Remove La policía ESPAÑOLA Ransomware (Uninstall Guide)

"La policía ESPAÑOLA" is a Trojan.Ransom (ransomware) that locks down the Desktop using the fake notification (see the image below) which claims that you were watching illegal pornographic videos and sending out spam. Cyber criminals behind this ransomware use a very aggressive marketing campaign and basically wants to scare you into paying for a “license” to restore access. They claim that your IP address and other identifiable information will be sent to Spanish Police authorities and then your computer will be wiped clean if you won't pay the ransom (100€) during the next 24 hours. However, it is not capable of doing this. Don't worry about that, this is not the actual "La policía ESPAÑOLA" but a Trojan that tries to extort money from you. We assume that this is the same gang that had been distributing the METROPOLITAN POLICE ransomware and BUNDESPOLIZEI ransomlock. Anyway, you can manually remove the La policía ESPAÑOLA from your computer. Obviously, you won't be able to use your anti-virus software or access your files because this Trojan horse renders your computer unusable by locking up the Desktop. You need to restart your computer in Safe Mode with Command Prompt, restore the Shell value and delete the malicious file. That's it! To remove "La policía ESPAÑOLA" ransomware and associated malware from your computer, please follow the removal instructions below. If you have any questions, please leave a comment below. Compute wisely!

Atención!!! Ha sido detectada actividas ilegal! Su sistema operativo ha sido bloqueado debido a una infracción de la legislación alemana!

---

La policía ESPAÑOLA ransomware removal instructions:

1. Reboot your computer is "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm



2. When Windows loads, the Windows command prompt will show up as show in the image below. At the command prompt, type explorer, and press Enter. Windows Explorer opens. Do not close it.



3. Then open the Registry editor using the same Windows command prompt. Type regedit and press Enter. The Registry Editor opens.



4. Locate the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

In the righthand pane select the registry key named Shell. Right click on this registry key and choose Modify.



Default value is Explorer.exe.



Modified value data points to Trojan Ransomware executable file.



Please copy the location of the executable file it points to into Notepad or otherwise note it and then change value data to Explorer.exe. Click OK to save your changes and exit the Registry editor.

5. Remove the malicous file. Use the file location you saved into Notepad or otherwise noted in step in previous step. In our case, "La policía ESPAÑOLA" was run from the Desktop. There was a file called calc.exe.

Full path: C:\Documents and Settings\Michael\Desktop\calc.exe



Go back into "Normal Mode". To restart your computer, at the command prompt, type shutdown /r /t 0 and press Enter.



6. Download anti-malware software and scan your computer for malicious software.

---

Associated La policía ESPAÑOLA malware files and registry values:

Files:

• [SET OF RANDOM CHARACTERS].exe

Registry values:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[SET OF RANDOM CHARACTERS].exe"

Share this information with other people: