A present time millions of PCs all over the world are being attacked with a serious virus known as fake Cyber Metropolitan Police notice, also referred to by some as the police virus. The program is a ransomware that does not really care what country to target, this is why quite a large number of PCs worldwide have been attacked by this scam device. The hoax actually accuses users of doing very many bad things, including watching some illegal materials over the Internet, spreading spam and even supporting the activities of world’s most wanted terrorists. However, all such accusations are entirely fake and must be totally neglected by users. Nevertheless, the ransomware did its mission, and here you are in front of the background of Cyber Metropolitan Police scareware, without the option to do anything but to indicate certain Ukash voucher number or Paysafecard pin code to unlock the computer. This is exactly what the virus makers want from you – to tell them this important financial information in order to make them richer. However, in spite of such a locked condition of your PC, please do not act like you are instructed by this scareware. Trust us, there are ways how to successfully get rid of Cyber Metropolitan Police misleading and annoying notice and to restore your system back to the normal mode. We’ve recently developed several manual removal guidelines for this particular type of ransomware infection, so be careful as you read our guide attached below. Below is the quote of what Metropolitan Police scam actually accuses you of:
Attention! Illegal activity was revealed!
Your operational system is locked as a result of Great Britain law violation!
The following violations were revealed: your IP address was detected on illegal sites.
Illegal spam of terrorist orientation is also mailed from your PC.
This lockout is intended to eliminate possible distribution of the above materials from your PC in the Internet.
For your PC to be unlocked you have to pay penalty equal to 100£! The penalty is to be paid during 24 hours from the moment when your PC was locked! If the penalty is hot paid all the data will be removed from your PC!
There are 2 ways of payment
- You can buy the Ukash coupon for the amount of 100£. Enter the Ukash coupon number in payment field and press OK or send the coupon number by email firstname.lastname@example.org You can buy the Ukash coupon at any available point
- You can pay the penalty by means of Paysafecard. Payment by means of Paysafecard is to be effected to the amount of 100£. Enter the pin code from your bill in payment field and press OK or send the pin code by email email@example.com
You can buy Paysafecard at any available point
As soon as payment is effected your PC will be unlocked during 24 hours from the moment of payment.
To sum up the above-mentioned information, do not disclose any financial information to the malware developers who invented this misleading, scary and annoying malware sample. The information below contains two various removal solution. Please try one of them or both until the virus is completely eliminated.
Cyber Metropolitan Police virus removal sequence of steps:
- Restart your system into Safe Mode with Command Prompt. While your PC is booting hit “F8 key” on your keyboard repeatedly. This will lead you to “Windows Advanced Options Menu” as depicted below. Apply your arrow keys to go to Safe Mode with Command Prompt and then hit Enter key. Important! You need to login as the same user you were previously logged in with in the normal Windows mode. Please find more detailed information on rebooting into safe mode in this guide.
- While Windows boots the Windows command prompt will appear as depicted in the screenshot below. In the command prompt you need to type “regedit” (without quotation marks) and hit Enter. The Registry Editor window comes up.
- Find the following registry entry:
- Once Windows OS boots you will not see any desktop icons. Do not panic, this problem will be resolved soon. First of all, use the key combination “Ctrl+Alt+Del” or “Ctrl+Shift+Esc” (recommended) and launch Task Manager. Click File → New Task (Run…)
- This would open Internet Explorer broswer. Now you must download clean explorer.exe file and over-write the existing one which is infected. Please make sure you download the correct file for your version of Windows OS:
In the righthand panel select the registry key named Shell. Right click on this registry key and select Modify.
The default value is Explorer.exe.
Now you must amend the value data to iexplore.exe. Click OK to save your changes and now quit (shut down) the Registry editor.
Now return to “Normal Mode“. In order to reboot your PC, at the command prompt, type “shutdown /r /t 0” (without quotation marks) and hit Enter.
Type in iexplore and hit OK or click Enter keyboard button.
Click on the link to download the file. Select Save. Then go to C:\Windows folder and select available explorer.exe file. Click Save to overwrite the malicious explorer.exe file.
Find the same registry entry referred to in the step 3 of this tutorial.
In the righthand panel choose the registry entry with the name Shell. Right click on this registry entry and select Modify. Delete iexplore.exe and type in Explorer.exe as it was initially. Click OK to save performed amendments.
Shut down Registry Editor and reboot your PC now. This should reslove your problem. The last but not the least – make sure to scan your PC with reliable and powerful anti-virus software.
Important! If this ransomware removal solution did not help you please consider another similar guide available here.