Confédération Suisse Virus - How to remove

Confédération Suisse Virus is another ransomware that targets computers located in Switzerland. Its design has local police – Bundesamt für Polizei – emblem and logo. This is not the first time when country’s official institution name was misused for illegal purposes. All of them share the same features:

• after a computer is infected, its screen is blocked completely therefore the system does not respond to almost any commands;
• a warning message displayed has official authorities name and logo and is made to look legitimate as well as official;
• the text includes information about crimes committed, such as distribution and using of pornographic content, Spam and/or copyrighted content;
• to avoid severe punishment and remove computer blocking one is asked to pay a fine using prepaid payment system, e.g. Ukash or PaySafeCard.

Confédération Suisse Virus demands for a fine of 100 EUR to be paid:

Im falle eines selbstständigen versuchs zur entsperrung werden alle ihres datem formatiert, mit ausnahme von den beweisdaten.
Um ihren computer zu entsperren und andere rechtlichen folgen zu vermeiden, sind sie verpflichtet eine strafe in Höhe von 100 euros zu begleichen.

Usually ransomware like Confédération Suisse Virus are distributed via corrupted websites or malicious advertisements. Please note, that the site you used to visit every day might get infected and become a source of infection. There is no need to tell that paying the ransom will not fix your computer. Depending on the version of the infection there is more than one virus removal variant:

When you can switch to Safe Mode or Safe Mode with Networking

1. For Safe Mode or Safe Mode with Networking to be selected restart your computer and press F8 while restarting;
2. Launch MSConfig;
3. Disable startup items rundll32 turning on any application from Application Data;
4. Restart the PC once again.
5. Perform a full system scan with https://www.2-viruses.com/downloads/spyhunter-i.exe. It will delete Confédération Suisse Virus.

When you can select only Safe Mode with Command Prompt

1. Restart your computer and select Safe Mode with Command Prompt while restarting.
2. Run Regedit
3. Search for WinLogon Entries. All files that are not explorer.exe or blank replace with explorer.exe
4. Search registry for Confédération Suisse Virus files and delete the registry keys referencing the files
5. Try to restart normally and scan with Spyhunter.
6. If this fails, try applying system restore from Safe Mode with Command Prompt (rstrui.exe)

When none of Safe Modes can be selected

1. If you see a short gap before a locking screen shows up, use it to run antimalware program.
2. Reboot normally.
3. Start->Run.
4. Enter : http://2-viruses.com/downloads/spyhunter-i.exe . If malware is loaded, just press alt+tab once and keep entering the string blindly. Press Enter.
5. Press Alt+tab and then R couple times. The Confédération Suisse Virus process should be killed.

Wwhen all of Safe Modes are blocked and there is no gap before a locking screen is displayed

Some of Confédération Suisse Virus versions might block all of safe modes. You will need uninfected computer. Download and save Spyhunter to a Bootable antivirus CD/USB disk. Insert it to an infected computer. Antivirus should start working automatically and remove the blocking. The trick will not work if your hard drive is encrypted.

Automatic Malware removal tools

Manual removal