Home > Trojan > Royal Canadian Mounted Police Virus

How to remove Royal Canadian Mounted Police Virus?

February 11th, 2013
Goto comments

What is Royal Canadian Mounted Police Virus?

Royal Canadian Mounted Police virus is a ransomware that belongs to Urasy family. It works very similar to other this type of Trojans. Once a computer is infected, the virus blocks its screen completely with a message displayed. Usually the blocking does not happen at once after the infection. It might take more than 5 minutes for the lock screen to appear. Royal Canadian Mounted Police virus is programmed to do so in order not to track the source of the infection.

The message shown is supposed to be from Royal Canadian Mounted Police together with International Cyber Security Protection Alliance. It includes logos of both organizations. Moreover, you will see a logo of your own antivirus program at the header of the fake warning: “Supported and Protected by (logo of detected antivirus)”. This malware is programmed to detect antivirus that was installed to an infected computer. If none is active, the message will have a Windows logo shown. For the blocking to look even more legitimate and convincing extracts from laws related to Copyright and Related Rights Law are given:

ATTENTION! Your PC is blocked due to at least one of the reasons specified below.

You have been violating ‘Copyright and Related Rights Law o (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Canada.

Article 128 of the Criminal Code provides for a fine of 200 to 500 minimal wages or a deprivation of liberty for 2 to 8 years.

You have been viewing or distributing prohibited Pornographic content (Child Porno, Zoophilia and etc). Thus violating

Article 202 of the Criminal Code of Canada. Article 202 of the Criminal Code provides for a deprivation of liberty for four to 12 years.

Illegal access to computer data has been initiated from your PC, or you have been…

Article 208 of the Criminal Code provides for a fine of up to CAD $100,000 and/or a deprivation of liberty for 4 to 9 years.

The only aim of Royal Canadian Mounted Police virus tricks is to swindle peoples’ money away. The fine is as big as $100 CAD. One is supposed to pay it using Ukash or PaySafeCard. The blocking message gives you even the places where to purchase PINs. Such prepaid payment method is being used because it is particularly difficult to trace the money after it is paid. Please note, none of official institutions use this type of payment for collecting fines therefore if you see one you can suspect that it is a scam.

There is no doubt Royal Canadian Mounted Police virus should be removed as soon as noticed. Paying the fine will not unblock computer, only encourage cyber criminals to spread similar ransomware even more aggressively. Below are the instructions that will be effective when removing different versions of this Trojan:

METHOD 1:

  1. Choose safe mode with networking. To do this restart your computer and press F8 while it is restarting;
  2. Launch MSConfig
  3. Disable startup items rundll32 turning on any application from Application Data;
  4. Restart your computer again.
  5. Scan with http://www.2-viruses.com/downloads/spyhunter-i.exe to find Royal Canadian Mounted Police virus and remove it. Watch this video for a better understanding of instructions:

METHOD 2 (used when Safe Mode is blocked by a virus)

  1. Restart into safe mode with command prompt. Royal Canadian Mounted Police virus should not block the screen.
  2. Run regedit. Search for Winlogon.
  3. There will be a key labeled Shell under Winlogon. It should refer to Explorer.exe or be blank. If there is something else referring an executable in one of user’s folders, replace it with explorer.exe.
  4. Save changes, restart to safe mode with networking.
  5. Run msconfig and disable all unnecessary startup entries. You should be able to restart normally.
  6. Install and run http://www.2-viruses.com/downloads/spyhunter-i.exe. Scan the PC and delete Royal Canadian Mounted Police virus executables. You may wish to watch this video before applying the steps:

METHOD 3 (when none of Safe Modes is available)

Some of Royal Canadian Mounted Police virus versions might block all of safe modes. In such a case you will need another (uninfected) computer. Download and save Anti-Malware program to Bootable antivirus CD/USB disk. Insert it to an infected computer. Antivirus should start working automatically and remove the blocking. You may also wish to call +1-888-334-2444 (USA / CA ) for assistance.


Royal Canadian Mounted Police Virus is Dangerous

arrow Royal Canadian Mounted Police Virus is a Trojan parasite
arrow Royal Canadian Mounted Police Virus may display fake security & messages
arrow Royal Canadian Mounted Police Virus may display numerous annoying advertisements
arrow Royal Canadian Mounted Police Virus may be remotely controlled by a malicious person
arrow Royal Canadian Mounted Police Virus may spread additional spyware
arrow Royal Canadian Mounted Police Virus may repair its files, spread or update by itself
arrow Royal Canadian Mounted Police Virus may prove difficult or impossible to remove
arrow Royal Canadian Mounted Police Virus violates your privacy and compromises your security
Download Spyhunter
for Royal Canadian Mounted Police Virus detection
Note: Spyhunter trial provides detection of parasite like Royal Canadian Mounted Police Virus and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.



Royal Canadian Mounted Police Virus screenshots


Royal Canadian Mounted Police Virus screenshot

Manual Royal Canadian Mounted Police Virus removal


Important Note: Although it is possible to manually remove Royal Canadian Mounted Police Virus, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyhunter or other malware and spyware removal applications found on 2-viruses.com.
Stop these Royal Canadian Mounted Police Virus processes:
Remove these Royal Canadian Mounted Police Virus files:
It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Royal Canadian Mounted Police Virus infected files and get help in Royal Canadian Mounted Police Virus removal by using free Spyhunter scanner. It comes with free real-time protection module that helps preventing Royal Canadian Mounted Police Virus and similar threats.

Such Trojans as Royal Canadian Mounted Police Virus generally infect your system while you are installing a game, opening a picture or playing a video file.

Some Trojans such as Royal Canadian Mounted Police Virus masquerade themselves as useful freeware programs or plug-ins, but are actually bundled Trojans.

As soon as it infects your system, Trojan Royal Canadian Mounted Police Virus gives COMPLETE control over your system to a hacker using the Trojan, who may cause serious damage to your system. A Trojan may alter your desktop or add undesirable shortcuts to various commercial and marketing sites; Royal Canadian Mounted Police Virus is no exception. It may create a backdoor to your system, allowing the hacker to control your system and steal your personal information. Unlike viruses and worms, Trojans like Royal Canadian Mounted Police Virus do not reproduce by infecting other files nor do they self-replicate and each new victim must run the infected file.


How to tell if your PC has been infected by a Trojan such as Royal Canadian Mounted Police Virus?

Slower System Performance: Most Trojans are not optimized and coded very poorly, which causes your system to become unstable, slow and unreliable, as such Trojans are constantly running in the background.
Slow internet connection: Trojans are constantly using your internet connection to send your private information to remote servers, as well as receive data from third party servers, which causes much slower internet connection speed and overall connection instability.

Trojan , , , ,

  1. Jacques Bronsard
    February 12th, 2013 at 13:21 | #1
    Reply | Quote

    Pourquoi avez-vous bloqué mon ordinateur? Je n’ai rien fais d’illégal. Je suis allé sur un site porno offert au publique. Dans “recherche”. Il y a plus peut-être de 200 films sur ce site. Je ne sais pas tout ce que ces films comportent. Vous voulez me faire payer une amande pour avoir été voir des films pornos???? Si vous ne débloquez pas mon ordi je devrai allé voir mon député Marc Garneau et expliquer la situation. Ce n’est pas une menace, ce sera une constation. Je me pose sérieusement des questions sur votre organisation et sur et la pertinence de votre travail. Vous vous attaquer et faites des problèmes non aux bonnes personnes. Oui je regarde de la porno quelques fois, non je ne suis pas un pédophile et je désaprouve ce genre de comportement TOTALEMENT. Je termine en vous disant que je suis majeure.

  2. Jacques Bronsard
    February 13th, 2013 at 18:59 | #3
    Reply | Quote

    Vous ne répondez pas, vous préférez faire vos petits coups en hypocrite par en arrière payé par nos taxes et impôts et envoyer des virus dans les systèmes ordinateurs des gens. Il y a des documents qui m’ont pris 5 ans de travails dans mon ordinateur. Si je perds ces documents ou ces documents sont détruits je vais savoir où aller frapper. Quelle belle police…Bande d’hypocrite!

  1. No trackbacks yet.