Strathclyde Police ransomware

Ransomware applications nowadays become more and more aggressive in attacking so many systems all over the world. The very word “ransomware” implies certain type of software that asks user to pay the ransom in exchange for performing some action that would restore the computer infected with virus back to normal functioning, the one it had before the malware infiltration occurred. These illegal and scary programs are designed specifically for certain country where the information they try to scare users with would be clear and understandable, even though they do have poor grammar and improper spelling quite often. Metropolitan Police Service and Strathclyde Police virus is included into this wide group of ransomware programs. However, you must get clear understanding of the fact they have nothing in common with the well-known and respected police in the United Kingdom of Great Britain and Northern Ireland. This is the trick applied by hackers to prompt users into thinking that what this ransomware tells them is true. When Metropolitan Police Service and Strathclyde Police virus successfully hijacks the desktop of the infected machine it would present the following warning:

The ransomware tells you to effect the payment for the ransom using two payment options:

1. Payment through Ukash by entering the 19 digits code in the payment form and pressing OK.
2. Payment through Paysafecard by entering 16 digits resulting code in the payment form and pressing OK.

In spite of the fact that this virus probably completely ruined your plans and does not let you do the required job you should not hurry up to effect the payment according to its bogus instructions. You could spend £100 for many great and necessary items but surely not for the ransom required to be paid by this virus to unblock your infected computer. The e-mail address surcharge@cyber-metropolitan-police.co.uk recommended by this virus for you to contact the crooks in the case of any errors is nothing but the next attempt to obtain money whatever it takes. If you contact the frauds via this e-mail you would get no help to remove this malware but rather the next prompt of this ransomware tool developers to act according to its instructions. Do you remember what we told you today in the very beginning of today’s newsletter? The software naming itself as Metropolitan Police Service and Strathclyde Police that has been described in this blog should never be trusted by you. Instead of performing the instructions of its developers, go ahead and get rid of this serious, annoying and threatening virus application. Below please find attached the simple and clear guide to help you remove this malware sample from your computer.

Strathclyde Police (Metropolitan Police) virus removal sequence of steps:

1. Restart your system into Safe Mode with Command Prompt. While your PC is booting hit “F8 key” on your keyboard repeatedly. This will lead you to “Windows Advanced Options Menu” as depicted below. Apply your arrow keys to go to Safe Mode with Command Prompt and then hit Enter key. Important! You need to login as the same user you were previously logged in with in the normal Windows mode. Please find more detailed information on rebooting into safe mode in this guide.



2. While Windows boots the Windows command prompt will appear as depicted in the screenshot below. In the command prompt you need to type “regedit” (without quotation marks) and hit Enter. The Registry Editor window comes up.



3. Find the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

In the righthand panel select the registry key named Shell. Right click on this registry key and select Modify.



The default value is Explorer.exe.



Now you must amend the value data to iexplore.exe. Click OK to save your changes and now quit (shut down) the Registry editor.



Now return to “Normal Mode“. In order to reboot your PC, at the command prompt, type “shutdown /r /t 0” (without quotation marks) and hit Enter.



4. Once Windows OS boots you will not see any desktop icons. Do not panic, this problem will be resolved soon. First of all, use the key combination “Ctrl+Alt+Del” or “Ctrl+Shift+Esc” (recommended) and launch Task Manager. Click File → New Task (Run…)



Type in iexplore and hit OK or click Enter keyboard button.



5. This would open Internet Explorer broswer. Now you must download clean explorer.exe file and over-write the existing one which is infected. Please make sure you download the correct file for your version of Windows OS:
• Windows XP SP2
• Windows XP SP3
• Windows Vista SP2
• Windows 7 SP1

Click on the link to download the file. Select Save. Then go to C:\Windows folder and select available explorer.exe file. Click Save to overwrite the malicious explorer.exe file.



6. Open up Task Manager once again. For this purpose click File → New Task (Run…) as you made in previous steps.



7. Type in regedit and click OK to open Registry Editor.



Find the same registry entry referred to in the step 3 of this tutorial.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

In the righthand panel choose the registry entry with the name Shell. Right click on this registry entry and select Modify. Delete iexplore.exe and type in Explorer.exe as it was initially. Click OK to save performed amendments.



Shut down Registry Editor and reboot your PC now. This should reslove your problem. The last but not the least – make sure to scan your PC with reliable and powerful anti-virus software.

Important! If this ransomware removal solution did not help you please consider another similar guide available here.

• Previous Entry: RAM memory reliability is extremely low. Fake HDD error
• Next Entry: Votre ordinateur a été bloqué pour violation de la loi Français ransomware