Malware Removal Instructions

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Friday, 18 November 2011

POLITIE Ransomware, Onwettige activiteiten gedetecteerd!!!

Posted on 10:34 by Unknown
POLITIE, Onwettige activiteiten gedetecteerd!!! is a typical ransomware attack when a piece of malicious code hijacks your desktop and displays fake warning from the Police of Netherlands. The attacker keeps your Desktop locked unless you agree to pay a ransom, in this case it's 100 Euro ($135). This is a great example of a pure psychological terror.The fake warning states that your computer was locked down because you were watching or distributing illegal or forbidden adult content. Here's the complete text of the fake POLITIE warning:
POLITIE
Let op!!!
Onwettige activiteiten gedetecteerd!!!
Uw operationele systeem is geblokkeerd wegens inbreuk op de de Nederlandse wetgeving! Volgende inbreuken zijn gedetecteerd: Uw IP adres is geregistreerd op de websites met clandestien en/of pornografische content, die pedofilie, zoöfilie en geweld tegen kinderen aanmoedigen! Op uw PC zijn er videobestanden met pornografische inhoud en elementen van geweld en kinderporno ontdekt!
Tevens worden illegale SPAM berichten van terroristische aard van uw PC automatisch overal heen verspreid.
Deze blokkering heeft in het oog de verspreiding van deze gegeven van uw PC op het internet tegen te gaan.


As, you can see, you need to pay cash at any retailers linked to Paysafecard and thus receive a secure PIN printed on a card. Once you have the PIN, you need to email it to info@politie-nederland.net and receive unlock code. Basically, paying customer is given a key eliminates the annoying warning. The problem is that unlocked can't be debugged because it's not hard-coded in the malicious code. Usually, such extortion scheme works very well. Of course, you shouldn't pay a dime and remove the POLITIE Onwettige activiteiten gedetecteerd from your computer as soon as possible. You just need to reboot your computer in Safe Mode and delete certain Windows registry value. To remove this ransomware from your computer, please follow the removal instructions below. And don't worry, police won't knock-knock at your front door. Good luck and be safe online!

Related ransomware:
  • BUNDESPOLIZEI
  • METROPOLITAN POLICE
  • La policía ESPAÑOLA


POLITIE, Onwettige activiteiten gedetecteerd!!! ransomware removal instructions:

1. Reboot your computer is "Safe Mode". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. When Windows loads, open up Windows Registry Editor.
To do so, please go to Start, type "registry" in the search box, right click the Registry Editor and choose Run as Administrator. If you are using Windows XP/2000, go to Start → Run... Type "regedit" and hit enter.

3. In the Registry Editor, click the [+] button to expand the selection. Expand:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run



Look on the list to the right for an item named "vasja". Write down the file location. Then right click "vasja" and select Delete. Please note, that cyber crooks may change file names and registry values, so in your case it might be named different. But it will be located in exactly the same place.

4. Restart your computer into "Normal Mode". Delete the malicious file noted in the previous step.

5. Download anti-malware software and scan your computer for malicious software. There might be leftovers of this infection on your PC.


POLITIE Ransomware removal video:

Maxstar, who runs the pcwebplus.nl website, has created a video showing how to remove POLITIE, Onwettige activiteiten gedetecteerd!!! ransomware.



Write-up: http://www.pcwebplus.nl/phpbb/viewtopic.php?f=222&t=5525


Associated POLITIE, Onwettige activiteiten gedetecteerd!!! malware files and registry values:

Files:
  • [SET OF RANDOM CHARACTERS].exe
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run = "vasja"
Share this information with other people:
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Ransomware | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • What is wrtc.exe and how to remove it?
    wrtc.exe - by Perion Network Ltd. What is wrtc.exe? wrtc.exe is a part of IncrediMail software, digitally signed by Perion Network Ltd. This...
  • Remove ShopperReports (Uninstall Guide)
    ShopperReports is defined as adware or a potentially unwanted program that displays marketing related results in a side pane of the browser...
  • Trojan.MBRlock, Внимание! Ваш компьютер заблокирован
    Trojan.MBRlock is a very disturbing piece of malicious code which infects the master boot record (MBR) and prevents Windows from starting. ...
  • False Positive: Ikarus and Comodo detecting TDSSKiller as a Trojan horse
    This awkward moment when you realize that your favorite rootkit removal utility is detected as malware. I probably wouldn't even have no...
  • Remove RiskTool.Win32.BitCoinMiner (Uninstall Guide)
    RiskTool.Win32.BitCoinMiner is a risk tool or potentially unwanted application that may use your computer's resources to generate bitco...
  • Remove Rattlingsearchsystem.com (Uninstall Guide)
    Rattlingsearchsystem.com is a ZeroAccess/Sirefef rootkit-related browser hijacker that redirects users to shady websites while searching on...
  • Remove TR/ATRAPS.Gen2, removal instructions
    Cyber crooks and third parties that buy stolen data are increasingly using more and more sophisticated techniques, in a variety of different...
  • Remove Ask Search and Ask Toolbar (Uninstall Guide)
    Ask Search and Ask Toolbar are very often incorrectly classified as virus/spyware that may cause search redirects. The majority of us pref...
  • How to remove 'TidyNetwork' adware virus from your computer
    As internet users most of us have seen those irritating little pop-up windows that are advertising something that we normally have little or...
  • Remove Windows Attention Utility (Uninstall Guide)
    Windows Attention Utility is a rogue security application that generates misleading warnings about nonexistent viruses and attempts to lure...

Categories

  • Adware
  • Answers
  • Antivirus software
  • Browser Hijackers
  • Cloud Computing
  • Fake Alerts
  • Giveaways
  • Hoax
  • How-To
  • IaaS
  • Internet
  • Malicious websites
  • Malware
  • PaaS
  • Parental Controls
  • Passwords
  • Phishing
  • Process Information
  • Ransomware
  • Rogue programs
  • Rootkits
  • SaaS
  • Security Advisories
  • Spam
  • Spyware
  • Trojans
  • Viruses
  • Web Browsers
  • Worms

Blog Archive

  • ►  2013 (173)
    • ►  December (6)
    • ►  November (13)
    • ►  October (11)
    • ►  September (20)
    • ►  August (4)
    • ►  July (17)
    • ►  June (31)
    • ►  May (25)
    • ►  April (15)
    • ►  March (17)
    • ►  February (7)
    • ►  January (7)
  • ►  2012 (86)
    • ►  November (2)
    • ►  October (4)
    • ►  September (6)
    • ►  August (6)
    • ►  July (11)
    • ►  June (1)
    • ►  May (5)
    • ►  April (7)
    • ►  March (7)
    • ►  February (17)
    • ►  January (20)
  • ▼  2011 (239)
    • ►  December (8)
    • ▼  November (18)
      • Wmupdate.exe Process Information
      • Achtung!!! Ein Vorgang illegaler Aktivitaten wurde...
      • Las operaciones sobre las actividades ilegales se ...
      • How to Remove Cloud AV 2012 (Uninstall Guide)
      • Remove Expandsearchanswers.com (Uninstall Guide)
      • Remove "Files indexation process failed" Warning (...
      • POLITIE Ransomware, Onwettige activiteiten gedetec...
      • How to Remove AV Protection 2011 (Uninstall Guide)
      • Remove "System Fix" (Uninstall Guide)
      • Webplayersearch.com, search.webplayer.tv and Adware
      • How to Remove AV Security 2012 (Uninstall Guide)
      • Remove Crackajacksearchsystem.com (Uninstall Guide)
      • Remove "Privacy Protection" (Uninstall Guide)
      • How to Remove System Security 2012 (Uninstall Guide)
      • Remove Get-answers-fast.com (Uninstall Guide)
      • Remove Remarkablesearchsystem.com (Uninstall Guide)
      • Remove Eximioussearchsystem.com (Uninstall Guide)
      • Remove Adjectivesearchsystem.com (Uninstall Guide)
    • ►  October (21)
    • ►  September (24)
    • ►  August (28)
    • ►  July (32)
    • ►  June (16)
    • ►  May (23)
    • ►  April (15)
    • ►  March (16)
    • ►  February (9)
    • ►  January (29)
  • ►  2010 (2)
    • ►  December (2)
Powered by Blogger.

About Me

Unknown
View my complete profile