Europol (European Law Enforcement Agency) virus is a ransomware that locks your computer down and tries to get your money by making you pay some fine with no reason. It is a Ukash type of virus that is distributed all over the Europe. The program infects computers with a help of Trojan infections that can come via compromised websites, harmful links and similar ways. Once inside, it completely disables functions of your PC and claims that you have done something illegal. Usually it accuses of downloading or distributing copyrighted or prohibited content and asks you to pay a fine of 100 euros. Here is how the original message by Europol virus looks like:
European law enforcement agency
All activities of this computer has been recorded. All your files are encrypted.
You PC (Windows 7(64-Bit)) is blocked due to at least one of the reasons specified below.
You have been subjected to violation of Copyright and Related Rights Law Video, Music, Software) and illegally using or distributing copyrighted contents, thus infringing Article 1, Section 8. Clause 8. also known as the Copyright of the Criminal Code of Great Britain.. Article 1, Section 8, Cause 8 of the Criminal Code provides for a fine 01 100 to five hundred minimal wages or a deprivation of liberty for two to eight years. You have been viewing or distributing prohibited Pornographic contents: (Child Porno, Zoophilla and etc), terrorist materials. Thus violating article 202 of the Criminal Code of Great Britain, Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years. Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law on Neglectful Use of Personal Computer. Article 210 of the Criminal Codes provides for a fine of up to £100,000 and or deprivation of liberty for four to nine years. Pursuant to the amendment to Criminal Code of Great Britain of May28, 2011, this law infringement (if it is not repeated -first time) may be considered as conditional in case you pay the fine.
To unlock your computer and to avoid other legal consequences, you are obliged to pay a release fee of £100. Payable through Ukash or Paysafecard. You can buy the code at any shop organ station. When you pay the fine, your PC will be unblocked in 3 to 48 hours after the money is put into the your account, Please note: Fines may only be paid within 48 hours. As soon as 48 hours elapse, the possibility to pay the fine expires, and the criminal case will be initiated against you automatically within the next 48 hours!
As you may know, Europol is an organization that assists the countries of European Union in fighting against international crime and terrorism. However, Europol virus has nothing in common with this authority. Cyber criminals took this name just to mislead loads of people and make them take this warning for granted. However, you should bear in mind that none of the official institutions would collect fines for any law infringements by locking your computer.
The message provided above is displayed on systems that are located in UK. However, Europol virus targets entire Europe and similar warnings can be received anywhere in European countries. Usually they are translated into a local language and may have different graphics. In some cases, the virus uses the name of EC3 Europol and shows a big EC3 logo. Despite small differences, all versions work almost identically and they have the same goals. They either mention that you have been using and/or distributing pornographic content or copyrighted files (music, video, etc.). Europol virus gives you two options to pay the fine – using Paysafecard or Ukash payment systems. Although both of these payment systems are legal, they are never used to collect fines. It is just a quick and easy way for cyber criminals to get money. Note that fines are asked to be paid within 48 hours, otherwise it threatens to initiate a criminal case. They don’t give you much time to think or look for information. It is just another trick that cyber criminals use in order to get the money as soon as possible.
It is highly recommended to remove Europol virus as soon as you detect it on your system. Use a legitimate security tool, such as Spyhunter, and run a full system scan on your machine with it. Here is a more detailed plan how to remove Europol virus:
Special Removal Instructions for Europol Virus
If you have access to other account on infected PCs, you should scan the whole PC with anti-malware programs, e.g. spyhunter. This is by far the simplest way to remove a parasite. System restore would be an option too. However, if you can’t do this, these are several other strategies. To determine which one you should use, the do following:
Choose between safe modes in the following order : Safe mode, Safe mode with networking and Safe mode with command prompt.
Depending on the outcome, use the following guides :
Ones that allow booting to Safe mode or Safe mode with networking (Malex / Reveton )
- Restart your computer. Press F8 while it is restarting.
- Choose safe mode or safe mode with networking.
- Launch MSConfig.
- Disable startup items rundll32 turning on any application from Application Data. Note, that these are typical locations for Europol Virus but some others might be used.
- Restart the system once again.
- Scan with https://www.2-viruses.com/downloads/spyhunter-i.exe to identify Europol Virus files and delete it.
Video for one of such ransomwares:
Versions that allow booting to safe mode with command prompt
Gimemo and Epubb trojans are behind this version of Europol Virus. This is more difficult version to remove.
- Reboot PC in safe mode with command prompt.
- Run Regedit.
- Search for WinLogon Entries. write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe.
- Search registry for Europol Virus files and delete the registry keys referencing the files.
- Try to reboot and scan with Spyhunter.
- If this fails, try doing system restore from safe mode with command prompt (rstrui.exe).
Europol Virus that disables all safe modes
Some versions of Europol Virus Disable all safe modes, but give a short gap that you can use to run anti-malware programs. Then do following:
- Reboot normally.
- Enter : http://2-viruses.com/downloads/spyhunter-i.exe . If malware is loaded, just press alt+tab once and keep entering the string blindly. Press Enter.
- Press Alt+tab and then R couple times. The Europol Virus process should be killed.
Here a video detailing this approach:
Hitman Pro USB disk
Lastly, you might resort to scanning PC with a bootable USB or DVD disk. These should be able to remove all versions of Europol Virus, but will not work if your hard drive is encrypted.
For that, we recommend using Hitman Pro Kickstarter USB.
- Download Hitman Pro on uninfected PC.
- Run Hitman and ask to create Kickstarter USB (option on initial screen).
- When USB ready, reboot infected PC with USB attached and press DEL.
- Choose USB as primary boot device.
- Boot normally.
- Run Hitman Pro and https://www.2-viruses.com/downloads/spyhunter-i.exe . One of these programs should detect and remove malware from your PC.
Automatic Malware removal tools