The Cheshire Police Authority Virus - How to remove

The Cheshire Police Authority Virus

The Cheshire Police Authority virus is a ransomware that tries to trick money from people. The sums are as big as £100 from every infection if the victim gets on the scammers’ hook. Here is how this virus works:

  • It pretends to be sent by the United Kingdom Police (Metropolitan Police) as a punishment for breaching the law therefore has institution’s name and logo included in the warning message;
  • The Cheshire Police Authority virus locks an infected computer’s screen making the system unresponsive to almost any commands;
  • An infected computer displays a warning message that includes Metropolitan Police logo, extracts from laws related to illegal using of copyrighted content, sending spam and similar;
  • For the supposed punishment to be removed, one must pay a fine as soon as possible.

Scammers make the alert look as legitimate as possible because the more people believe in it, the more money they get. The message not only displays computer’s IP address and its location but also opens a camera window filming the surroundings and the person sitting in front of the computer. The Cheshire Police Authority virus is programmed to turn a webcam on if one is installed. All of these tricks can surely make people scared yet one should know that police authorities do not use such punishment methods like blocking one’s computer remotely. Another clear sign that you are facing a scam is the method of collecting fines. Once again, none of official authorities use prepaid payment systems whereas the Cheshire Police Authority virus asks you to pay the fine using Ukash or Paysafecard code. No wonder that this method is used by the scammers. It is particularly difficult to trace PIN’s paid therefore even if you report about the crime; criminals are quite safe from being disclosed.

The text of the message might look like this though it might be changed a little time to time:

United Kingdom Police
Metropolitan Police – PCEU
Cheshire Police Authority
ATTENTION! Your PC is blocked due tout least one of the reasons specified below.
You have been violating. Copyright and Related Rights Law. (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Great Britain.
The amount of fine is £100. You can pay a fine Ukash or PaySafeCard.
When you pay the fine, your PC will get unlocked in Ito 72 hours after the money is put into the State’s account. Since your PC is unlocked, you will be given 7 days to correct all violations. In case all violations are not corrected after 7 working days, your PC will be blocked again, and a criminal case will be initiated against you automatically under one or more articles specified above.

As you may see, criminals promise to remove the blocking after they receive the money. Yet it is not true. By paying the fine you will not fix your computer. Below are the Cheshire Police Authority virus removal instructions suitable for the most common types of infection. For a full list of instructions for rarer versions of Trojan consult here.

Removal Instructions for the Cheshire Police Authority Virus


If your computer has more than one user‘s account and at least one of them is not blocked, login to it. After that scan your computer with anti-malware programs, e.g. spyhunter. It will help to get rid of the infection. System restore would be an option too. If this method does not work for you, follow the guide below.

Use Safe Mode or Safe Mode with Networking

  1. Restart your computer; press F8 while it is restarting.
  2. Choose safe mode or safe mode with networking. If the Cheshire Police Authority virus blocks selecting of these modes go to the next removal method.
  3. Launch MSConfig.
  4. Disable startup items rundll32 turning on any application from Application Data;. Note, that some other locations for the Cheshire Police Authority virus might also be used.
  5. Restart the system once again.
  6. Scan with to identify Ukash Virus files and delete it.

Here is a video guide of a ransomware very similar to the Cheshire Police Authority virus that illustrates the steps above:

Use Safe Mode with Command Prompt

  1. Reboot PC in safe mode with command prompt.
  2. Run Regedit.
  3. Search for WinLogon Entries. write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe.
  4. Search registry for files related to the Cheshire Police Authority virus and delete the registry keys referencing the files.
  5. Try to reboot and scan with Spyhunter.
  6. If this fails, try doing system restore from safe mode with command prompt (rstrui.exe).

If none of the methods worked for you, try the ones listed in the second part of this article about Ukash virus or leave a comment below.

Automatic Malware removal tools

Download Spyhunter for Malware detection

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

Manual removal

Removal guides in other languages

15 responses to “The Cheshire Police Authority Virus

  1. My computer has this virus and it is a packard bell it will not let you on the windows page at all all it does is go to a blank screen please help

  2. my husbands pc has this virus on his Dell, watched ur video and did step by step gide no luck!…really Annoyed!!

  3. my computer is infected with the cheshire, wont let me start up any of the safe modes, what can i do

  4. i got this virus and everytime i log on in safe mode it flashes up the start bar but then imediatly restarts – any tips??

  5. Picked up the Cheshire malware – Followed instructions, reset to previous backup point and problem sorted – thank you

  6. Hi
    Thanks for the info. I followed the command prompt and all looks to be back to normal. Please can you advise if this malware affects all users of a PC? Would I need to follow the same process for all users?

    Thank you

  7. I’ve got this in mine. I’ve tried doing rstrui.exe on safe mode but it has not removed it. Can you advise I have a HP with Vista (2007).

  8. Hi there! I have a “Chishire Police Authority” virus on my mobile (Sumsung Galaxy Note II”. The phone is already on Safe Mode. Where do I go next to remove the virus?

  9. Hello, try to follow our manual removal instructions. It can be found below this article.

Leave a Reply

Your email address will not be published. Required fields are marked *