Metropolitan Police virus. Fake Police Central e-crime Unit notice

Start spreading the news!

Be careful when you receive quite a scary message allegedly from Police Central e-crime Unit of Specialist Crime Directorate of UK’s Metropolitan Police. The chances are that this is the ransomware application designed by hackers to steal your funds. Look at the screenshot below that depicts such notice. Does it seem familiar to you? Is the warning quoted below the same as you see on your locked desktop? Well, you have a virus program that hacked your computer and left it in a locked status. This is what the message actually says and accuses you of:

Specialist Crime Directorate
Police Central e-crime Unit
Metropolitan Police
Attention!!! This operating system is locked due to the violation of the laws of the United Kingdom! Following violations were detected:

Your IP address is [removed]. This IP address was used to visit websites containing pornography, child pornography, zoophilia and child abuse. Your computer also contains video files with pornographic content, elements of violence and child pornography! Spam-messages with terrorist motives were also sent from your computer.
To unlock the computer you are obliged to pay a fine of £ 100.
You could pay the forfeit in two ways:
1) Paying through Ukash:
To do this, you should enter the 19 digits code in the payment form and press OK (if you have several codes, enter them one after the other and press OK).
If an error occurs, send the codes to address [email protected]
2) Paying through Paysafecard:
To do this, you should enter the 16 digits resulting code (if necessary with a password) in the payment form and press OK (if you have several codes, enter them one after the other and press OK).
If an error occurs, send the codes to address [email protected]

Cyber Metropolitan Police virus
Police Central e-crime Unit virus

No doubt, the contents of this warning are quite scary for all people who get it suddenly, out of the blue. This is a very serious accusation, and, moreover, it seems like the ransomware gives users no other options but to pay for the ransom via Ukash or Paysafecard methods in order to unlock the computer. Restarting (rebooting PC) in the normal manner does not really help. The locked status would remain. Some people have already mistakenly effected the payment to restore their computer back to normal mode, however, there is no any guarantee that they would be able to actually unlock it after they disclose the financial information asked by malware makers. Luckily, there are other ways how to fix this problem and recover your PC from ransomware bondage. So, do not disclose any of your financial information and do not hurry up to buy those Ukash or Paysafecard vouchers and PINs. Instead, follow the guide below that will assist you in removal of this virus. If this solution didn’t really assist you please follow another malware removal pattern described in the article linked to in the very bottom of this post.

PCEU virus removal sequence of steps:

  1. Restart your system into Safe Mode with Command Prompt. While your PC is booting hit “F8 key” on your keyboard repeatedly. This will lead you to “Windows Advanced Options Menu” as depicted below. Apply your arrow keys to go to Safe Mode with Command Prompt and then hit Enter key. Important! You need to login as the same user you were previously logged in with in the normal Windows mode. Please find more detailed information on rebooting into safe mode in this guide.
  2. While Windows boots the Windows command prompt will appear as depicted in the screenshot below. In the command prompt you need to type “regedit” (without quotation marks) and hit Enter. The Registry Editor window comes up.
  3. Find the following registry entry:
  4. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

    In the righthand panel select the registry key named Shell. Right click on this registry key and select Modify.

    The default value is Explorer.exe.

    Now you must amend the value data to iexplore.exe. Click OK to save your changes and now quit (shut down) the Registry editor.

    Now return to “Normal Mode“. In order to reboot your PC, at the command prompt, type “shutdown /r /t 0” (without quotation marks) and hit Enter.

  5. Once Windows OS boots you will not see any desktop icons. Do not panic, this problem will be resolved soon. First of all, use the key combination “Ctrl+Alt+Del” or “Ctrl+Shift+Esc” (recommended) and launch Task Manager. Click File → New Task (Run…)
  6. Type in iexplore and hit OK or click Enter keyboard button.

  7. This would open Internet Explorer broswer. Now you must download clean explorer.exe file and over-write the existing one which is infected. Please make sure you download the correct file for your version of Windows OS:
  8. Click on the link to download the file. Select Save. Then go to C:\Windows folder and select available explorer.exe file. Click Save to overwrite the malicious explorer.exe file.

  9. Open up Task Manager once again. For this purpose click File → New Task (Run…) as you made in previous steps.
  10. Type in regedit and click OK to open Registry Editor.
  11. Find the same registry entry referred to in the step 3 of this tutorial.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

    In the righthand panel choose the registry entry with the name Shell. Right click on this registry entry and select Modify. Delete iexplore.exe and type in Explorer.exe as it was initially. Click OK to save performed amendments.

    Shut down Registry Editor and reboot your PC now. This should reslove your problem. The last but not the least – make sure to scan your PC with reliable and powerful anti-virus software.

Important! If this ransomware removal solution did not help you please consider another similar guide available here.

Leave a Reply

Your email address will not be published. Required fields are marked *