POLITIE Belgique Police Fédérale virus - How to remove?
POLITIE Belgique Police Fédérale virus is a ransomware that belongs to a wide Urausy family. As many other Trojans it blocks a computer‘s screen a few minutes after attacking a system. Once the locking message is displayed a PC does not respond to almost any commands. In order to remove the locking one is supposed to pay a fine of 100 EUR. The scam targets computers located in Belgium.
If you see a warning informing that laws related to illegal distribution and usage of copyrighted content, for example, music, videos or films have been breached, that files related to child pornography were detected in this computer or it was used for Spam, it is very likely you are facing POLITIE Belgique Police Fédérale virus. Do not fall for this scam no matter how legitimate it might look from the first sight. The text may vary time to time but it should be similar to the one below:
BELGIQUE POLICE FÉDÉRALE
ATTENTION! Votre ordinateur est bloqué à cause d’un ou de plusieurs
liberté pour de 4 à 9 ans. L’accès illégal a été effectué à votre insu, votre ordinateur est probablement infecté par le logiciel nuisible, de ce fait vous violez la loi «Sur l’utilisation négligente de l’ordinateur. L’article 210 du Code pénal prévoit l’amende d’un montant de 2000€ jusqu’à 8000E.
La somme de l’amende fait 100E. Utilisez PaySafeCard ou Ukash. Au paiement de l’amende et après ce que ragréent est reçu sur le compte de l’État votre ordinateur sera débloqué pendant 1 à 72 heures.
Please note, that none of official institutions use such methods as blocking computer’s screen remotely. If POLITIE Belgique Police Fédérale virus turns your webcam on and films the surroundings, you should not get scared as well. This is one more trick it uses and the information is never sent to any police. Moreover, if a payment method is given as prepaid payment, for example Ukash, Moneypak or Paysafecard, you can be 100% sure cyber criminals are behind it. This is the only way for them to collect money without being caught because tracing the money according to the PIN’s is almost impossible as these are quickly sold at underground forums.
Depending on the version of the POLITIE Belgique Police Fédérale virus there is more than one its removal method:
When Safe mode is available:
- For a Safe mode with networking to be selected restart your computer and press F8 while it is restarting;
- Launch MSConfig;
- Disable startup items rundll32 turning on any application from Application Data;
- Restart your computer again;
- Scan your computer using Spyhunter. It will find and remove the POLITIE Belgique Police Fédérale virus. Below is a video showing how to complete the steps:
When Safe Mode and Safe Mode with Networking is blocked
- For a Safe Mode with command prompt to be selected restart your computer and press F8 while it is restarting.
- Run regedit. Search for Winlogon.
- There will be a key labeled Shell under Winlogon. It should refer to Explorer.exe or be blank. If there is something else referring an executable in one of user’s folders, replace it with explorer.exe.
- Save changes, restart to safe mode with networking.
- Run msconfig and disable all unnecessary startup entries. You should be able to restart normally.
- Download Spyhunter and scan your computer using it. The tool will find and remove the POLITIE Belgique Police Fédérale virus. Watch the video illustrating these steps:
When none of Safe Modes can be selected
Some of the POLITIE Belgique Police Fédérale virus versions might block all of safe modes. In such a case you will need another (uninfected) computer. Download and save Spyhunter to Bootable antivirus CD/USB disk. Insert it to an infected computer. Antivirus should start working automatically and remove the blocking.