Royal Canadian Mounted Police Virus - How to remove?
What is Royal Canadian Mounted Police Virus?
Royal Canadian Mounted Police virus is a ransomware that belongs to Urasy family. It works very similar to other this type of Trojans. Once a computer is infected, the virus blocks its screen completely with a message displayed. Usually the blocking does not happen at once after the infection. It might take more than 5 minutes for the lock screen to appear. Royal Canadian Mounted Police virus is programmed to do so in order not to track the source of the infection.
The message shown is supposed to be from Royal Canadian Mounted Police together with International Cyber Security Protection Alliance. It includes logos of both organizations. Moreover, you will see a logo of your own antivirus program at the header of the fake warning: “Supported and Protected by (logo of detected antivirus)”. This malware is programmed to detect antivirus that was installed to an infected computer. If none is active, the message will have a Windows logo shown. For the blocking to look even more legitimate and convincing extracts from laws related to Copyright and Related Rights Law are given:
ATTENTION! Your PC is blocked due to at least one of the reasons specified below.
You have been violating ‘Copyright and Related Rights Law o (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Canada.
Article 128 of the Criminal Code provides for a fine of 200 to 500 minimal wages or a deprivation of liberty for 2 to 8 years.
You have been viewing or distributing prohibited Pornographic content (Child Porno, Zoophilia and etc). Thus violating
Article 202 of the Criminal Code of Canada. Article 202 of the Criminal Code provides for a deprivation of liberty for four to 12 years.
Illegal access to computer data has been initiated from your PC, or you have been…
Article 208 of the Criminal Code provides for a fine of up to CAD $100,000 and/or a deprivation of liberty for 4 to 9 years.
The only aim of Royal Canadian Mounted Police virus tricks is to swindle peoples’ money away. The fine is as big as $100 CAD. One is supposed to pay it using Ukash or PaySafeCard. The blocking message gives you even the places where to purchase PINs. Such prepaid payment method is being used because it is particularly difficult to trace the money after it is paid. Please note, none of official institutions use this type of payment for collecting fines therefore if you see one you can suspect that it is a scam.
There is no doubt Royal Canadian Mounted Police virus should be removed as soon as noticed. Paying the fine will not unblock computer, only encourage cyber criminals to spread similar ransomware even more aggressively. Below are the instructions that will be effective when removing different versions of this Trojan:
- Choose safe mode with networking. To do this restart your computer and press F8 while it is restarting;
- Launch MSConfig
- Disable startup items rundll32 turning on any application from Application Data;
- Restart your computer again.
- Scan with http://www.2-viruses.com/downloads/spyhunter-i.exe to find Royal Canadian Mounted Police virus and remove it. Watch this video for a better understanding of instructions:
METHOD 2 (used when Safe Mode is blocked by a virus)
- Restart into safe mode with command prompt. Royal Canadian Mounted Police virus should not block the screen.
- Run regedit. Search for Winlogon.
- There will be a key labeled Shell under Winlogon. It should refer to Explorer.exe or be blank. If there is something else referring an executable in one of user’s folders, replace it with explorer.exe.
- Save changes, restart to safe mode with networking.
- Run msconfig and disable all unnecessary startup entries. You should be able to restart normally.
- Install and run http://www.2-viruses.com/downloads/spyhunter-i.exe. Scan the PC and delete Royal Canadian Mounted Police virus executables. You may wish to watch this video before applying the steps:
METHOD 3 (when none of Safe Modes is available)
Some of Royal Canadian Mounted Police virus versions might block all of safe modes. In such a case you will need another (uninfected) computer. Download and save Anti-Malware program to Bootable antivirus CD/USB disk. Insert it to an infected computer. Antivirus should start working automatically and remove the blocking. You may also wish to call +1-888-334-2444 (USA / CA ) for assistance.
Automatic Royal Canadian Mounted Police Virus removal tools
Manual Royal Canadian Mounted Police Virus removal
Important Note: Although it is possible to manually remove Royal Canadian Mounted Police Virus, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyhunter or other tools found on 2-viruses.com.
It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Royal Canadian Mounted Police Virus infected files and get help in Royal Canadian Mounted Police Virus removal by using Spyhunter scanner.