The Cheshire Police Authority virus is a ransomware that tries to trick money from people. The sums are as big as £100 from every infection if the victim gets on the scammers’ hook. Here is how this virus works:
- It pretends to be sent by the United Kingdom Police (Metropolitan Police) as a punishment for breaching the law therefore has institution’s name and logo included in the warning message;
- The Cheshire Police Authority virus locks an infected computer’s screen making the system unresponsive to almost any commands;
- An infected computer displays a warning message that includes Metropolitan Police logo, extracts from laws related to illegal using of copyrighted content, sending spam and similar;
- For the supposed punishment to be removed, one must pay a fine as soon as possible.
Scammers make the alert look as legitimate as possible because the more people believe in it, the more money they get. The message not only displays computer’s IP address and its location but also opens a camera window filming the surroundings and the person sitting in front of the computer. The Cheshire Police Authority virus is programmed to turn a webcam on if one is installed. All of these tricks can surely make people scared yet one should know that police authorities do not use such punishment methods like blocking one’s computer remotely. Another clear sign that you are facing a scam is the method of collecting fines. Once again, none of official authorities use prepaid payment systems whereas the Cheshire Police Authority virus asks you to pay the fine using Ukash or Paysafecard code. No wonder that this method is used by the scammers. It is particularly difficult to trace PIN’s paid therefore even if you report about the crime; criminals are quite safe from being disclosed.
The text of the message might look like this though it might be changed a little time to time:
United Kingdom Police
Metropolitan Police – PCEU
Cheshire Police Authority
ATTENTION! Your PC is blocked due tout least one of the reasons specified below.
You have been violating. Copyright and Related Rights Law. (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Great Britain.
The amount of fine is £100. You can pay a fine Ukash or PaySafeCard.
When you pay the fine, your PC will get unlocked in Ito 72 hours after the money is put into the State’s account. Since your PC is unlocked, you will be given 7 days to correct all violations. In case all violations are not corrected after 7 working days, your PC will be blocked again, and a criminal case will be initiated against you automatically under one or more articles specified above.
As you may see, criminals promise to remove the blocking after they receive the money. Yet it is not true. By paying the fine you will not fix your computer. Below are the Cheshire Police Authority virus removal instructions suitable for the most common types of infection. For a full list of instructions for rarer versions of Trojan consult here.
Removal Instructions for the Cheshire Police Authority Virus
If your computer has more than one user‘s account and at least one of them is not blocked, login to it. After that scan your computer with anti-malware programs, e.g. spyhunter. It will help to get rid of the infection. System restore would be an option too. If this method does not work for you, follow the guide below.
Use Safe Mode or Safe Mode with Networking
- Restart your computer; press F8 while it is restarting.
- Choose safe mode or safe mode with networking. If the Cheshire Police Authority virus blocks selecting of these modes go to the next removal method.
- Launch MSConfig.
- Disable startup items rundll32 turning on any application from Application Data;. Note, that some other locations for the Cheshire Police Authority virus might also be used.
- Restart the system once again.
- Scan with https://www.2-viruses.com/downloads/spyhunter-i.exe to identify Ukash Virus files and delete it.
Here is a video guide of a ransomware very similar to the Cheshire Police Authority virus that illustrates the steps above:
Use Safe Mode with Command Prompt
- Reboot PC in safe mode with command prompt.
- Run Regedit.
- Search for WinLogon Entries. write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe.
- Search registry for files related to the Cheshire Police Authority virus and delete the registry keys referencing the files.
- Try to reboot and scan with Spyhunter.
- If this fails, try doing system restore from safe mode with command prompt (rstrui.exe).
If none of the methods worked for you, try the ones listed in the second part of this article about Ukash virus or leave a comment below.
Automatic Malware removal tools