PCeU virus - How to remove?

 

What is PCeU virus?

PCeU virus is a ransomware that has been spreading on computer systems for a few weeks now. It completely locks infected system and displays an alert stating that you must pay a fine of 100 pounds as your IP address was used to visit websites containing pornography and your computer also contains files with pornographic content.

PCeU virus warning will give you two options to pay the fine. It states that you can do it either paying through Ukash or through Paysafecard. The message also gives more information on how to do that. Do not fall for this you will only lose your money. Beware that currently there are dozens of programs like that, using a name of police of other institutions to scare computer users and get their money. However, paying this so-called fine is not a solution as your money will reach computer hackers but your problem will not be solved. PCeU ransomware is a tricky malware that you must remove if you want to get your computer to its normal state.

Attention!!!

This operating system is locked due to the violation of the laws of the United Kingdom Following violations detected:

This IP address was used to visit websites containing pornography, child pornography, zoophilia and child abuse, your computer also contains video files with Pornographic content, elements of violence and child pornography! Spam-messages with terrorist motives were also sent from your computer. This computer lock is aimed to stop your illegal activity.

To unlock the computer you are obliged to pay a fine of £ 100.

You could pay the forfeit in two ways:


If an error occurs, send the code to address surcharge@cyber-metropolitan-police.co.uk.

Never take such warning for granted and never pay anything that it asks you to. No legitimate government institution will ask for payment using pre-paid cards and only pre-paid cards like Ukash. Additionally, none of such institutions would block your PC with software. Note that once infected with PCeU virus, you will not be able to use any program and not even browse the Internet. This complicates the situation even more as you are not able to use any security tools to remove PCeU trojan. Try these steps to overcome this problem:

  1. Restart infected computer and hit F8 while its booting.
  2. Choose Safe Mode with Networking.
  3. Launch MSConfig.
  4. Disable startup items rundll32 turning on any application for the Application Data.
  5. Reboot your system one more time.
  6. Scan with http://www.2-viruses.com/downloads/spyhunter-i.exe to identify malicious files and delete them.

Here is a video guide for Reveton or similar version of PCEU Virus (it is named differently for other countries) :

If you can’t access safe mode or safe mode with networking, then you got PCEU virus version like Gimemo, which is more complex to remove.

1. Reboot into safe mode with command prompt. There should not be blank screen, nor PCEU screen..
2. Run regedit. Search for Winlogon.
3. There will be a key labeled Shell under Winlogon. It should reference Explorer.exe or be blank. If there is something else referring an executable in one of users folders, replace it with explorer.exe.
4.Save changes, reboot to safe mode with networking.
5. Run msconfig and disable all unnecessary startup entries. You should be able to reboot normally.
6. Install and run http://www.2-viruses.com/downloads/spyhunter-i.exe. Scan with it the PC and delete PCeU executables that it finds.
Here is a video of similar parasite that is removed the same way :

If you cannot use any safe mode, follow these steps:

  1. Reboot your computer as usually.
  2. Start -> Run.
  3. Enter:  http://2-viruses.com/downloads/spyhunter-i.exe . If malware is loaded, just press alt+tab once and keep entering the string blindly. Press Enter.
  4. Press Alt+tab and then R couple of times. PCeU virus process should be killed now.

Alternatively, use Bootable antivirus scanners from Kaspersky or other antivirus maker. You will have to download and burn them on uninfected PC.

 

Automatic PCeU virus removal tools

 
  Download Spyhunter for PCeU virus detectionNote: Spyhunter trial provides detection of parasite like PCeU virus and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.
 
 
 
* Support is performed by Callstream.
 
 

Manual PCeU virus removal

 

Important Note: Although it is possible to manually remove PCeU virus, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyhunter or other tools found on 2-viruses.com.

Processes:
Files:

It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other PCeU virus infected files and get help in PCeU virus removal by using Spyhunter scanner. 

 

PCeU virus screenshots

 
PCeu-virus
     
 
 
     
     

89 thoughts on “PCeU virus

  1. liam
     

    BASIC!!! Restore your hard drive that’s all I did it worked! Make sure there is nothing you want keeping before you do! Take 30 mins! 100% works

     
  2. Paul
     

    Simples……..

    reboot hit F8 until boot options come onto the screen.

    use safe mode with command

    type in rstrui

    choose restore date from before the infection

    pree enter

    hey presto…….it worked for me!!!!

     
  3. DONALD KIRKBRIDE
     

    I got this pceu virus in my laptop it was even disabling my avast antivirus software
    luckily i have macium reflect on my laptop and after saving all my files pics and music ran the reboot disc and it put the laptop back to factory settings then i had to reinstall my router microsoft office adobe flash player adobe reader avast once done my laptop was fine it seems to have killed this virus
    strange thing though it showed my ip address and said i was in bathgate which is near edinburgh i live 70 miles north of bathgate! which proved it was false it also tried to imply it was central scotland police which is the stirling area not east lothian! so their geography is bollocks for a start

    I just hope i never get this virus in the laptop again as you say its a nasty one and is a con to get money out of people i wonder if its the same lot who phone you to say your computer has a virus in it i usually tell them im a qualified microsoft engineer and to get lost or say tell me what the problem is and i will go back to the computer shop as ive just collected it from there after having it repaired which cost me £120 they usually hang up then! best way to get them is say can you hang on i need the bathroom and play music on the stereo very loudly for 5 minutes that usually gets rid of them as well!

     
  4. DONALD KIRKBRIDE
     

    I forgot to say ive also got pceu blocked via avast software as well

     
  5. Phil
     

    Brilliant!

    Spyhunter removed all the 1,753 threats including the disatrous pceu!

    Well worth the $47

    Without the ‘download’ instructions above. I would have been totally stuffed!

     
  6. Ken
     

    @Paul
    Thanks it worked for me as well, had tryed more comlicated ways but yours was dead easy.

     
  7. simon
     

    just read pauls comment above (dated september 14th,,
    follow it and it works perfectly,,ace,,,cheers paul,,,it was proper simples thanks to you

     
  8. Lewis
     

    When I restarted my computer to attempt the few f8 methods I hit a bit of a problem, my computer can’t get past the boot options because its failing to start up and everytime I try the startup repair it fails to fix it. Is there a way I can get that problem repaired to move onto removing the PCeU virus?

     
  9. Mike
     

    Isn’t it funny how every time a new hijacker/ransom-ware starts to spread there’s always a whole bunch of companies waiting in the wings ready to cash in with their removal kits. It’s almost enough to make you wonder who’s who in the world of cyber crime/security.

    System restore has done the trick every time for me. And it’s free. See Paul’s comment above.

     
  10. Mike
     

    Lewis. It sounds like your issue is compounded by a different issue. Perhaps you could use a different computer to search for any error messages or symptoms you experience when trying to boot up the faulty/infected pc.

     
  11. Matt Davis
     

    Hold on. I’m removing ransomware here and you want €30 in order to get rid off it and avoid £100 fine? Something stinks

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Matt Davis : once its process is killed, you can delete the infected files manually. Spyhunter identifies them for free, also helps protecting your PC from infection.

       
  12. Jim
     

    Hello I cannot remove the pceu virus. I have loaded kaspersky rescue disk, and in the menue there wasn’t a tab call Kaspersky windowsunlocker then I went to terminal and typed in windows unlocker and it would not work. Then I tried the video on youtube called Britec and followed it and still no luck. Can you help me please I cannot even get any thing on the screen.

     
  13. Joanne
     

    After rebooting it just goes straight back to the pceu screen and not into safe mode ! Help !

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Joanne : Press F8 right after reboot.

       
  14. Gary
     

    PCEU came up on my computer, i am on the safe mode at the moment. i was wondering if i downloaded the norton anti virus would it help at all or even if i restored my computer? i only got the laptop so i have no documents and have only downloaded microsoft ? please help. thanks

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Gary : Norton Power Eraser CD should work. Though if you can access Safe mode, it is as easy as stopping startup entries in most cases. Watch the video.

       
  15. Saeed
     

    Thanks Paul u the man. It work fine like befor thanks again.

     
  16. Kayleigh
     

    @Paul Great advice. Worked first time

     
  17. kenny
     

    @Lewis
    switch on then take the battery out or switch off then restart start in safe mode and run system restore till the day before the infection and it should be ok.

     
  18. james
     

    thanks paul. worked for me bud.. post dated September 14th, 2012 at 18:19 | #2

    take care bud.

     
  19. Kate
     

    Paul you have actually just saved my life!!!!!!!!!!!! And my dissertation!!!!!!! Thank you so much.

     
  20. Zoe
     

    Thanks Paul, again you have helped. This is a nasty one, but your solution worked first time. Anti virus software now installed, hope thats the end of it for us! This came up on daughter’s laptop and she was terrified by it. Never seen anything like it before! Thanks, once again.

     
  21. Mandy
     

    Just fixed my boyfriend’s computer with system restore no problem at all.

     
  22. colin
     

    @Paul paul you are a star spent all day trying to get rid and then used 2nd computer found this site and followed your system as it was the easier one of several 5mins and my lap top back in my hands thank you.

     
  23. coll
     

    Paul thankyouuuuuuuuu so much!!!!

     
  24. Brian Jones
     

    Brilliant Paul. Many thanks. Worked first time@Paul

     
  25. TC
     

    Heelp..! I’ve got this virus on the pc. Wi fi phone/ipad are ok. Tried reboot in safe mode, with command prompt and then my system is asking me for the administrator password before I can log in. I haven’t used that account for years..any ideas?

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      TC: it might be blank or Administrator.

       
  26. TK
     

    Paul you’re a life saver! I’m totally computer illiterate but even I understood your instructions! My laptop is mine again! I do have an antivirus, can anyone suggest how to avoid this happening again? I would have thought the antivirus would have protected me?

     
  27. joe
     

    Hi, can anyone tell me what instruction 4 disable start up items rundll32 means pls. can’t find any ref. to this. c

     
  28. E
     

    Hi All,

    I, too got hit with this one but managed to recover. People can lose months or years of work/data just because some people think they are so much cleverer than J. Bloggs – Would be nice to know where they are physically located, just so we can point out the error of their ways

     
  29. Tudor Necula
     

    Thank you mate , i just had this problem and you been verry helpfull . Thsnk you again

     
  30. lord d
     

    I got it last night tried spybot in safe mode , didnt work
    tried spyhunter link on this site couldn’t instal due to admin restrictions

    then tried system restore in safe mode and it sorted it no problem

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Lord d : Spyhunter installs in safe mode with networking (It requires network access). Though I recommend scanning your PC with both softwares after the malware is gone (to make sure there is no trojan downloader).

       
  31. Smudge 055
     

    Cheers Paul for the info, great to see there’s people out there like your good self who are willing to give out the urgent information needed for free & are not in it for a quick buck like these scammers & the spyware companies who are clearly cashing in on peoples misfortunes. Strange how these companies seem to appear & hover like vultures when a virus strikes… It makes you think doesn’t it!!

     
  32. Paul J
     

    Paul your an absolute legend. Thanks for this. It has hopefully worked going back. Thanks again

     
  33. jack g
     

    thanks to the comments i just restored my computer to a time when it didnt have the pceu virus and ,,,, ITS GONE :) thanks to all the comments :)

     
  34. shane
     

    Paul I could kiss u. That was so simple and it worked a charm.

     
  35. Abu
     

    Help help help ,my loptop block by pceu .could you help me please,what I have to do?

     
    1. Giedrius Majauskas (admin)
       
       
      Post author
       
  36. Gord
     

    Well, I went on Safe Mode and System Config and disabled a bunch of suspicious things that popped up saying they would load on start.
    Apparently I had quite a few viruses, but I tracked them down myself and destroyed them. I haven’t even used SpyHunter at the moment, but my computer is working completely fine. I’m staying safe until I can get Spyhunter to double check. Apparently I had some Russian virus on my computer for a while that was doing nothing. Funny that!

    Also it helps to be prepared. I always keep a small metal strip blu-tacked to my computer to block my webcam when I’m not using it, just in case… PCeU said it was recording my webcam, so they got a blank screen! Haha.

     
  37. Gordon
     

    Please help.
    My LC has become infected with this virus. I’m using windows co media centre addition.
    I have tried to reboot by pressing F8 then selecting safe mode with networking, with command prompt, just safe mode and even last known good configuration but all that happens is-
    Black screen appears with multi disk/run disk comments running down the screen then I have a blue screen with text on saying,
    Problem detected and windows shut down.
    Restart computer and check for viruses.
    You have to turn the computer off but then your back to square one.
    I can’t afford to do a hard restore as we have family pictures on here we don’t want to lose.
    Can anyone please give me a solution?
    Thank you

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Gordon : alternate OS scanner CD/USB.

       
  38. Gordon
     

    Sorry to sound thick but I do t know what that means or how to do it?

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Gordon: Do you have some other PC and empty USB stick ? If so:
      On other PC, download hitman Pro ( http://www.2-viruses.com/reviews/hitman-pro ) Make sure it is the same version as your OS (32 or 64 bit). Run it.
      In the lower left there will be 3 buttons, last one, with icon will be create USB Kickstart disk. Follow the instructions.
      Next. Turn off the infected PC. Put USB disk you prepared in USB slot on infected PC.
      Turn it on, press DEL. Go through first/second menu there, look for Booting sequence, choose USB. Exit, and save settings.
      Wait for PC to boot.
      Scan with anti-malware programs, including hitman, Spyware Doctor, etc.

      If you can’t make PC boot from USB, you will have to download CDs from Kaspersky, Avira or Norton and burn them.

       
  39. Lizi
     

    Paul OMG you have saved my life!!!! Thank you so much!

     
  40. Tom
     

    Paul – you have saved me too! Many many thanks

     
  41. Levos
     

    Paul Sweet — or — Sweet Paul both the same TYVM
    How the hell did it get on my PC when I have Total McAfee running 24/7, how would you trace it buddy

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Levos: each malware typically is tested using various antiviruses before launching, then, after hours or a day they are often “repacked” to look differently. Antiviruses with poor behavioral scanners “lag” at detecting malware, though work very well against older versions.

       
  42. brad
     

    I have the pceu virus and tried booting in safe mode but just keep getting a black screen,same with allother modes.trie downloading a kickstart to usb but dont have a usb option in the boot up list.any way of booting from disk?

     
  43. Dan
     

    I’ve had this virus on my PC since January 10th, and cannot remove it.
    It overrides both Safe mode with networking within a minute of the Windows desktop appearing, and Safe mode with prompt has also been unsuccessful – at least, the commands I was told to use failed to work (type cd restore followed by rstrui.exe)
    I’ve also tried System Restore on the startup screen – but it has been switched off (cannot be turned back on in Safe Mode)

    Any ideas?

     
  44. AB
     

    @Paul
    It works!! dead simple. No need to download or pay for any software.

     
  45. Tam
     

    Paul absolute legend mate!
    I was close to tears for a while…infact i think 1 sneaked out!
    THANK YOU

     
  46. Paul's fan club
     
     
  47. brad
     

    At last i got my pc started,nothing was working at all.even asked the currys know how team lol.i used a program called kickstart pro from a usb stick and it worked,had tried before but had no luck booting from usb,some reason this time it worked.anyway all seems working,run just about every anti virus program and found 2 virus running,one was a trojan.all boots up well now but when the computer starts i get the message”error finding end user vggljgllglgig dll”just click red cross and it goes but would like to remove,does it mean i still have a trojan/virus or has that just been left from the infection?

     
  48. Jordan
     

    My command prompt doesn’t work it just freezes at the part where it says please wait and all the files have been loaded, help me please, I’ve used @paul’s method before and it worked but is time it isn’t!!!!!! Please help me anyone???!!!!

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Jordan: You will have to use alternate OS CD or usb.

       
  49. brad
     

    jordan,mine was the same,i realy thought it was gone for good.went to currys and asked the “know how”team and the local pc shop and both were no help.after google searching i found the kickstart pro thing which i installed to flashdrive.couldnt boot from usb so thought it wouldnt work.i then unplugged the hard drive and stuck the usb in and it booted from usb first time.realy command prompt ect didnt work for me either,just back screen on loading file screen and then power off.

     
  50. BOB
     

    PAUL……many thanks….been trying for an hour..luckly logged on to another pc and got this site and done restore ….

     
  51. BOB
     

    just had a thought, why did my Norton not pick this up ??

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Bob: these viruses change daily. No antivirus is capable at detecting all of them each time, though in many cases they help.

       
  52. georgia lee
     

    I’ve just basicly put my laptop back to its factory settings, will this get rid of the virus properly. I’m not every good with laptops so it took me a while to even do this.

     
  53. Tony
     

    Thank you paul for you tip it took me 5mins to get rid of it, you put a big on my face and save me may be some cash. Thanks to everyone else comments meeeeeeow)

     
  54. jodie
     

    I have tried every way that has been stated on here and mine still wont go is there any other way to get rid of this?

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Jodie : Try to use alternate OS scanners. The simplest way (requires empty USB drive and healthy PC) is installing Hitman Pro (http://www.2-viruses.com/reviews/hitman-pro ) on healthy PC, and using its option to create a Kickstarter USB. Then boot infected PC from that usb and scan with anti-malware programs.

       
  55. brett
     

    Thanks Paul , this turned out to be very simple and I know nothing about computers – As I started up the computer , I keyed in F8 as you suggested . The safe mode screen appears and I chose Start up repair . It asked me if I wanted to restore . I clicked yes and it churned away for about 10 minutes. Then low and behold ………. all was back to normal . Thought it would be much more complicated than that . Thanks again .

     
  56. Alex
     

    Followed Paul instructions (Comment No 2) and virus is gone.
    Thank You!

     
  57. Tristan
     

    Thank you so much this looks like it worked so far I’m just about to scan my pc with Spyhunter.

     
  58. Darth
     

    Thanks Paul, your suggestion worked like a charm. It had me fooled and freaked.

     
  59. ron
     

    @Paul paul i have pceu virus i am in safe mode have typed in rstrui but pc is saying not recognised as command ca you help

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Ron: Use MSconfig (the method covered above). If you can access safe mode, you can fix it without system restore too, and some versions of malware disable it.

       
  60. Xenuk
     

    Hi. I think I have a new variant of the PCeU virus. I get the police lock out screen, and when I try to restart in safe mode (any type) the PC restarts immediately windows completes start up. So I can’t get to safe mode to run an anti-virus and the PC is locked out. Any suggestions?

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Use Hitman Pro Kickstarter usb : run http://www.2-viruses.com/reviews/hitman-pro on healthy pc and create USB disk. Boot from it. scan with Hitman or spyhunter

       
  61. Xenuk
     

    @Giedrius Majauskas (admin)

    Thanks for the swift reply. I have tried that, but am having problems. I have downloaded hitman and created a USB disk. But am having problems from there. Have done F12 on startup on the infected PC. There is a USB boot option, with three choices but all three options don’t seem to do anything. It finds the USB hitman device ok but does nothing. I have not used this part of windows before, so not sure what to expect. I have waited over an hour, but nothing. Any suggestions?

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Xenuk : you need to save settings in bios, and then reboot PC again with the usb disk in usb socket. It should boot in around the same time as usual, if not, you would have to use CDs with other scanners, like Norton Power eraser or Avira boot cd. USB disk is simpler to make, but some PCs might have problems with it.

       
  62. Xenuk
     

    I am running Windows XP SP2. I am not sure how to save settings in bios – can you explain? I have followed the steps on the Hitman website. I select F12 at powerup and get a Boot Device Menu. I select USB Device and I think I am in the Hitman app now. I have three options – 1 Bypass Master Boot Record, 2 Regular Boot, 3 Legacy Boot. Option 1 fails with two couldn’t open drive messages. Option 2 fails the same way. Option 3 takes me to a select operating system screen. I select Windows XP rather than recovery console and this fails with \Windows\system32\config\system missing or corrupt. Am I using Hitman correctly? I have the windows installation disk and key so can try repairing Windows if this is really the problem. But Windows starts fine, but is just ransomed normally.

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Xenuk : you are using Hitman correctly. It looks like you will have to burn and use Avira CD or similar.

       
  63. Xenuk
     

    OK. Thanks for your help. I don’t have any CDs to hand at the moment. Can you recommend another USB solution, or will they all have the same issues as Hitman?

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Xenuk : depends. Hitman works differently, it tries to load base system without possibly infected files. This works well as it does not require large downloads or re-entering internet settings. Other USB and most of CD disks work differently. You could try http://support.kaspersky.com/8092 Kaspersky rescue USB, there are more solutions that can be installed to USB.

       
  64. Xenuk
     

    OK, thanks for that. I have created a Avira Rescue CD and used it, but I seem to have missed something. It ran and found 14 infected files and viruses and these were deleted. I ran it several times to get a clean scan. However, when I restart windows it is still ransomed. Also if I access windows through Avira (option 2) it is also still ransomed. Assuming the PC is clean, it appears there is still a registry key or setting that still locks windows. Also still can’t use Safe Mode. Any help would be appreciated.

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Xenuk : Check if you can boot from Hitman USB now. Ransomware infection = one file and couple registry entries usually. So I guess Avira fixed trojan/rootkit infection that installed the ransomware in the first place.
      Or use Norton Power Eraser CD. (No antivirus is 100% )

       
  65. Xenuk
     

    Thanks for the advice. I used Kaspersky Rescue CD and that has done the job. Thank you for your help.

     
  66. steve
     

    When I try the Kaspersky USB rescue disk I get a invalid partition table error. When I try the Kaspersky CD rescue disk I get a selected boot device failed. Any ideas

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Steve: in such cases i would try hitman pro kickstarter usb, as it uses original boot sequence. Might not always work, though.

       
  67. Ian
     

    Hi, I have this virus, I can’t access safe mode at all – it just closes down and restarts normally, straight into the PCeU screen. Have downloaded hitman onto a USB, but when I go to Boot menu it won’t boot using the USB. Is the virus disabling the USB or is the USB faulty. How do I get rid of this? Got work to do!!!

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Ian: have you created USB kickstarter disk ? Simply copying hitman pro to the disk won’t do it.
      If this does not work, create Kaspersky rescue CD and boot from it

       
  68. Ian
     

    Don’t know how to do that. Please advise.
    Thanks

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Run Hitman Pro on non-infected PC. There will be an icon for Kickstarter USB. Put usb in (it will be formated), and follow the instructions.

       

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>