Polisen Enheten for databrott is actually the heading (title) of another ransomware virus that is prepared by online hackers to hijack computers primarily in Sweden and thus to demand money from users deceived by the large volume of untrue information. In particular, typical to all other ransomwares, this pest tells that users were noticed to watch, promote and spread illegal information over the Internet having to do with extremely explicit content, spreading spam and even being engaged in support of terrorist activities. No doubt, such information is quite scary when received by unprepared users (not aware about presence of this type of infection in the cyber world). The malware literally prompts users to pay the forfeit (fine) in the amount of 100 Euro by means of indicating special PIN codes of Ukash or Paysafecard vouchers. As you probably understand, doing so is the waste of funds. There is no guarantee that this scam will unlock your PC, and the chances are that the crooks will simply use your money simply for reaching their covetous plots. Even if the problem can be resolved (desktop unlocked) by means of indicating the Ukash or Paysafecard PIN codes – still, this is not the correct solution of the problem. There are many other wonderful things you could invest your money into, but surely not in favor of the criminals that produced this scareware device. By the way, here is what it says in Swedish language, in particular:
Regeringskansliet
Polisen
Polisen Enheten for databrott
OBS!
Detta operativsystem är blockerad på grund av brott mot svensk lag. Fastställt följande brott:
Din IP-adress [removed]. Med denna IP-adress var besökta webbplatser som innehåller pornografi, barnpornografi, tidelag, och våld mot barn. Videofiler som innehåller pornografi, våld och inslag av barnpornografi har installerats på dator! Dessutom skickades e-postmeddelanden i form av spam, som innehåller terrorist motiv från din epost adress.
Datorn har blockerats för att stoppa din olaglig verksamhet.
För att låsa upp datorn, du måste betala böter på 100 euro.
Du kan betala en straffavgift på två sätt:
1) Betalning via ett system Ukash:
För att göra detta måste du ange i betalningsform 19-siffrig kod och trycka OK (Om du har flera koder, bör de införas en efter en, och klicka sedan på OK).
Om det uppstar ett fel i betalningsprocessen, bor koderna skickas till insattning@cybercrime.gov.
2) Betalning via ett system Paysafecard:
För att göra detta måste du ange i betalningsform 16-siffrig kod (Om nödvändigt, skriv in ett lösenord) och tryck OK (Om du har flera koder, bör de införas en efter en, och klicka sedan på OK).
Om det uppstar ett fel i betalningsprocessen, bor koderna skickas till insattning@cybercrime.gov.
It is quite clear by now that this program is a scareware that deserves to be wiped off your system. However, when trying to reach this goal you may turn out to be unsuccessful because the hoax blocks your attempts to get rid of it. Rebooting your system gives no positive results. In this case it is a good idea that you refer to this special removal guide and get rid of this scareware from your computer. Follow the ransomware removal instructions below, carefully and completely.
Ransomware removal sequence of steps:
- Restart your system into Safe Mode with Command Prompt. While your PC is booting hit “F8 key” on your keyboard repeatedly. This will lead you to “Windows Advanced Options Menu” as depicted below. Apply your arrow keys to go to Safe Mode with Command Prompt and then hit Enter key. Important! You need to login as the same user you were previously logged in with in the normal Windows mode. Please find more detailed information on rebooting into safe mode in this guide.
- While Windows boots the Windows command prompt will appear as depicted in the screenshot below. In the command prompt you need to type “regedit” (without quotation marks) and hit Enter. The Registry Editor window comes up.
- Find the following registry entry:
- Once Windows OS boots you will not see any desktop icons. Do not panic, this problem will be resolved soon. First of all, use the key combination “Ctrl+Alt+Del” or “Ctrl+Shift+Esc” (recommended) and launch Task Manager. Click File → New Task (Run…)
- This would open Internet Explorer broswer. Now you must download clean explorer.exe file and over-write the existing one which is infected. Please make sure you download the correct file for your version of Windows OS:
- Important! At this stage it is also strongly recommended that you download and scan your PC with realiable anti-virus software.
- Remove all detected infections but do not reboot PC yet.
- Open up Task Manager once again. For this purpose click File → New Task (Run…) as you made in previous steps.
- Type in regedit and click OK to open Registry Editor.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
In the righthand panel select the registry key named Shell. Right click on this registry key and select Modify.
The default value is Explorer.exe.
Now you must amend the value data to iexplore.exe. Click OK to save your changes and now quit (shut down) the Registry editor.
Now return to “Normal Mode“. In order to reboot your PC, at the command prompt, type “shutdown /r /t 0” (without quotation marks) and hit Enter.
Type in iexplore and hit OK or click Enter keyboard button.
Click on the link to download the file. Select Save. Then go to C:\Windows folder and select available explorer.exe file. Click Save to overwrite the malicious explorer.exe file.
Find the same registry entry referred to in the step 3 of this tutorial.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
In the righthand panel choose the registry entry with the name Shell. Right click on this registry entry and select Modify. Delete iexplore.exe and type in Explorer.exe as it was initially. Click OK to save performed amendments.
Shut down Registry Editor and reboot your PC now. This should reslove your problem. The last but not the least – make sure to scan your PC with reliable and powerful anti-virus software.
Important! If this ransomware removal solution did not help you please consider another similar guide available here. If this guide didn’t work either, then try other solutions available under the “Ransomware” category of this blog.
