Royal Canadian Mounted Police Virus - How to remove?

 

Royal Canadian Mounted Police virus is a ransomware that belongs to Urasy family. It works very similar to other this type of Trojans. Once a computer is infected, the virus blocks its screen completely with a message displayed. Usually the blocking does not happen at once after the infection. It might take more than 5 minutes for the lock screen to appear. Royal Canadian Mounted Police virus is programmed to do so in order not to track the source of the infection.

The message shown is supposed to be from Royal Canadian Mounted Police together with International Cyber Security Protection Alliance. It includes logos of both organizations. Moreover, you will see a logo of your own antivirus program at the header of the fake warning: “Supported and Protected by (logo of detected antivirus)”. This malware is programmed to detect antivirus that was installed to an infected computer. If none is active, the message will have a Windows logo shown. For the blocking to look even more legitimate and convincing extracts from laws related to Copyright and Related Rights Law are given:

ATTENTION! Your PC is blocked due to at least one of the reasons specified below.

You have been violating ‘Copyright and Related Rights Law o (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Canada.

Article 128 of the Criminal Code provides for a fine of 200 to 500 minimal wages or a deprivation of liberty for 2 to 8 years.

You have been viewing or distributing prohibited Pornographic content (Child Porno, Zoophilia and etc). Thus violating

Article 202 of the Criminal Code of Canada. Article 202 of the Criminal Code provides for a deprivation of liberty for four to 12 years.

Illegal access to computer data has been initiated from your PC, or you have been…

Article 208 of the Criminal Code provides for a fine of up to CAD $100,000 and/or a deprivation of liberty for 4 to 9 years.

The only aim of Royal Canadian Mounted Police virus tricks is to swindle peoples’ money away. The fine is as big as $100 CAD. One is supposed to pay it using Ukash or PaySafeCard. The blocking message gives you even the places where to purchase PINs. Such prepaid payment method is being used because it is particularly difficult to trace the money after it is paid. Please note, none of official institutions use this type of payment for collecting fines therefore if you see one you can suspect that it is a scam.

There is no doubt Royal Canadian Mounted Police virus should be removed as soon as noticed. Paying the fine will not unblock computer, only encourage cyber criminals to spread similar ransomware even more aggressively. Below are the instructions that will be effective when removing different versions of this Trojan:

METHOD 1:

  1. Choose safe mode with networking. To do this restart your computer and press F8 while it is restarting;
  2. Launch MSConfig
  3. Disable startup items rundll32 turning on any application from Application Data;
  4. Restart your computer again.
  5. Scan with http://www.2-viruses.com/downloads/spyhunter-i.exe to find Royal Canadian Mounted Police virus and remove it. Watch this video for a better understanding of instructions:

METHOD 2 (used when Safe Mode is blocked by a virus)

  1. Restart into safe mode with command prompt. Royal Canadian Mounted Police virus should not block the screen.
  2. Run regedit. Search for Winlogon.
  3. There will be a key labeled Shell under Winlogon. It should refer to Explorer.exe or be blank. If there is something else referring an executable in one of user’s folders, replace it with explorer.exe.
  4. Save changes, restart to safe mode with networking.
  5. Run msconfig and disable all unnecessary startup entries. You should be able to restart normally.
  6. Install and run http://www.2-viruses.com/downloads/spyhunter-i.exe. Scan the PC and delete Royal Canadian Mounted Police virus executables. You may wish to watch this video before applying the steps:

METHOD 3 (when none of Safe Modes is available)

Some of Royal Canadian Mounted Police virus versions might block all of safe modes. In such a case you will need another (uninfected) computer. Download and save Anti-Malware program to Bootable antivirus CD/USB disk. Insert it to an infected computer. Antivirus should start working automatically and remove the blocking. You may also wish to call +1-888-334-2444 (USA / CA ) for assistance.

 

Automatic Royal Canadian Mounted Police Virus removal tools

 
  Download Spyhunter for Royal Canadian Mounted Police Virus detectionNote: Spyhunter trial provides detection of parasite like Royal Canadian Mounted Police Virus and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.
 

Manual Royal Canadian Mounted Police Virus removal

 

Important Note: Although it is possible to manually remove Royal Canadian Mounted Police Virus, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyhunter or other tools found on 2-viruses.com.

Processes:
Files:

It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Royal Canadian Mounted Police Virus infected files and get help in Royal Canadian Mounted Police Virus removal by using Spyhunter scanner. 

 

Royal Canadian Mounted Police Virus screenshots

 
Royal Canadian Mounted Police virus
 
 
 
 
 
 
 
 
 

4 thoughts on “Royal Canadian Mounted Police Virus

  1. Jacques Bronsard
     

    Pourquoi avez-vous bloqué mon ordinateur? Je n’ai rien fais d’illégal. Je suis allé sur un site porno offert au publique. Dans “recherche”. Il y a plus peut-être de 200 films sur ce site. Je ne sais pas tout ce que ces films comportent. Vous voulez me faire payer une amande pour avoir été voir des films pornos???? Si vous ne débloquez pas mon ordi je devrai allé voir mon député Marc Garneau et expliquer la situation. Ce n’est pas une menace, ce sera une constation. Je me pose sérieusement des questions sur votre organisation et sur et la pertinence de votre travail. Vous vous attaquer et faites des problèmes non aux bonnes personnes. Oui je regarde de la porno quelques fois, non je ne suis pas un pédophile et je désaprouve ce genre de comportement TOTALEMENT. Je termine en vous disant que je suis majeure.

     
    1. Jacques Bronsard : we are not related to that ransomware, just warn about it

       
  2. Jacques Bronsard
     

    Vous ne répondez pas, vous préférez faire vos petits coups en hypocrite par en arrière payé par nos taxes et impôts et envoyer des virus dans les systèmes ordinateurs des gens. Il y a des documents qui m’ont pris 5 ans de travails dans mon ordinateur. Si je perds ces documents ou ces documents sont détruits je vais savoir où aller frapper. Quelle belle police…Bande d’hypocrite!

     
    1. Jacques Bronsard at the moment we can not provide support in french and I doubt that malware makers read this.

       

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>