What is the Police Central e-crime Unit ransomware virus (EPCU virus)?
As of June 2012 two separate forms new ransomware titled Police Central e-crime Unit ransomware 1. Win32/Weelsof and 2. Win32/Reveton have been infecting numerous computers disguised as police units such as the Specialist Crime Directorate or Metropolitan Police. The Police Central e-crime Unit ransomware locks computer systems (as ransomware does), claims the operating system is locked due to a violation of laws per IP geographical location (most notably the UK), which may include distributing and visiting illegal pornography, such as child pornography, and zoofila, among other fake claims. The e-crime Unit virus then demands a fine of 100 Euro or $100 be paid by UKash or Paysafecard services.
Police Central e-crime Unit ransomware symptoms
■ A fake alert from an online authority Metro Police stating the infected computer has been violating the law which states “this computer was locked to stop your illegal activity.”
■ Fake violation claims include: Your IP address was used to visit websites containing pornography, child pornography, zoofila, and child abuse.
■ The infection claims “Your computer also contains video files with pornographic content, elements of violence, and child pornography. Spam-messages with terrorist motives were also sent from your computer.” (please be aware these are false claims)
■ A demand for a penalty fine is made by the infection in order for infected systems to become unlocked and accessible again. “To unlock the computer you must pay a fine of 100 E” by use of Ukash or Paysafecard services.
The first variant belongs to the Win32/Weelsof malware family. Basically, it’s a Trojan that allows hackers to perform a number of actions on the infected computer. And they certain can launch such fake Police warnings as shown in the image below.
While Win32/Weelsof clearly targets the United Kingdom, the infection has spread to many other countries as well and is expected to progress, change, and adapt to other countries in the future.
■ A fake alert from an online authority Specialist Crime Directorate stating the infected computer has been violating the law which states “Your computer is blocked due to at least one of the reasons specified below.”
■ You have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Great Britain.
■ Article 128 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years.
■ You have been viewing or distributing prohibited Pornographic content (Child Porno/Zoofilia and etc). Thus violating article 202 of the Criminal Code of Great Britain.
■ Illegal access to computer data has been initiated from your PC, or you have been… (incomplete wording)
■ Article 208 of the Criminal Code provides for a fine up to E 100,000 and/or a deprivation of liberty for four to nine years.
■ Illegal access has been initiated from your PC without our knowledge or consent, your PC may be infected by malware, thus you are violating the law on Neglectful Use of Personal Computer. (No such law)
The second variant of Police Central e-crime Unit (PCeU) ransomware belongs to the Win32/Reveton malware family. The fake waning is different than the Weelsof version and much more sophisticated, claiming to be from Specialist Crime Directorate rather than Metropolitan Police.
Web cam control
When the infected computer user is taken to the fake Police Central e-crime Unit drive-by-download website, a video screen, which is streamed from the users connected webcam is displayed as “recording”. If you do not have a web cam connected the video screen will appear blank and will still show as recording.
How to remove The Police Central e-crime Unit virus
We have outlined different steps to remove The Police Central e-crime Unit ransomware virus for different progressions of the infection. Some infected users are still able to access the internet correctly, if this is the case please download the free version of Malwarebytes and proceed to scan and remove the Police Central e-crime Unit ransomware infection. Another simple solution is to restore your computer to a date and time before your computer became infected with the Police Central e-crime Unit ransomware Virus.
Different victims, depending on location and progression of the infection will require different removal options. Anti-Malware software and restore are the outlined solutions but may require different steps to achieve the initial process.
- Automatic Removal – Scan And Remove Fake Police Unit Malware
- For Tech Support - Call 1-888-986-8411 and they will kindly assist you with removing this infection
- Regular Installation
- Install using Safe Mode with Networking
- Start Menu Restore
- Safe Mode with Command Prompt
Police Central E-Crime Unit Virus Removal Tips
Use these tips to troubleshoot isssues facing the removal of the Police e-crime virus.
Search for and remove Police E-Crime Virus Files. The files detailed below are common files associated with ransomware. [random] may represent a series of random letters and numbers such as 3jjda.exe or 111_0_0.exe.
%AppData%\Protector-[random].exe %AppData%\Inspector-[random].exe %AppData%\vsdsrv32.exe %AppData%\result.db %AppData%\jork_0_typ_col.exe %appdata%\[random].exe %Windows%\system32\[random].exe %Documents and Settings%\[UserName]\Application Data\[random].exe %Documents and Settings%\[UserName]\Desktop\[random].lnk %Documents and Settings%\All Users\Application Data\[random] %CommonStartMenu%\Programs\[random].lnk %Temp%\00u_l.exe %Temp%\[random].exe
The Police E-Crime Virus Process may be a series of random letters and numbers such as 3jjda.exe or 111_0_0.exe. Search for the Police E-Crime Virus Process by typing Ctrl+Shift+Esc and ending the located process under the Processes tab.
Most ransomware exploits Java or Flash vulnerabilities to load the malicious code. In some cases denying or disabling flash on your system may suspend The Police Central e-crime Unit and enable the user to navigate through the infected system. If this not a necessity for removal, skip to the removal options below these steps.
To disable (deny) flash visit: http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html
2. Select the “Deny” radio option
3. Proceed to a removal option (detailed below): Anti malware software scan and removal or system restore.
1. Antivirus/Anti-Malware Software
Safe Mode With Networking
Safe Mode with Networking is great for victims whose internet or network connectivity is compromised due to the fake police virus. These settings allow internet access in safe mode that can be utilized to troubleshoot issues such as manually remove the virus or download appropriate tools from the internet to scan for and remove the fake police virus.
- This mode will also bypass any issues where Antivirus or Antimalware software has been affected because of the Police Central e-crime Unit infection’s overall progression.
1. We highly recommend writing down the toll free number below in case you run into any issues or problems while following the instructions. Our techs will kindly assist you with any problems.
if you need help give us a call
2. Reboot your computer in “Safe Mode with Networking”. As the computer is booting tap the “F8 key” continuously to reach the correct menu. Use your keyboard to navigate to “Safe Mode with Networking” and press Enter. Shown below.
3. If you can easily access the internet to install removal software do so, otherwise launch Internet Explorer. In Internet Explorer go to: Tools->Internet Options->Connections tab.
Click Lan Settings button and uncheck the checkbox labeled Use a proxy server for your LAN. Click OK.
4. It is now recommended to download Malwarebytes and run a full system scan to remove the fake police malware, or manually remove the virus.
2. System Restore
Depending on the progression of The Police Central e-crime Unit ransomware virus, different steps may be needed to simply restore an infected computer depending on restrictions implied by The Police Central e-crime Unit infection. Outlined bellow are two different solutions. If you can not perform a start menu restore, proceed to the Safe Mode with Command Prompt restore instructions.
Start Menu Restore
1. Access windows Start menu and click All Programs.
2. Click and open Accessories, click System Tools, and then click System Restore.
If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. Restore your computer to a date and time before infection.
Safe Mode With Command Prompt Restore
If you can not access your operating system, this is the suggested step.
1. Restart/reboot your computer system. Unplug if necessary.
2. Enter your computer in “safe mode with command prompt”. To properly enter safe mode,repeatedly press F8 upon the opening of the boot menu.
3. Once the Command Prompt appears you only have few seconds to type “explorer” and hit Enter. If you fail to do so within 2-3 seconds, the FBI MoneyPak ransomware virus will not allow you to type anymore.
4. Once Windows Explorer shows up browse to:
- Win XP: C:\windows\system32\restore\rstrui.exe and press Enter
- Win Vista/Seven: C:\windows\system32\rstrui.exe and press Enter