The Policia Federal Virus - How to remove?
The Policia Federal Virus is a ransomware that blocks an infected computer’s screen demanding for a fine to be paid. It pretends to be from the Federal Police and accuses a victim of crimes related to using and distribution of pornographic material, Spam or illegal using of copyrighted content. The fine required is 1000 MXN and should be paid using Ukash or PaySafeCard not later than 48 hours after the bogus notification had been displayed.
If you see a message like the one below, do not believe it:
Su ordenador se ha bloqueado!
El funcionamiento de su ordenador fue interrumpido a causa de indices de ciberactividad desautorizada.
Los delitos posibles cometidos por Lid se indican abajo.
Cláusula 274— Derechos de autor Multa o privación de libertad de hasta 4 anos. (utilización o distribuición de los ficheros protegidos con derechos de autor — peliculas, software)
Cláusula 183 — Productos pornográficos Multa o o privación de libertad de hasta 2 anos. (Utilización o distribuición de los ficheros pornográficos)
Please note, that if you have a webcam installed, the Policia Federal Virus is programmed to turn it on. Although it says that your picture will be sent to local police authorities for identification, this is not true. Cyber criminals change the blocking screen design and text regularly. It may be written in the language of a computer user or Trojan creators. No matter how professional the warning looks like and what tricks are being used to convince an infected computer’s user to pay the ransom, do not believe this scam. Remember, no official authorities use such methods like blocking a computer’s screen out of nowhere. Moreover, if prepaid payment system is given as an option to pay the fine, you can be sure it is a fake alert. None of governmental authorities use such a payment method.
In order to remove the Policia Federal Virus follow the instructions below. Please choose the variant best suitable for the version of Trojan your computer has.
If there is more than one user account on an infected computer and at least one of them is not blocked, login to this account. You should scan whole PC with anti-malware programs, e.g. Spyhunter. System restore can be also applied.
Method II – Safe mode with networking
- Restart your computer. Press F8 while it is restarting.
- Choose safe mode or safe mode with networking. If you cannot select this option go to Method III.
- Launch MSConfig.
- Disable startup items rundll32 turning on any application from Application Data. Please note, that other locations can be also used.
- Restart the system once again.
- Scan with http://www.2-viruses.com/downloads/spyhunter-i.exe. It should detect and delete the Policia Federal Virus. Watch a video guide illustrating the steps above:
Method III – Safe Mode with Command Prompt
- Restart your computer choosing Safe Mode with Command Prompt. If the Policia Federal Virus blocks it, go to the method IV.
- Run Regedit.
- Search for WinLogon Entries. Write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe.
- Search registry for the Policia Federal Virus files and delete the registry keys referencing the files.
- Try to reboot and scan with Spyhunter.
- If this fails, try doing system restore from safe mode with command prompt (rstrui.exe). Watch the video guide:
Method IV – all Safe Modes are blocked
- If you see a short gap before the locking screen shows up, use it for an antimalware program to be run. If you do not succeed, go to Method V.
- Reboot normally.
- Enter : http://2-viruses.com/downloads/spyhunter-i.exe . If malware is loaded, just press alt+tab once and keep entering the string blindly. Press Enter.
- Press Alt+tab and then R couple times. the Policia Federal Virus process should be killed.
You will need another computer that is not infected. Download antivirus program, e.g. Spyhunter to a bootable USB or DVD disk. Insert it to an infected computer. The program will start automatically and remove the Policia Federal Virus. This method will not work if your hard drive is encrypted.