The scary notice that you see at the screenshot is the background of the computer desktop infected and locked with new ransomware that targets users primarily of Belgium and France. Some users also tend to name this cyber infection as eCops virus in their search queries. This is because of eCops logo placed in the very upper part of this scareware notification. We’ve researched about eCops organization. This is a Belgian online reporting service to which the Internet user can report crimes related to Belgium, committed on or by means of the world wide web. The web-page of eCops clearly says that this organization makes sure that all such reports are investigated by the appropriate service. So, this is the authority that helps to prevent sites with misleading information, unwanted advertisement or a fraudulent offers over the Internet. It also fights against child pornography on websites. It is obvious that this is a good company that helps to prevent cyber crimes committed by some users online. However, eCops has nothing to do with this ransomware program you see at the screenshot. On the contrary, this virus was prepared by hackers who want to earn extra money by deceiving users online. As we said, this malware attacks users primarily of France and Belgium, but there are chances that other countries might suffer because of it too. Below please find the quotes of what the ransomware accuses users of:
Attention! Votre ordinateur a été bloqué pour violation de la loi Belgique
Les infractions suivantes ont été détectées:
- Le fait, en vue de sa diffiision, de fixer, d’enregistrer ou de transmettre des matériels pornographique impliquant des mineurs
- Utilisation des logiciels en infraction avec les droits d’auteur
- Partager des fichiers multimédia en infraction avec les droits d’auteur
Pour débloquer votre ordinateur, vous devez payer 200 € dans les 3 jours prochaines. Si vous ne payez pas dans dans le délai précisé, votre ordinateur sera confisqués et votre cas sera soumis au tribunal.
Vous pouvez payer l’amende avec l’aide des vouchers Ukash ou Paysafecard. Acheter les vouchers par Ukash ou Paysafecard de 200 €. Ensuite, ouvrez le tab «Payer amende», remplir le forme avec les codes et vahiers des vouchers, et clique sur le bouton «Payer amende». Votre ordinateur sera débloqué dans les 24 heures suivantes.
Après le débloquage, nous suggérons que vous:
- Supprime toutes les fichiers multimédia en infraction avec les droits d’auteur.
- Supprime des logiciels en infraction avec les droits d’auteur.
- Installer un logiciel anti-virus, si vous n’en avez pas encore.
- Faire un scan anti-virus.
Votre SE: Windows XP
Votre adresse IP: [removed]
No matter how scary this message is, please make sure to ignore it. Remember that this program was prepared by fraudsters that want to get richer by prompting you into paying funds as the ransom to unlock your computer. However, there is no any guarantee given by it that the desktop of your computer would be unlocked. Instead of effecting funds via Ukash or Paysafecard payment systems please follow the following removal guide that will help you get rid of this scareware from your computer. Please make sure to carefully follow all the steps described in this solution to remove such type of ransomware. If you still have difficulties deleting it please try other removal methods described under the “ransomware” category at this blog.
Anti-malware tool necessary to eliminate “Attention! Votre ordinateur a été bloqué pour violation de la loi Belgique” automatically.
Detailed automatic removal instructions:
- Download GridinSoft Anti-Malware via the download button (above).
- Install the application and scan your computer with it.
- At the end of scan click “Apply” to remove all infections related to this ransomware:
- Important! It is also very important that you reset your browsers using GridinSoft Anti-Malware after you delete this particular ransomware. Shut down all your available browsers right now.
- In GridinSoft Anti-Malware click on “Tools” tab and select “Reset browser settings“:
- Select which particular browsers you would like to be reset and choose the reset options:
- Finally, Click on “Reset” button.
- You will receive the confirmation windows about browser settings reset successfully.
- Reboot your system now.
Video explaining how to reset your browser using GridinSoft Anti-Malware:
Manual ransomware removal sequence of steps:
- Restart your system into Safe Mode with Command Prompt. While your PC is booting hit “F8 key” on your keyboard repeatedly. This will lead you to “Windows Advanced Options Menu” as depicted below. Apply your arrow keys to go to Safe Mode with Command Prompt and then hit Enter key. Important! You need to login as the same user you were previously logged in with in the normal Windows mode. Please find more detailed information on rebooting into safe mode in this guide.
- While Windows boots the Windows command prompt will appear as depicted in the screenshot below. In the command prompt you need to type “regedit” (without quotation marks) and hit Enter. The Registry Editor window comes up.
- Find the following registry entry:
- Once Windows OS boots you will not see any desktop icons. Do not panic, this problem will be resolved soon. First of all, use the key combination “Ctrl+Alt+Del” or “Ctrl+Shift+Esc” (recommended) and launch Task Manager. Click File → New Task (Run…)
- This would open Internet Explorer broswer. Now you must download clean explorer.exe file and over-write the existing one which is infected. Please make sure you download the correct file for your version of Windows OS:
In the righthand panel select the registry key named Shell. Right click on this registry key and select Modify.
The default value is Explorer.exe.
Now you must amend the value data to iexplore.exe. Click OK to save your changes and now quit (shut down) the Registry editor.
Now return to “Normal Mode“. In order to reboot your PC, at the command prompt, type “shutdown /r /t 0” (without quotation marks) and hit Enter.
Type in iexplore and hit OK or click Enter keyboard button.
Click on the link to download the file. Select Save. Then go to C:\Windows folder and select available explorer.exe file. Click Save to overwrite the malicious explorer.exe file.
Find the same registry entry referred to in the step 3 of this tutorial.
In the righthand panel choose the registry entry with the name Shell. Right click on this registry entry and select Modify. Delete iexplore.exe and type in Explorer.exe as it was initially. Click OK to save performed amendments.
Shut down Registry Editor and reboot your PC now. This should reslove your problem. The last but not the least – make sure to scan your PC with reliable and powerful anti-virus software.
Important! If this ransomware removal solution did not help you please consider another similar guide available here.