Malware Removal Instructions

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Sunday, 4 September 2011

Remove La policía ESPAÑOLA Ransomware (Uninstall Guide)

Posted on 11:51 by Unknown
"La policía ESPAÑOLA" is a Trojan.Ransom (ransomware) that locks down the Desktop using the fake notification (see the image below) which claims that you were watching illegal pornographic videos and sending out spam. Cyber criminals behind this ransomware use a very aggressive marketing campaign and basically wants to scare you into paying for a “license” to restore access. They claim that your IP address and other identifiable information will be sent to Spanish Police authorities and then your computer will be wiped clean if you won't pay the ransom (100€) during the next 24 hours. However, it is not capable of doing this. Don't worry about that, this is not the actual "La policía ESPAÑOLA" but a Trojan that tries to extort money from you. We assume that this is the same gang that had been distributing the METROPOLITAN POLICE ransomware and BUNDESPOLIZEI ransomlock. Anyway, you can manually remove the La policía ESPAÑOLA from your computer. Obviously, you won't be able to use your anti-virus software or access your files because this Trojan horse renders your computer unusable by locking up the Desktop. You need to restart your computer in Safe Mode with Command Prompt, restore the Shell value and delete the malicious file. That's it! To remove "La policía ESPAÑOLA" ransomware and associated malware from your computer, please follow the removal instructions below. If you have any questions, please leave a comment below. Compute wisely!
Atención!!! Ha sido detectada actividas ilegal! Su sistema operativo ha sido bloqueado debido a una infracción de la legislación alemana!



La policía ESPAÑOLA ransomware removal instructions:

1. Reboot your computer is "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm



2. When Windows loads, the Windows command prompt will show up as show in the image below. At the command prompt, type explorer, and press Enter. Windows Explorer opens. Do not close it.



3. Then open the Registry editor using the same Windows command prompt. Type regedit and press Enter. The Registry Editor opens.



4. Locate the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

In the righthand pane select the registry key named Shell. Right click on this registry key and choose Modify.



Default value is Explorer.exe.



Modified value data points to Trojan Ransomware executable file.



Please copy the location of the executable file it points to into Notepad or otherwise note it and then change value data to Explorer.exe. Click OK to save your changes and exit the Registry editor.

5. Remove the malicous file. Use the file location you saved into Notepad or otherwise noted in step in previous step. In our case, "La policía ESPAÑOLA" was run from the Desktop. There was a file called calc.exe.

Full path: C:\Documents and Settings\Michael\Desktop\calc.exe



Go back into "Normal Mode". To restart your computer, at the command prompt, type shutdown /r /t 0 and press Enter.



6. Download anti-malware software and scan your computer for malicious software.


Associated La policía ESPAÑOLA malware files and registry values:

Files:
  • [SET OF RANDOM CHARACTERS].exe
Registry values:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[SET OF RANDOM CHARACTERS].exe"
Share this information with other people:
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Ransomware | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Remove ShopperReports (Uninstall Guide)
    ShopperReports is defined as adware or a potentially unwanted program that displays marketing related results in a side pane of the browser...
  • Trojan.MBRlock, Внимание! Ваш компьютер заблокирован
    Trojan.MBRlock is a very disturbing piece of malicious code which infects the master boot record (MBR) and prevents Windows from starting. ...
  • Remove RiskTool.Win32.BitCoinMiner (Uninstall Guide)
    RiskTool.Win32.BitCoinMiner is a risk tool or potentially unwanted application that may use your computer's resources to generate bitco...
  • What is wrtc.exe and how to remove it?
    wrtc.exe - by Perion Network Ltd. What is wrtc.exe? wrtc.exe is a part of IncrediMail software, digitally signed by Perion Network Ltd. This...
  • Remove Rattlingsearchsystem.com (Uninstall Guide)
    Rattlingsearchsystem.com is a ZeroAccess/Sirefef rootkit-related browser hijacker that redirects users to shady websites while searching on...
  • False Positive: Ikarus and Comodo detecting TDSSKiller as a Trojan horse
    This awkward moment when you realize that your favorite rootkit removal utility is detected as malware. I probably wouldn't even have no...
  • Remove TR/ATRAPS.Gen2, removal instructions
    Cyber crooks and third parties that buy stolen data are increasingly using more and more sophisticated techniques, in a variety of different...
  • Remove Ask Search and Ask Toolbar (Uninstall Guide)
    Ask Search and Ask Toolbar are very often incorrectly classified as virus/spyware that may cause search redirects. The majority of us pref...
  • Remove Windows Attention Utility (Uninstall Guide)
    Windows Attention Utility is a rogue security application that generates misleading warnings about nonexistent viruses and attempts to lure...
  • Remove "System Check" (Uninstall Guide)
    System Check is malicious software posing as Windows system utility. Although, it may look like a real thing, it isn't! You are actuall...

Categories

  • Adware
  • Answers
  • Antivirus software
  • Browser Hijackers
  • Cloud Computing
  • Fake Alerts
  • Giveaways
  • Hoax
  • How-To
  • IaaS
  • Internet
  • Malicious websites
  • Malware
  • PaaS
  • Parental Controls
  • Passwords
  • Phishing
  • Process Information
  • Ransomware
  • Rogue programs
  • Rootkits
  • SaaS
  • Security Advisories
  • Spam
  • Spyware
  • Trojans
  • Viruses
  • Web Browsers
  • Worms

Blog Archive

  • ►  2013 (173)
    • ►  December (6)
    • ►  November (13)
    • ►  October (11)
    • ►  September (20)
    • ►  August (4)
    • ►  July (17)
    • ►  June (31)
    • ►  May (25)
    • ►  April (15)
    • ►  March (17)
    • ►  February (7)
    • ►  January (7)
  • ►  2012 (86)
    • ►  November (2)
    • ►  October (4)
    • ►  September (6)
    • ►  August (6)
    • ►  July (11)
    • ►  June (1)
    • ►  May (5)
    • ►  April (7)
    • ►  March (7)
    • ►  February (17)
    • ►  January (20)
  • ▼  2011 (239)
    • ►  December (8)
    • ►  November (18)
    • ►  October (21)
    • ▼  September (24)
      • How to Remove Security Sphere 2012 (Uninstall Guide)
      • Remove Advanced PC Shield 2012 (Uninstall Guide)
      • Notification of Limited Account Access - PayPal Ph...
      • Remove Ask Search and Ask Toolbar (Uninstall Guide)
      • Cyberbullying
      • Facebook Price Grid Hoax
      • ZeroAccess/Sirefef/MAX++ Rootkit Removal Tool
      • Remove Startsear.ch and search.searchcompletion.co...
      • Remove Babylon Toolbar and "Search the web (Babylo...
      • Seeearch.com Browser Hijacker (Uninstall Guide)
      • Remove Classysearchserver.com (Uninstall Guide)
      • Remove Coolsearchserver.com (Uninstall Guide)
      • Remove Excellentsearchserver.com (Uninstall Guide)
      • Windows заблокирован! Ransomware (Uninstall Guide)
      • Remove Bigseekpro.com and Somoto.com Toolbar (Unin...
      • Apple - Important information about your Apple ID
      • Remove Webplains.net (Uninstall Guide)
      • Remove *dayoftheweek.com (Uninstall Guide)
      • Remove Chit Chat (Uninstall Guide)
      • Remove La policía ESPAÑOLA Ransomware (Uninstall G...
      • How to Remove "System Recovery" (Uninstall Guide)
      • How to Remove OpenCloud Security (Uninstall Guide)
      • How to Remove Master Utilities (Uninstall Guide)
      • Remove Bandoo (Uninstall Guide)
    • ►  August (28)
    • ►  July (32)
    • ►  June (16)
    • ►  May (23)
    • ►  April (15)
    • ►  March (16)
    • ►  February (9)
    • ►  January (29)
  • ►  2010 (2)
    • ►  December (2)
Powered by Blogger.

About Me

Unknown
View my complete profile