Jandarma Genel Komutanlığı virus - How to remove

Jandarma Genel Komutanlığı virus is a ransomware program that attacks computers located in Turkey. It’s a program that pretends to work together with Turkish police. In fact, it has nothing related to it and it illegally uses the name of Directorate General of Turkish National Police just to gain users trust.

Jandarma Genel Komutanlığı virus infiltrates into computers using Trojan viruses. It doesn’t ask for users permission. Another way for the program to reach computers is through spam email attachments. Once inside, it completely blocks the system and doesn’t allow to use any of your programs. You will only see one message in the middle of the screen saying that your system has been locked because of law violations.

Jandarma Genel Komutanlığı virus blames you on using and distributing copyrighted content and claims that according to the law you have to pay a fine of 100 euros. Thinking that this message comes from police can really scare users that are not aware of such ransomware. However, Jandarma Genel Komutanlığı virus is a scam that users should not trust. Here’s a message of it:

Jandarma Genel Komutanlığı
DİKKAT! Sizin kişisel bilgisayar güvenlik hususunda aşağıdaki nedenlerle bloke edilmiş.
Siz yasak pornografik malzemelerin izlenmesi, saklanması veya içerik dağıtımında suçlanıyorsunuz (çocuk pornografisi, zoofili, tecavüz vb.) Siz çocuk pomografisi dağıtımına karşı mücadelenin
Genel Dünya Bildirgesini bozmuş olursunuz ve Türkiye Cumhuriyeti Ceza Kanununun 161 -ci maddesi ile suç işlemekte suçlanıyorsunuz.
Türkiye Cumhuriyeti Ceza Kanununun 161 -ci maddesi ile 5 yıldan 11 yıla kadar hapis cezası olarak sağlar.
Aynı zamanda ‘Telif Hakkı ve ilgili hakklar Yasası’ nı bozmakta şüpheli kısmında bulunuyorsunuz (korsan müzik, video, yasak program yazılımları indirme) ve Telif hakkları korunan içerik kullanımı
veya dağıtımı. Böylece Siz Türkiye Cumhuriyeti Ceza Kanununun 148-ci maddesini bozmakta şüpheli kısmında bulunuyorsunuz.
Türkiye Cumhuriyeti Ceza Kanununun 148~ci maddesi ile 150-den 550 temel değer boyutunda para cezası veya 3 yıldan 7 yıla kadar hapis cezası olarak sağlar.
Sizin kişisel bilgisayardan intemetde kamu girişi kapalı bilgiye ve ulusal onemli bilgiye yetkisiz giriş yapılmıştır.

Do not trust this warning if you have received it on your computer. Jandarma Genel Komutanlığı virus is not related to any law institution. The only purpose of it is to steal money from Turkish computer users. There are many more versions of this ransomware that attacks computers all over the world. Remove Jandarma Genel Komutanlığı virus as soon as you detect it on your computer.

If your computer has more than one user account and not all of them are locked, scan whole PC with anti-malware programs, e.g. spyhunter, by logging to the account that is not blocked. Another option is to use system restore. If none of these methods worked for you, do the following:

• Restart your computer;
• Press F8 while it is still restarting;
• Choose between safe modes in following order: Safe mode, Safe mode with command prompt

Then follow the guides below:

If your computer runs in Safe mode or Safe mode with networking

1. Launch MSConfig.
2. Disable startup items rundll32 turning on any application from Application Data;. Note, that these are typical locations for Jandarma Genel Komutanlığı virus but some others might be used.
3. Restart the system once again.
4. Scan with https://www.2-viruses.com/downloads/spyhunter-i.exe to identify Jandarma Genel Komutanlığı virus files and delete it.

Here is a video showing how to complete the steps:

If your computer runs in Safe mode with command prompt

1. Run Regedit.
2. Search for WinLogon Entries. Write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe
3. Search registry for Jandarma Genel Komutanlığı virus files and delete the registry keys referencing the files
4. Try to reboot and scan with Spyhunter.
5. If this fails, try doing system restore from safe mode with command prompt (rstrui.exe)

If none of safe modes could be launched

Some versions of Jandarma Genel Komutanlığı virus disable all safe modes, but give a short gap that you can use to run anti-malware programs:

1. Reboot normally.
2. Start->Run.
3. Enter: http://2-viruses.com/downloads/spyhunter-i.exe . If malware is loaded, just press alt+tab once and keep entering the string blindly. Press Enter.
4. Press Alt+tab and then R couple times. Jandarma Genel Komutanlığı virus process should be killed.

Here is a video detailing this approach:

Hitman Pro USB disk

If you did not succeed using any of the methods above, try scanning PC with a bootable USB or DVD disk. These should be able to remove all versions of Jandarma Genel Komutanlığı virus, but will not work if your hard drive is encrypted.

For that, we recommend using Hitman Pro Kickstarter USB.

1. Download Hitman Pro on uninfected PC. 
2. Run Hitman and ask to create Kickstarter USB (option on initial screen)
3. When USB ready, reboot infected PC with USB attached and press DEL
4. Choose USB as primary boot device.
5. Boot normally.
6. Run Hitman Pro and https://www.2-viruses.com/downloads/spyhunter-i.exe . One of these programs should detect and remove malware from your PC.

Automatic Malware removal tools

Manual removal