank you Thank you Thank you,
    I got hit with a e crime ransonware virus
    Without your help i would have gone and brought a new laptop
    Will have to be carefull where my 16 year old son goes on here in future
    But my thanks go to you

        • Computer on startup repaire to go back to an earlier time its taking a while is that normal. Got such a fright as it was filming me

          • Go onto computer by same mode with networking now running full scan with malware totes anti mail ware will this remove the virus?

            • Safemode start and then start menu to system restor worked a treat; thank you for putting this guide on the web.

              • thanks for the safe mode advice so i could download new antivirus.knew it was a virus as why would police ask you for money to unlock computer surely if monitoring you they would contact you direct.plus one the reasons on itm entioned computer could have virus passing onto other users.but altho knew virus i admit my stomach sank at first as i was downloading a music track at the time.

Trackbacks

  1. […] what I find on google. Check this out, looks like a good thorough guide / read about the virus. How To Remove The Police Central e-crime Unit Ransomware Virus (Metropolitan Police, Crime Directora… __________________ I'm part of *The Project* 😉 Dont Eat Animals, Its Not Good For Them And […]

Leave a Reply

Your email address will not be published.