Reveton Trojan - How to remove

Reveton Trojan

Reveton Trojan is responsible for large amount of fake applications claiming to be from local police or other legal institutions and locking you out from windows. Typically, it is distributed through Citadel botnet, though other ways of infection are possible.
As soon as it gets inside the computer, Reveton blocks it completely and displays a message that tells you have been doing some illegal activities such as watching and distributing some adult content videos. The message looks like a legitimate one and uses a name of police or FBI. The most popular ones are, West Yorkshire Police Virus, FBI ransomaware, Canadian Security Intelligence Service and others.
Reveton alerts would look like this:

Location: United States
IPS: GTS Central Europe

Your PC is blocked due to at least one of the specified reasons below.
You have been violating Copyright and Related Right Live (Videos, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 1, Section B, Clause B, also known as the Criminal Code of United States of America…
To unlock the computer, you must pay the fine through MoneyPak of 100$ […]
When you pay the fine, your PC will get unlocked in 1 to 48 hours after the money is put into the State’s account.
In case an error occurs, you’ll have to send the code by email…

You should never pay this “fine” as it is just an aggressive way computer hackers are trying to get your money. Your PC will not be unlocked normally, so it is better to look for other ways to get rid of this ransomware.
Note. Typically, Reveton Trojan can be distinguished by following trait: If you reboot and press F8, choose safe mode Your PC is likely to work. If you see white screen in safe mode, then it might be other parasite, similar to  Reveton, that is one of other Police Ransomwares trojans. Many of these share both design and texts and look about the same.

To remove typical Reveton Trojan, follow these steps:

  1. Reboot into safe mode.
  2. Run MSConfig.
  3. Disable all startup entries, especially ones referencing RunDLL
  4. Reboot normally.
  5. Scan PC with Spyhunter to identify Reveton files and delete them.

An alternate way is following:

  1. press window +R (letter)
  2. Enter

Run the executable, it should kill Reveton  trojan and then you will be able to delete its files.

If safe mode shows blank screen it might be different parasite, so do following:

  1. Start PC In safe mode with command prompt.
  2. Run regedit
  3. Search for “Winlogon” . It should have an variable named Shell (if not, search for next one). This variable might be one of several values :
    1. Blank -> leave as it is
    2. explorer.exe and nothing else -> leave as it is
    3. explorer.exe and something after the coma ->change to explorer.exe
    4. References a file in folder, having %TEMP%, %AppData% or user folder in path ->change to explorer.exe
  4. Reboot to safe mode. Continue with the first guide for complete Reveton removal.

In the worst case, use alternate OS scanners to remove this and other Trojans.

Automatic Malware removal tools

Download Spyhunter for Malware detection

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

Manual removal

Removal guides in other languages

Leave a Reply

Your email address will not be published. Required fields are marked *