How to remove PCeU virus

 

PCeU virus is a ransomware that has been spreading on computer systems for a few weeks now. It completely locks infected system and displays an alert stating that you must pay a fine of 100 pounds as your IP address was used to visit websites containing pornography and your computer also contains files with pornographic content.

PCeU virus warning will give you two options to pay the fine. It states that you can do it either paying through Ukash or through Paysafecard. The message also gives more information on how to do that. Do not fall for this you will only lose your money. Beware that currently there are dozens of programs like that, using a name of police of other institutions to scare computer users and get their money. However, paying this so-called fine is not a solution as your money will reach computer hackers but your problem will not be solved. PCeU ransomware is a tricky malware that you must remove if you want to get your computer to its normal state.

Attention!!!

This operating system is locked due to the violation of the laws of the United Kingdom Following violations detected:

This IP address was used to visit websites containing pornography, child pornography, zoophilia and child abuse, your computer also contains video files with Pornographic content, elements of violence and child pornography! Spam-messages with terrorist motives were also sent from your computer. This computer lock is aimed to stop your illegal activity.

To unlock the computer you are obliged to pay a fine of £ 100.

You could pay the forfeit in two ways:


If an error occurs, send the code to address surcharge@cyber-metropolitan-police.co.uk.

Never take such warning for granted and never pay anything that it asks you to. No legitimate government institution will ask for payment using pre-paid cards and only pre-paid cards like Ukash. Additionally, none of such institutions would block your PC with software. Note that once infected with PCeU virus, you will not be able to use any program and not even browse the Internet. This complicates the situation even more as you are not able to use any security tools to remove PCeU trojan. Try these steps to overcome this problem:

  1. Restart infected computer and hit F8 while its booting.
  2. Choose Safe Mode with Networking.
  3. Launch MSConfig.
  4. Disable startup items rundll32 turning on any application for the Application Data.
  5. Reboot your system one more time.
  6. Scan with http://www.2-viruses.com/downloads/spyhunter-i.exe to identify malicious files and delete them.

Here is a video guide for Reveton or similar version of PCEU Virus (it is named differently for other countries) :

If you can’t access safe mode or safe mode with networking, then you got PCEU virus version like Gimemo, which is more complex to remove.

1. Reboot into safe mode with command prompt. There should not be blank screen, nor PCEU screen..
2. Run regedit. Search for Winlogon.
3. There will be a key labeled Shell under Winlogon. It should reference Explorer.exe or be blank. If there is something else referring an executable in one of users folders, replace it with explorer.exe.
4.Save changes, reboot to safe mode with networking.
5. Run msconfig and disable all unnecessary startup entries. You should be able to reboot normally.
6. Install and run http://www.2-viruses.com/downloads/spyhunter-i.exe. Scan with it the PC and delete PCeU executables that it finds.
Here is a video of similar parasite that is removed the same way :

If you cannot use any safe mode, follow these steps:

  1. Reboot your computer as usually.
  2. Start -> Run.
  3. Enter:  http://2-viruses.com/downloads/spyhunter-i.exe . If malware is loaded, just press alt+tab once and keep entering the string blindly. Press Enter.
  4. Press Alt+tab and then R couple of times. PCeU virus process should be killed now.

Alternatively, use Bootable antivirus scanners from Kaspersky or other antivirus maker. You will have to download and burn them on uninfected PC.

 

Automatic PCeU virus removal tools

 
  Download Spyhunter for PCeU virus detectionNote: Spyhunter trial provides detection of parasite like PCeU virus and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.
 

Manual PCeU virus removal

 

Important Note: Although it is possible to manually remove PCeU virus, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyhunter or other tools found on 2-viruses.com.

Processes:
Files:

It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other PCeU virus infected files and get help in PCeU virus removal by using Spyhunter scanner. 

 

PCeU virus screenshots

 
PCeu-virus
 
 
 
 
 
 
 
 
 
 

89 thoughts on “PCeU virus

  1. liam
     

    BASIC!!! Restore your hard drive that’s all I did it worked! Make sure there is nothing you want keeping before you do! Take 30 mins! 100% works

     
  2. Paul
     

    Simples……..

    reboot hit F8 until boot options come onto the screen.

    use safe mode with command

    type in rstrui

    choose restore date from before the infection

    pree enter

    hey presto…….it worked for me!!!!

     
  3. DONALD KIRKBRIDE
     

    I got this pceu virus in my laptop it was even disabling my avast antivirus software
    luckily i have macium reflect on my laptop and after saving all my files pics and music ran the reboot disc and it put the laptop back to factory settings then i had to reinstall my router microsoft office adobe flash player adobe reader avast once done my laptop was fine it seems to have killed this virus
    strange thing though it showed my ip address and said i was in bathgate which is near edinburgh i live 70 miles north of bathgate! which proved it was false it also tried to imply it was central scotland police which is the stirling area not east lothian! so their geography is bollocks for a start

    I just hope i never get this virus in the laptop again as you say its a nasty one and is a con to get money out of people i wonder if its the same lot who phone you to say your computer has a virus in it i usually tell them im a qualified microsoft engineer and to get lost or say tell me what the problem is and i will go back to the computer shop as ive just collected it from there after having it repaired which cost me £120 they usually hang up then! best way to get them is say can you hang on i need the bathroom and play music on the stereo very loudly for 5 minutes that usually gets rid of them as well!

     
  4. Phil
     

    Brilliant!

    Spyhunter removed all the 1,753 threats including the disatrous pceu!

    Well worth the $47

    Without the ‘download’ instructions above. I would have been totally stuffed!

     
  5. simon
     

    just read pauls comment above (dated september 14th,,
    follow it and it works perfectly,,ace,,,cheers paul,,,it was proper simples thanks to you

     
  6. Lewis
     

    When I restarted my computer to attempt the few f8 methods I hit a bit of a problem, my computer can’t get past the boot options because its failing to start up and everytime I try the startup repair it fails to fix it. Is there a way I can get that problem repaired to move onto removing the PCeU virus?

     
  7. Mike
     

    Isn’t it funny how every time a new hijacker/ransom-ware starts to spread there’s always a whole bunch of companies waiting in the wings ready to cash in with their removal kits. It’s almost enough to make you wonder who’s who in the world of cyber crime/security.

    System restore has done the trick every time for me. And it’s free. See Paul’s comment above.

     
  8. Mike
     

    Lewis. It sounds like your issue is compounded by a different issue. Perhaps you could use a different computer to search for any error messages or symptoms you experience when trying to boot up the faulty/infected pc.

     
  9. Matt Davis
     

    Hold on. I’m removing ransomware here and you want €30 in order to get rid off it and avoid £100 fine? Something stinks

     
  10. Jim
     

    Hello I cannot remove the pceu virus. I have loaded kaspersky rescue disk, and in the menue there wasn’t a tab call Kaspersky windowsunlocker then I went to terminal and typed in windows unlocker and it would not work. Then I tried the video on youtube called Britec and followed it and still no luck. Can you help me please I cannot even get any thing on the screen.

     
  11. Gary
     

    PCEU came up on my computer, i am on the safe mode at the moment. i was wondering if i downloaded the norton anti virus would it help at all or even if i restored my computer? i only got the laptop so i have no documents and have only downloaded microsoft ? please help. thanks

     
  12. kenny
     

    @Lewis
    switch on then take the battery out or switch off then restart start in safe mode and run system restore till the day before the infection and it should be ok.

     
  13. Zoe
     

    Thanks Paul, again you have helped. This is a nasty one, but your solution worked first time. Anti virus software now installed, hope thats the end of it for us! This came up on daughter’s laptop and she was terrified by it. Never seen anything like it before! Thanks, once again.

     
  14. colin
     

    @Paul paul you are a star spent all day trying to get rid and then used 2nd computer found this site and followed your system as it was the easier one of several 5mins and my lap top back in my hands thank you.

     
  15. TC
     

    Heelp..! I’ve got this virus on the pc. Wi fi phone/ipad are ok. Tried reboot in safe mode, with command prompt and then my system is asking me for the administrator password before I can log in. I haven’t used that account for years..any ideas?

     
  16. TK
     

    Paul you’re a life saver! I’m totally computer illiterate but even I understood your instructions! My laptop is mine again! I do have an antivirus, can anyone suggest how to avoid this happening again? I would have thought the antivirus would have protected me?

     
  17. E
     

    Hi All,

    I, too got hit with this one but managed to recover. People can lose months or years of work/data just because some people think they are so much cleverer than J. Bloggs – Would be nice to know where they are physically located, just so we can point out the error of their ways

     
  18. lord d
     

    I got it last night tried spybot in safe mode , didnt work
    tried spyhunter link on this site couldn’t instal due to admin restrictions

    then tried system restore in safe mode and it sorted it no problem

     
  19. Smudge 055
     

    Cheers Paul for the info, great to see there’s people out there like your good self who are willing to give out the urgent information needed for free & are not in it for a quick buck like these scammers & the spyware companies who are clearly cashing in on peoples misfortunes. Strange how these companies seem to appear & hover like vultures when a virus strikes… It makes you think doesn’t it!!

     
  20. jack g
     

    thanks to the comments i just restored my computer to a time when it didnt have the pceu virus and ,,,, ITS GONE :) thanks to all the comments :)

     
  21. Gord
     

    Well, I went on Safe Mode and System Config and disabled a bunch of suspicious things that popped up saying they would load on start.
    Apparently I had quite a few viruses, but I tracked them down myself and destroyed them. I haven’t even used SpyHunter at the moment, but my computer is working completely fine. I’m staying safe until I can get Spyhunter to double check. Apparently I had some Russian virus on my computer for a while that was doing nothing. Funny that!

    Also it helps to be prepared. I always keep a small metal strip blu-tacked to my computer to block my webcam when I’m not using it, just in case… PCeU said it was recording my webcam, so they got a blank screen! Haha.

     
  22. Gordon
     

    Please help.
    My LC has become infected with this virus. I’m using windows co media centre addition.
    I have tried to reboot by pressing F8 then selecting safe mode with networking, with command prompt, just safe mode and even last known good configuration but all that happens is-
    Black screen appears with multi disk/run disk comments running down the screen then I have a blue screen with text on saying,
    Problem detected and windows shut down.
    Restart computer and check for viruses.
    You have to turn the computer off but then your back to square one.
    I can’t afford to do a hard restore as we have family pictures on here we don’t want to lose.
    Can anyone please give me a solution?
    Thank you

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Gordon: Do you have some other PC and empty USB stick ? If so:
      On other PC, download hitman Pro ( http://www.2-viruses.com/reviews/hitman-pro ) Make sure it is the same version as your OS (32 or 64 bit). Run it.
      In the lower left there will be 3 buttons, last one, with icon will be create USB Kickstart disk. Follow the instructions.
      Next. Turn off the infected PC. Put USB disk you prepared in USB slot on infected PC.
      Turn it on, press DEL. Go through first/second menu there, look for Booting sequence, choose USB. Exit, and save settings.
      Wait for PC to boot.
      Scan with anti-malware programs, including hitman, Spyware Doctor, etc.

      If you can’t make PC boot from USB, you will have to download CDs from Kaspersky, Avira or Norton and burn them.

       
  23. Levos
     

    Paul Sweet — or — Sweet Paul both the same TYVM
    How the hell did it get on my PC when I have Total McAfee running 24/7, how would you trace it buddy

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Levos: each malware typically is tested using various antiviruses before launching, then, after hours or a day they are often “repacked” to look differently. Antiviruses with poor behavioral scanners “lag” at detecting malware, though work very well against older versions.

       
  24. brad
     

    I have the pceu virus and tried booting in safe mode but just keep getting a black screen,same with allother modes.trie downloading a kickstart to usb but dont have a usb option in the boot up list.any way of booting from disk?

     
  25. Dan
     

    I’ve had this virus on my PC since January 10th, and cannot remove it.
    It overrides both Safe mode with networking within a minute of the Windows desktop appearing, and Safe mode with prompt has also been unsuccessful – at least, the commands I was told to use failed to work (type cd restore followed by rstrui.exe)
    I’ve also tried System Restore on the startup screen – but it has been switched off (cannot be turned back on in Safe Mode)

    Any ideas?

     
  26. brad
     

    At last i got my pc started,nothing was working at all.even asked the currys know how team lol.i used a program called kickstart pro from a usb stick and it worked,had tried before but had no luck booting from usb,some reason this time it worked.anyway all seems working,run just about every anti virus program and found 2 virus running,one was a trojan.all boots up well now but when the computer starts i get the message”error finding end user vggljgllglgig dll”just click red cross and it goes but would like to remove,does it mean i still have a trojan/virus or has that just been left from the infection?

     
  27. Jordan
     

    My command prompt doesn’t work it just freezes at the part where it says please wait and all the files have been loaded, help me please, I’ve used @paul’s method before and it worked but is time it isn’t!!!!!! Please help me anyone???!!!!

     
  28. brad
     

    jordan,mine was the same,i realy thought it was gone for good.went to currys and asked the “know how”team and the local pc shop and both were no help.after google searching i found the kickstart pro thing which i installed to flashdrive.couldnt boot from usb so thought it wouldnt work.i then unplugged the hard drive and stuck the usb in and it booted from usb first time.realy command prompt ect didnt work for me either,just back screen on loading file screen and then power off.

     
  29. georgia lee
     

    I’ve just basicly put my laptop back to its factory settings, will this get rid of the virus properly. I’m not every good with laptops so it took me a while to even do this.

     
  30. Tony
     

    Thank you paul for you tip it took me 5mins to get rid of it, you put a big on my face and save me may be some cash. Thanks to everyone else comments meeeeeeow)

     
  31. brett
     

    Thanks Paul , this turned out to be very simple and I know nothing about computers – As I started up the computer , I keyed in F8 as you suggested . The safe mode screen appears and I chose Start up repair . It asked me if I wanted to restore . I clicked yes and it churned away for about 10 minutes. Then low and behold ………. all was back to normal . Thought it would be much more complicated than that . Thanks again .

     
  32. Xenuk
     

    Hi. I think I have a new variant of the PCeU virus. I get the police lock out screen, and when I try to restart in safe mode (any type) the PC restarts immediately windows completes start up. So I can’t get to safe mode to run an anti-virus and the PC is locked out. Any suggestions?

     
  33. Xenuk
     

    @Giedrius Majauskas (admin)

    Thanks for the swift reply. I have tried that, but am having problems. I have downloaded hitman and created a USB disk. But am having problems from there. Have done F12 on startup on the infected PC. There is a USB boot option, with three choices but all three options don’t seem to do anything. It finds the USB hitman device ok but does nothing. I have not used this part of windows before, so not sure what to expect. I have waited over an hour, but nothing. Any suggestions?

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Xenuk : you need to save settings in bios, and then reboot PC again with the usb disk in usb socket. It should boot in around the same time as usual, if not, you would have to use CDs with other scanners, like Norton Power eraser or Avira boot cd. USB disk is simpler to make, but some PCs might have problems with it.

       
  34. Xenuk
     

    I am running Windows XP SP2. I am not sure how to save settings in bios – can you explain? I have followed the steps on the Hitman website. I select F12 at powerup and get a Boot Device Menu. I select USB Device and I think I am in the Hitman app now. I have three options – 1 Bypass Master Boot Record, 2 Regular Boot, 3 Legacy Boot. Option 1 fails with two couldn’t open drive messages. Option 2 fails the same way. Option 3 takes me to a select operating system screen. I select Windows XP rather than recovery console and this fails with \Windows\system32\config\system missing or corrupt. Am I using Hitman correctly? I have the windows installation disk and key so can try repairing Windows if this is really the problem. But Windows starts fine, but is just ransomed normally.

     
  35. Xenuk
     

    OK. Thanks for your help. I don’t have any CDs to hand at the moment. Can you recommend another USB solution, or will they all have the same issues as Hitman?

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Xenuk : depends. Hitman works differently, it tries to load base system without possibly infected files. This works well as it does not require large downloads or re-entering internet settings. Other USB and most of CD disks work differently. You could try http://support.kaspersky.com/8092 Kaspersky rescue USB, there are more solutions that can be installed to USB.

       
  36. Xenuk
     

    OK, thanks for that. I have created a Avira Rescue CD and used it, but I seem to have missed something. It ran and found 14 infected files and viruses and these were deleted. I ran it several times to get a clean scan. However, when I restart windows it is still ransomed. Also if I access windows through Avira (option 2) it is also still ransomed. Assuming the PC is clean, it appears there is still a registry key or setting that still locks windows. Also still can’t use Safe Mode. Any help would be appreciated.

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Xenuk : Check if you can boot from Hitman USB now. Ransomware infection = one file and couple registry entries usually. So I guess Avira fixed trojan/rootkit infection that installed the ransomware in the first place.
      Or use Norton Power Eraser CD. (No antivirus is 100% )

       
  37. steve
     

    When I try the Kaspersky USB rescue disk I get a invalid partition table error. When I try the Kaspersky CD rescue disk I get a selected boot device failed. Any ideas

     
  38. Ian
     

    Hi, I have this virus, I can’t access safe mode at all – it just closes down and restarts normally, straight into the PCeU screen. Have downloaded hitman onto a USB, but when I go to Boot menu it won’t boot using the USB. Is the virus disabling the USB or is the USB faulty. How do I get rid of this? Got work to do!!!

     

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>