As of June 2012 two separate variants of ransomware titled Police Central e-crime Unit ransomware 1. Win32/Weelsof and 2. Win32/Reveton have been infecting numerous computers disguised as police units such as the Specialist Crime Directorate or Metropolitan Police. The Police Central e-crime Unit ransomware locks computer systems, claims the operating system or internet browser is locked due to a violation of laws, which may include distributing and visiting illegal pornography, such as child pornography, and zoofila, among other false claims. The e-crime Unit virus then demands a fine of 100 Euro or $100 (or other) be paid by UKash, Paysafecard, or other currency services.
Police Central e-crime Unit ransomware symptoms
1. Win32/Weelsof
■ A fake alert from an online authority Metro Police stating the infected computer has been violating the law which states “this computer was locked to stop your illegal activity.”
■ Fake violation claims include: Your IP address was used to visit websites containing pornography, child pornography, zoofila, and child abuse.
■ The infection claims “Your computer also contains video files with pornographic content, elements of violence, and child pornography. Spam-messages with terrorist motives were also sent from your computer.” (please be aware these are false claims)
■ A demand for a penalty fine is made by the infection in order for infected systems to become unlocked and accessible again. “To unlock the computer you must pay a fine of 100 E” by use of Ukash or Paysafecard services.
The first variant belongs to the Win32/Weelsof malware family. Basically, it’s a Trojan that allows hackers to perform a number of actions on the infected computer. And they certain can launch such fake Police warnings as shown in the image below.
While Win32/Weelsof clearly targets the United Kingdom, the infection has spread to many other countries as well and is expected to progress, change, and adapt to other countries in the future.
2. Win32/Reveton
■ A fake alert from an online authority Specialist Crime Directorate stating the infected computer has been violating the law which states “Your computer is blocked due to at least one of the reasons specified below.”
■ You have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Great Britain.
■ Article 128 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years.
■ You have been viewing or distributing prohibited Pornographic content (Child Porno/Zoofilia and etc). Thus violating article 202 of the Criminal Code of Great Britain.
■ Illegal access to computer data has been initiated from your PC, or you have been… (incomplete wording)
■ Article 208 of the Criminal Code provides for a fine up to E 100,000 and/or a deprivation of liberty for four to nine years.
■ Illegal access has been initiated from your PC without our knowledge or consent, your PC may be infected by malware, thus you are violating the law on Neglectful Use of Personal Computer. (No such law)
The second variant of Police Central e-crime Unit (PCeU) ransomware belongs to the Win32/Reveton malware family. The fake waning is different than the Weelsof version and much more sophisticated, claiming to be from Specialist Crime Directorate rather than Metropolitan Police.
How to remove Police Central e-crime Unit (Removal Instructions)
1. We strongly recommend writing down the toll free number below in case you run into any issues or problems while following the instructions. Our techs will kindly assist you with any problems.
if you need help give us a call
2. Download and install the free or full version of Malwarebytes Anti-Malware.
3. Open Malwarebytes Anti-Malware.
4. Click the large Scan Now button or visit the “Scan” tab to scan your computer for Police Central e-crime Unit malware and malicious files.
5. Once the scan is complete, click the Quarantine All button to remove the files and restart your computer.
User accounts
Ransomware usually infects 1 user account on Windows systems at a time. Here are some tips to remove ransomware by using different user accounts.
- Log into an account not affected by malware (with administrative rights) and perform a scan with reputable software to detect and remove malware.
- You can also delete the infected account.
- Other options include creating a new user account to remove malware if only 1 Window’s user account is present on the computer system.
Internet/network issues
Safe Mode With Networking can be used to access the Internet for updates, drivers, removal software, or other files if internet and network connectivity is compromised.
fantastic worked a treat
Well, I’ve just fallen victim to this fake email so will be trying these steps in the morning to get my lappy back on track, cheers
Thank you Sean, your help is much appreciated.
Thanks u re legend thanks
Thank you so much for this!!!!! Fantastic advice – worked a treat. My PC was also auto-logging off when going into safe mode. Safe mode with command prompt was the only way to salvage the PC using the software via the command prompt.
really can’t thank you enough
Hi thanks for your advice, helped me a great deal.
f****** legend you are sean
thank you so much when I saw the screen I ,was like I’m dead my heart stopped,
I do not have words god guided me here to this page. The system restore in safe mode worked. God bless you.
If you find that you have paid cash to paypoint or paysafe and the read its a scam then phone up to block the payment and get a refund back to an account before the virus organizers take the money from paysafe paypoint. it worked for me i got my money back from paysafe
Thanks for your help
Ah man you’re a life saver!!! i thought it had done the whole network and I live in a shared house!!
Thanks mate, i assumed it was a virus but you calmed me down quickly haha! system restore worked fine.
Thank you so much, i had read online that i should purchase mcafee and install in safe mode to get rid of the epcu virus. i tried for 2 days only to be told by the second technician that it wont work as virus will block install (why the first technician didn’t tell me this is beyond me). I was really angry as they had already taken my money and wanted another $80 to remove the virus!!!!!. I read your blog and downloaded the free malware in safe mode and it removed the virus. After 2 days i am so happy – thanks you soooooooooooooooooooo much :o) I am back on my computer and running the scan and theres nothing woohoo! :o) you’re a genuis ;o)
Thanks for your help on this. I was reading your advice off my phone and your clear directions definately helped to reduce panic and solve the problem quickly. Thanks. Hope you get paid a ton.
could of died when i saw it. thank you so so much
I cannot thank you enough
Thanks I was so scared that I started crying me and my dad found your site and now we have done it you are a lifesaver
Thank you sir! Don’t know what people would do without you. That was YouTube as well quite worrying.
Excellent advice – I couldn’t access te Internet at all so used safe mode with command prompt to get to system restore which did the trick. I had Malware bytes installed on my computer but had not updated it (it needs manual updating). Mille Grazie
How rediculous is this. I was literally on my way out to buy a voucher for £100 when I thought I would just check it out. Thank god I did. Thanks for the help
Thank you so very much!!! I swear I never panicked so much! I was thinking shit I dont have 100 quid! Called my internet provider -weird point explaining to them that the people says I might be guilty of all sorts, the bit of child abuse was AWKWARD (especially claiming my innocence! well they couldnt hell. Thank GOD for google and good samaritan like you.
Thank-You Sean! You’re a lifesaver! I was only watching YouTube when this came up and I thought ‘What’s illegal about YouTube?!’. They asked for £100!! Holding innocent people to ransom, the bastards! Without this blog I woukdn’t have had a clue! Thank-you so much!!
Thank you so much!You are an absolute altruist legend!
thank god for people like you. Just restored my daughters laptop to get rid of this shite.she panicked and covered the webcam up with tape and then just turned off the laptop.i found your site before we turned it back on. top man!! thanks !!
How do you manually remove the virus once it’s detected?
This just literally popped up on my screen after downloading a song. I was panicking!!! I have followed the steps and I’m currently waiting to see if my computer is fine and if my files are still saved, (let’s hope so)!!
Thank you. Thjis has helped me so much after getting a huge scare when I saw this. Thanks so much Sean. Good to see someone is looking out for people.
Luckily I had heard of this happening this week so had a feeling it was a virus… Just annoying that it completely blocks your whole laptop you can’t even ctrl alt dlt… Safe mode and system restore is in process as we speak… Will be downloading malware cleaner once I’m on xx thankyou xx
harmlessly browsing the web and this comes up. Cant acc believe theyre viruses out there like this. Despite my innocence i was scared to death! thank god this page exists. thankss!
Thank you 🙂 nice job
Thank you so much. Just saved my laptop, my files, my life. You have my utmost respect.
was like wtf when this popped..
I would like to thank you for you help you have saved me and my university coursework
Absolute hero. Cheers squire!
This litterally just popped up on my computer! I’m quite scared as I only went on facebook to check notification and it was telling me my comp was blocked, and now it won’t let me use my computer at all :/
cheers m8
Thank you so much! You’re a blessing! I had no idea what to do, and this worked! Thankyouthankyou!
THANKYOU!!!!!!!!!!
Thankyou so much. Was literally shitting myself, Very relieved, Cheers 🙂
I have just shat my pants, thinking i have really got to start using iTunes insted phewwwwwwww, system recovery worked for me your a top lad !!
Thank you very much. I nearly piss myself. Im too young to go to the prison for doing nothing wrong….
Thank you sooooo much
Cheers lad system restore helped there! Thought it was going to pack in just when uni has started up as well. Appreciated.
I was planning to run away to France, I couldn’t eat my dinner last night. I was going to call the police and say my laptop had been stolen. Thanks to you, I’m now more vigilante then most people think.
I was going to take my PC to the police station and say f*****g check it! Im not guilty of anything other than music downloads! It makes VERY serious allegations! against you! B******’s Im fuming!
Just got hit by it after downloading something I S**T myself and nearly paid it!!!! Utter B******’s! Thanks buddy much appreciated! just knowing it was a virus in the first place was a big help! Cant be doing with s**t like that.
Thank you soooooo much we just got hit by it and we were really scared managed to do a system restore and download malware etc thank you so much
what a bunch of cunts ay!! i shit myself lol thanks to a restore its sorted…nice one son:)
I got this virus can you tell me if the video recording is actually recording you? as this worries me!
Yes, it can record your webcam.
Thank you Thank you Thank you,
I got hit with a e crime ransonware virus
Without your help i would have gone and brought a new laptop
Will have to be carefull where my 16 year old son goes on here in future
But my thanks go to you
Conciderd suicide i’v been unwell for day worrying
Glad you got rid of it. Don’t do that!
Computer on startup repaire to go back to an earlier time its taking a while is that normal. Got such a fright as it was filming me
Go onto computer by same mode with networking now running full scan with malware totes anti mail ware will this remove the virus?
Safemode start and then start menu to system restor worked a treat; thank you for putting this guide on the web.
thanks for the safe mode advice so i could download new antivirus.knew it was a virus as why would police ask you for money to unlock computer surely if monitoring you they would contact you direct.plus one the reasons on itm entioned computer could have virus passing onto other users.but altho knew virus i admit my stomach sank at first as i was downloading a music track at the time.
sean…3 words for you mate…youre a legend, keep it up.
Cheers!
thanks u so much my husband have the same thing he almost carry hes pc to the technician for why such reason hes pc was locked i thank god may way on you sean this blog solve our pain..makes us worry a lot why he will have this virus watching movie online together with me ….
I obviously wasn’t gonna pay but that s**t looks believable.
Can’t believe someone put that much effort into a virus