BUNDESPOLIZEI. Es ist die ungesetzliche Tätigkeit enthüllt Virus

Bundespolizei ransomware

Bundespolizei scam

BUNDESPOLIZEI Es ist die ungesetzliche Tätigkeit enthüllt! The statement above is a German ransomware virus targeting primarily German-speaking countries. The information contained in this warning is indeed scary for all users. Why is it so? You see, while user is surfing the Internet suddenly this message appears and accuses him / her of doing many illegal things forbidden by the current German legislation and common sense laws. Such users have never ever done anything similar to what they are being accused of. The program hijacks the entire PC desktop and does not let user do anything with it until he / she is persuaded by the virus to make the payment (fine or penalty for what user hasn’t done). The ransomware instructs the victim to make the payment by means of Ukash or Paysafecard payment systems and to send the special code with financial information to e-mails info@stopkriminal.net or einzahlung@landes-kriminalt.net. The amount of fine (penalty) instructed by the malware to be effected by user amounts to 100 Euro. However, even the very fact of indicating this special unlock code does not guarantee that the desktop blockage and this scary warning would be removed. Below please find the quotation from the fake accusation of this ransomware virus:

Achtung!!!
Ein Vorgang illegaler Aktivitäten wurde erkannt.
Das Betriebssystem wurde im Zusammenhang mit Versto?en gegen die Gesetze der Bundesrepublik Deutschland gesperrt! Es wurde folgender Verto? festegestellt: Ihre IP Adresse lautet “87.244.147.69″ mit dieser IP wurden Seiten mit pornografischen Inhalten .Kinderpornographie, Sodomie und Gewalt gegen Kinder aufgerufen Auf Ihrem Computer wurden ebenfalls Videodateien mit pornografischen Inhalten. Elementen von Gewalt und Kinderpornografie festgestellt! Es wurden auch Emails in Form von Spam,mit terroristischen Hintergründen, verschickt. Diese Sperre des Computers dient dazu, Ihre illegalen
Aktivitäten zu unterbinden.
Um die Sperre des Computers aufzuheben, sind Sie dazu verflichtet eine Strafe von 100 Euro zu zahlen.Sie haben zwei Möglichkeiten die Zahlung von 100 Euro zu leisten.
1) Die Zahlung per Ukash begleichen:
Dazu geben Sie bitte den erworbenen Code in das Zahlungsfeld ein und drücken Sie anschliessend auf OK (haben Sie mehrere Codes,so geben Sie Diese einfach nacheinander ein und drücken Sie
anschliessend auf OK)
Sollte das System Fehler melden,so müssen Sie den Code per Email (info@stopkriminal.net)
versenden.
2) Die Zahlung per Paysafecard begleichen:
Dazu geben Sie bitte den erworbenen Code (gegebenfalls inkl. Passwort) in das Zahlungsfeld ein und drücken Sie anschliessend auf OK (haben Sie mehrere Codes,so geben Sie Diese einfach nacheinander ein und drücken Sie anschliessend auf OK) Sollte das System Fehler melden,so müssen Sie den Code per Email(einzahlung@landes-kriminalt.net) versenden.

As we have already mentioned above, the virus instructs you to make the payment for the ransom by means of two payment options:

  1. Payment through Ukash by entering the 19 digits code in the payment form and pressing OK.
  2. Payment through Paysafecard by entering 16 digits resulting code in the payment form and pressing OK.

Do not panic if your computer has become the object of cyber fraudulent attacks. Do not let these hackers make you their victim. Please do not hurry up to effect the payment, fine or penalty instructed to be paid by the malware program. Remember that you are simply being tricked, fooled and prompted into paying the fine for the crimes you haven’t done, so there is nothing for you to worry about. 100 Euro is quite a lot of money, you’d better spend it for something much better than this ransomware code. Please follow the special removal guide to help you delete this malware free of charge. Please share this information with other friends and relatives of yours if they have the same problem with their computers.

Ransomware removal sequence of steps:

  1. Restart your system into Safe Mode with Command Prompt. While your PC is booting hit “F8 key” on your keyboard repeatedly. This will lead you to “Windows Advanced Options Menu” as depicted below. Apply your arrow keys to go to Safe Mode with Command Prompt and then hit Enter key. Important! You need to login as the same user you were previously logged in with in the normal Windows mode. Please find more detailed information on rebooting into safe mode in this guide.
  2. While Windows boots the Windows command prompt will appear as depicted in the screenshot below. In the command prompt you need to type “regedit” (without quotation marks) and hit Enter. The Registry Editor window comes up.
  3. Find the following registry entry:
  4. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

    In the righthand panel select the registry key named Shell. Right click on this registry key and select Modify.

    The default value should be Explorer.exe, but it was modified by the ransomware program in the following manner:

    mahmud.exe

    mahmud.exe

    Instead of this registry entry value “C:\Documents and Settings\[your account name]\Application Data\mahmud.exe” type-in “Explorer.exe“. The name of this registry entry may be different from what is depicted at the screenshot above.

  5. Once the value of this registry entry was modified to “Explorer.exe” plese shut down the Registry Editor and reboot your PC now. To reboot use the command “shutdown /r /t 0” (without quotation marks) and hit Enter.
  6. This should unlock your desktop from ransomware virus. Now make sure to scan your PC with reliable and powerful anti-virus software that will detect and remove other infected files of this virus.

Ransomware removal tool

Important! If this ransomware removal solution did not help you please consider another similar guide available here.