[RESOLVED] Police e-crime virus removal

maranello · ‎11-01-2008

One of the XP accounts on my PC appears to be infected with the Police e-crime virus. On logging into the account what appears to be a pdf appears in full screen, and the PC is then locked. Cntr-Alt-Del doesn't work, the only way out is a hard reset by holding in the power button.
Two other XP accounts on the same PC are unaffected (so far), one of which has administrator privileges. Running a scan with AVG Free 2012 from this account initially found the infection and removed it to the virus vault, but the infected account remained infected, and subsequent scans did not find an infection.
Has anyone any experience of this virus and knows how to remove it?

My other car isn't a Ferrari

nozzer · ‎04-08-2009

A bit long-winded but try this....
http://botcrawl.com/how-to-remove-the-police-central-e-crime-unit-ransomware-virus-metropolitan-poli...

journeys · ‎24-09-2008

malware bytes clears it. http://www.malwarebytes.org/
load malwarebytes onto a clean drive (USB data stick), reboot 'safe with networking', run malwarebytes.
Neighbour's son was infected with it recently.

ReedRichards · ‎14-07-2009

Typically this type of virus works using a sort of pester-power on steroids - so much activity that nothing else cannot get a look-in or is deliberately suppressed. I generally boot into Safe Mode then use a start-up modifier program like Autoruns http://technet.microsoft.com/en-gb/sysinternals/bb963902.aspx to turn-off the virus. With a bit of practice it is easy to identify the virus in the long list because it is not digitally signed and not in a normal location for a program file. Once you have stopped the virus from starting automatically you can use the security software of your choice to remove the actual file and associated settings. Malwarebytes is indeed a good choice

maranello · ‎11-01-2008

Thanks for the advice.
Progress so far.
AVG scans still report no current infection since the initial scan which detected and quarantined the virus. However, the affected XP account cannot be accessed without the virus screen warning displaying and freezing the PC. It also appears to be preventing a system restore to any restore point. Quite a nasty little beggar, although more of an inconvenience atm rather than a threat.
The next step is to see if malwarebytes cures the infection, but if AVG no longer detects it and the virus only affects one account, I don't have much confidence of success. Here's hoping.
If not successful I might try deleting the account and re-instating it

My other car isn't a Ferrari

ReedRichards · ‎14-07-2009

If you care to follow my strategy and use Autoruns (which will run happily in Safe Mode) look for a program that is launched from a location within the folders belonging to the affected user account. It's very rare for a legitimate program to do that (although Google Chrome is an exception that proves the rule).

maranello · ‎11-01-2008

Problem now resolved :). Malwarebytes detected, quarantined and deleted 4 files which AVG (free version) failed to detect.

My other car isn't a Ferrari

[RESOLVED] Police e-crime virus removal

[RESOLVED] Police e-crime virus removal

Re: Police e-crime virus removal

Re: Police e-crime virus removal

Re: Police e-crime virus removal

Re: Police e-crime virus removal

Re: Police e-crime virus removal

Re: Police e-crime virus removal