Ministry of Public Safety Canada virus - How to remove?
Ministry of Public Safety Canada virus is a ransomware that is installed to random computer systems using Urausy Trojan. The program blocks targeted system completely and doesn’t allow using any of the applications. As you may guess from its name, the application targets users in Canada. The users only see a message in the middle of the computer screen warning that they have violated the law by using or distributing illegal material. Here is how the message of Ministry of Public Safety Canada virus looks like:
Canadian Association of Chiefs of Police
Ministry of Public Safety Canada
Your computer has been blocked up for safety reasons listed below. You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of Canada criminal law.
Article 161 of Canada criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.
Also, you are suspected of violation of “Copyright and Related rights Law” (downloading of pirated music, video, warez) and of use use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of Canada Criminal Law.
Article 148 of Canada criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.
As you see, the message accuses you of using copyrighted content or pornographic files. According to it, this way you are violating Canadian law and have to pay a fine of 100 Canadian dollars. Despite of how convincing it looks, you should beware that it is not related to Canadian police at all. This name is only used to make the program look more legitimate and to get trust from the users.
Pay attention to the method it employs for collecting so called fines. You are asked to do it using Ukash payment system, which requires pre-paid cards. Police never uses such means, so it is a clear proof that Ministry of Public Safety Canada virus is a scam. If you pay the money it requires, it will go straight to the bank accounts of cyber criminals. Police has nothing to do with that.
Security experts strongly recommend removing Ministry of Public Safety Canada virus as soon as you detect it on your system. Since the program blocks your entire system and you cannot even run your security tools normally, you may want to have a look at the removal instructions of this ransomware that we provide below.
If your computer has more than one user account and not all of them are locked, scan whole PC with anti-malware programs, e.g. Spyhunter, by logging to the account that is not blocked. Another option is to use system restore. If none of these methods worked for you, do the following:
- Restart your computer;
- Press F8 while it is still restarting;
- Choose between safe modes in following order: Safe mode, Safe mode with command prompt
Then follow the guides below:
If your computer runs in Safe mode or Safe mode with networking
- Launch MSConfig.
- Disable startup items rundll32 turning on any application from Application Data;. Note, that these are typical locations for Ministry of Public Safety Canada virus but some others might be used.
- Restart the system once again.
- Scan with http://www.2-viruses.com/downloads/spyhunter-i.exe to identify Ministry of Public Safety Canada virus files and delete it.
Here is a video showing how to complete the steps:
If your computer runs in Safe mode with command prompt
- Run Regedit.
- Search for WinLogon Entries. Write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe
- Search registry for Ministry of Public Safety Canada virus files and delete the registry keys referencing the files
- Try to reboot and scan with Spyhunter.
- If this fails, try doing system restore from safe mode with command prompt (rstrui.exe)
If none of safe modes could be launched
Some versions of Ministry of Public Safety Canada virus disable all safe modes, but give a short gap that you can use to run anti-malware programs:
- Reboot normally.
- Enter: http://2-viruses.com/downloads/spyhunter-i.exe . If malware is loaded, just press alt+tab once and keep entering the string blindly. Press Enter.
- Press Alt+tab and then R couple times. Ministry of Public Safety Canada virus process should be killed.
Here is a video detailing this approach:
Hitman Pro USB disk
If you did not succeed using any of the methods above, try scanning PC with a bootable USB or DVD disk. These should be able to remove all versions of Ministry of Public Safety Canada virus, but will not work if your hard drive is encrypted.
For that, we recommend using Hitman Pro Kickstarter USB.
- Download Hitman Pro on uninfected PC.
- Run Hitman and ask to create Kickstarter USB (option on initial screen)
- When USB ready, reboot infected PC with USB attached and press DEL
- Choose USB as primary boot device.
- Boot normally.
- Run Hitman Pro and http://www.2-viruses.com/downloads/spyhunter-i.exe . One of these programs should detect and remove malware from your PC.