The message titled as Fue detectado un caso de actividad ilegal is another ransomware “present” prepared by cyber frauds for computer users in Spain and other Spanish-speaking countries. Many users have already been infected with this malware program. Unfortunately, some of them have done what the virus instructed them to do. They paid the money as the ransom to unlock their computer after they heard quite scary accusations. This malicious software tells that the users have been noticed to watch, spread and promote illegal information over the Internet, engage themselves in distributing various forms of spam and even supporting terrorist activities. No doubt, it is quite unpleasant to get such a warning, even if you haven’t ever done anything like that. The virus totally disables your computer by means of locking it. Then it tells that in order to unlock it you need to purchase some Ukash vouchers or Paysafecard PIN codes and indicate them in the respective fields to unlock your system.
Atención!
Fue detectado un caso de actividad ilegal. El sistema operativo fue bloqueado por violación de las leyes de España! Fue detectada la siguiente infracción:
Desde su dirección IP bajo el número [removed] fue efectuado un acceso a páginas de internet que contienen pornografía, pornografía infantil, zoofilia, asimismo como violencia sobre los menores. En su ordenador asimismo fueron encontrados archivos de vídeo que contienen pornografía, elementos de violencia y pornografía infantil. Desde el correo electrónico asimismo se realizaba envío de spam con subtexto de terrorismo. El bloqueo del ordenador se realiza para suprimir la posibilidad de acciones ilegales por su parte.Para quitar el bloqueo del ordenador, usted debe pagar una multa de 100 euro.
Usted tiene uno formas de pago:
1) Realizar el pago a través de Ukash:
Para ello, por favor introduzca el código recibido (en caso de necesidad junto con la contraseña) en la línea del pago, y posteriormente pulse OK (si usted tiene varios códigos, introdúzcalos uno detrás de otro, y después pulse OK).
Si el sistema le genera un error, usted deberá enviar el código al correo electrónico deposito@cyber-police.net.2) Realizar el pago a través de Paysafecard:
Para ello, por favor introduzca el código recibido (en caso de necesidad junto con la contraseña) en la línea del pago, y posteriormente pulse OK (si usted tiene varios códigos, introdúzcalos uno detrás de otro, y después pulse OK).
Si el sistema le genera un error, usted deberá enviar el código al correo electrónico deposito@cyber-police.net.
Please do not obey the misleading and deceitful instructions of malware developers that prepared this ransomware attacking campaign. There is no any guarantee that by doing so the locked status will be removed. The process of successful removal and unlocking of your system is described below, but this requires some manual steps on your part. However, these solutions are effective and should help you fix your PC and recover it from ransomware bondage. Please carefully follow the ransomware removal steps listed below.
Ransomware removal sequence of steps:
- Restart your system into Safe Mode with Command Prompt. While your PC is booting hit “F8 key” on your keyboard repeatedly. This will lead you to “Windows Advanced Options Menu” as depicted below. Apply your arrow keys to go to Safe Mode with Command Prompt and then hit Enter key. Important! You need to login as the same user you were previously logged in with in the normal Windows mode. Please find more detailed information on rebooting into safe mode in this guide.
- While Windows boots the Windows command prompt will appear as depicted in the screenshot below. In the command prompt you need to type “regedit” (without quotation marks) and hit Enter. The Registry Editor window comes up.
- Find the following registry entry:
- Once Windows OS boots you will not see any desktop icons. Do not panic, this problem will be resolved soon. First of all, use the key combination “Ctrl+Alt+Del” or “Ctrl+Shift+Esc” (recommended) and launch Task Manager. Click File → New Task (Run…)
- This would open Internet Explorer broswer. Now you must download clean explorer.exe file and over-write the existing one which is infected. Please make sure you download the correct file for your version of Windows OS:
- Open up Task Manager once again. For this purpose click File → New Task (Run…) as you made in previous steps.
- Type in regedit and click OK to open Registry Editor.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
In the righthand panel select the registry key named Shell. Right click on this registry key and select Modify.
The default value is Explorer.exe.
Now you must amend the value data to iexplore.exe. Click OK to save your changes and now quit (shut down) the Registry editor.
Now return to “Normal Mode“. In order to reboot your PC, at the command prompt, type “shutdown /r /t 0” (without quotation marks) and hit Enter.
Type in iexplore and hit OK or click Enter keyboard button.
Click on the link to download the file. Select Save. Then go to C:\Windows folder and select available explorer.exe file. Click Save to overwrite the malicious explorer.exe file.
Find the same registry entry referred to in the step 3 of this tutorial.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
In the righthand panel choose the registry entry with the name Shell. Right click on this registry entry and select Modify. Delete iexplore.exe and type in Explorer.exe as it was initially. Click OK to save performed amendments.
Shut down Registry Editor and reboot your PC now. This should reslove your problem. The last but not the least – make sure to scan your PC with reliable and powerful anti-virus software.
Important! If this ransomware removal solution did not help you please consider another similar guide available here.
