PCeU virus - How to remove?
PCeU virus is a ransomware that has been spreading on computer systems for a few weeks now. It completely locks infected system and displays an alert stating that you must pay a fine of 100 pounds as your IP address was used to visit websites containing pornography and your computer also contains files with pornographic content.
PCeU virus warning will give you two options to pay the fine. It states that you can do it either paying through Ukash or through Paysafecard. The message also gives more information on how to do that. Do not fall for this you will only lose your money. Beware that currently there are dozens of programs like that, using a name of police of other institutions to scare computer users and get their money. However, paying this so-called fine is not a solution as your money will reach computer hackers but your problem will not be solved. PCeU ransomware is a tricky malware that you must remove if you want to get your computer to its normal state.
This operating system is locked due to the violation of the laws of the United Kingdom Following violations detected:
This IP address was used to visit websites containing pornography, child pornography, zoophilia and child abuse, your computer also contains video files with Pornographic content, elements of violence and child pornography! Spam-messages with terrorist motives were also sent from your computer. This computer lock is aimed to stop your illegal activity.
To unlock the computer you are obliged to pay a fine of £ 100.
You could pay the forfeit in two ways:
If an error occurs, send the code to address email@example.com.
Never take such warning for granted and never pay anything that it asks you to. No legitimate government institution will ask for payment using pre-paid cards and only pre-paid cards like Ukash. Additionally, none of such institutions would block your PC with software. Note that once infected with PCeU virus, you will not be able to use any program and not even browse the Internet. This complicates the situation even more as you are not able to use any security tools to remove PCeU trojan. Try these steps to overcome this problem:
- Restart infected computer and hit F8 while its booting.
- Choose Safe Mode with Networking.
- Launch MSConfig.
- Disable startup items rundll32 turning on any application for the Application Data.
- Reboot your system one more time.
- Scan with http://www.2-viruses.com/downloads/spyhunter-i.exe to identify malicious files and delete them.
Here is a video guide for Reveton or similar version of PCEU Virus (it is named differently for other countries) :
If you can’t access safe mode or safe mode with networking, then you got PCEU virus version like Gimemo, which is more complex to remove.
1. Reboot into safe mode with command prompt. There should not be blank screen, nor PCEU screen..
2. Run regedit. Search for Winlogon.
3. There will be a key labeled Shell under Winlogon. It should reference Explorer.exe or be blank. If there is something else referring an executable in one of users folders, replace it with explorer.exe.
4.Save changes, reboot to safe mode with networking.
5. Run msconfig and disable all unnecessary startup entries. You should be able to reboot normally.
6. Install and run http://www.2-viruses.com/downloads/spyhunter-i.exe. Scan with it the PC and delete PCeU executables that it finds.
Here is a video of similar parasite that is removed the same way :
If you cannot use any safe mode, follow these steps:
- Reboot your computer as usually.
- Start -> Run.
- Enter: http://2-viruses.com/downloads/spyhunter-i.exe . If malware is loaded, just press alt+tab once and keep entering the string blindly. Press Enter.
- Press Alt+tab and then R couple of times. PCeU virus process should be killed now.
Alternatively, use Bootable antivirus scanners from Kaspersky or other antivirus maker. You will have to download and burn them on uninfected PC.