Removal guides Metropolitan Police ransomware (PCeU) virus
Metropolitan Police ransomware (PCeU) virus
How to remove Metropolitan Police (PCeU) scam and unlock your computer?
"Metropolitan Police - your computer was locked to stop your illegal activity!" is a ransomware computer infection. This is a fake message which blocks computer users from accessing their desktop, it's created by Cyber criminals. This screen locker is targeting computer users from United Kingdom. Recently ransomware became very popular among Cyber criminals and they are continuing to create and distribute new versions of their misleading screen lockers. To make their messages appear more legitimate Cyber criminals are exploiting names of authorities, this time it's Metropolitan Police, previously release screen lockers were using names of FBI and Interpol.
Furthermore the creators of such rogue screen lockers are able to detect your computer's IP address and using this information the fake messages appear in your language. The message that blocks your desktop states that you have to pay a fine of 100 pounds to unlock your PC. You shouldn't pay this fine - it's a scam. None of the authorities are using screen lockers to collect fines for any violations. If you pay the fine you will send your money to cyber criminals and your PC will still be infected.
"Metropolitan Police - your computer was locked to stop your illegal activity!" is just another scam that tries to trick unsuspecting PC users into paying a non existent fine. Notice that Cyber criminals are using Ukash and Paysafecard for money transaction, this makes it very difficult to track them. If you see such message on your computer's screen you should use the provided removal guide to remove it and unlock your PC.
Fake message shown in Metropolitan Police screen lock:
Metropolitan Police Working together for a safer London Location: United Kingdom
This computer was locked to stop your illegal activity!
To unlock the computer you must pay a fine of 100 pounds
You could pay the fine in two ways:
1) Paying by Ukash:
To do this, you should enter the 19 digits code in the payment form and press OK. (if you have several codes, enter them one after the other and press OK). If an erros occurs, send your IP address and payment code to email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
2) Paying by Paysafecard:
To do this, you should enter the 19 digits code in the payment form and press OK. (if you have several codes, enter them one after the other and press OK). You could buy Ukash in many places: shops, stand-alone-terminals, online or via E-Wallet (electronic cash). Below you can find the list of points of sale of Ukash in United Kingdom...
Metropolitan Police screen lock removal:
Step 1
During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.
Step 2
Log in to the account that is infected with Metropolitan Police scam. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries that it detects.
remover for Metropolitan Police ransomware
Can't boot in Safe Mode with Networking? (Metropolitan Police virus blocks Safe Mode with Networking)
If you have more than one user account in your operating system - please log-in to the clean account and download the recommended anti-spyware software, install it and run a full system scan, remove all the security infections it will detect, however if you have only one user account please follow this guide (this guide will show you how to create a new user account using safe mode with command prompt - using this newly created user account you will be able to remove Metropolitan Police ransomware).
If Metropolitan Police virus also blocks your operating system's Safe Mode with Networking follow these removal instructions:
1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.
2. When command prompt mode loads enter the following line: net user removevirus /add and press ENTER.
3. Next enter this line: net localgroup administrators removevirus /add and press ENTER.
4. Finnaly enter this line: shutdown -r and press ENTER.
5. Wait for your computer to restart, then boot your PC in Normal Mode and login to the newly created user account ("removevirus"). This account won't be affected by the ransomware infection and you will be able to download and install recommended anti-spyware software to eliminate this virus from your computer.
6. Download and install recommended anti-spyware software to eliminate this ransomware infection from your computer:
remover for Metropolitan Police virus
If the newly created user account is also affected by the ransomware infection try doing a System Restore:
1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.
2. When command prompt mode loads enter the following line: cd restore and press ENTER.
3. Next type this line: rstrui.exe and press ENTER.
4. In the opened window click "Next".
5. Select one of the available restore point and click "Next" (this will restore your computer's system to an earlier time and date, before the ransomware infiltrated your PC).
6. In the opened window click "Yes".
7. After restoring your computer to a previous date download and scan your PC with a recommended anti-spyware software to eliminate any left remnants of Metropolitan Police ransomware.
Alternative Metropolitan Police scam removal guide:
If this ransomware blocks your screen when you start your computer in safe mode with networking, try starting your PC in safe mode with command prompt.
1. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.
2. In the opened command prompt type explorer and press Enter. This command will open explorer window, don't close it and continue to the next step.
3. In the command prompt type regedit and press Enter. This will open the registry editor window.
4. In the registry editor window you should navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
5. In the right side of the window locate "Shell" and right click on it. Click on Modify. The default value data is Explorer.exe if you see something else written in this window remove it and type in Explorer.exe (you can write down whatever else was written in the value data section - this is a path of the rogue execution file) - use this information to navigate to the rogue executable and remove it.
6. Restart your computer, download and install a legitmate anti-spyware software and perform a full system scan to eliminate any left remnants of Metropolitan Police scam.
remover for Metropolitan Police scam
If you can't start your computer in safe mode with networking (or with command prompt) you should boot your computer using a rescue disk. Some variants of ransomware disables safe mode making it's removal more complicated. For this step you will need access to another computer. After removing Metropolitan Police scam from your PC restart your computer and scan it with a legitimate antispyware software to remove any possibly left remnants of this security infection.
Other tools known to remove Metropolitan Police screen lock:
Some malicious software modifies browser settings and disables downloads of spyware and virus removing software. If you have problems downloading anti-spyware software with Internet Explorer, try downloading with Chrome, FireFox, Opera, etc.
If you can't access Internet:
Load your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.
Start Task manager. Press ctrl+alt+del (or ctrl+shift+esc) and end task the processes of rogue program. ( if after this procedure you can't access any programs press ctrl+alt+del, click File, select New Task, and type explorer.exe then press OK.
Open Internet explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if a Use a proxy server for your LAN is checked, un-check it and press OK.
After this procedure you should be able to access Internet. Now you can download anti-spyware software from our "Top spyware removers" section and run a full scan. Download, install and don't forget to update your selected anti-spyware program.
Metropolitan Police scam removal:
If you were unable to remove Metropolitan Police screen lock using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)
End these Metropolitan Police screen lock processes:
random.exe
Delete these Metropolitan Police screen lock files:
%Temp%\<random>.exe
%StartupFolder%\ctfmon.lnk
If you continue having problems removing Metropolitan Police screen lock or you can't start your computer in safe mode you can try booting your computer using a rescue disk. For this step you will need access to another computer.
Was this helpful to you?
Recommend it!
Global virus and spyware activity level today:
Medium
Increased attack rate of infections detected within the last 24 hours.
- FBI Your Computer Has Been Locked scam
- System Care Antivirus
- Department of Justice MoneyPak Virus
- Win 7 Antivirus 2013
- SweetIM Toolbar (Search.sweetim.com Virus)
- Department of Justice scam
- FBI Cybercrime Division - Your PC is Blocked (MoneyPak Virus)
- Metropolitan Police ransomware (PCeU) virus
- Police Central E-Crime Unit Virus
- Internet Security "designed to protect" Scam - Fake Antivirus Program
Comments
Being dealing with this virus some time as is it my job. The easy way to fix this is to download Avira AntiVir Rescue System cd, choose the iso file. When download is finish just double-click it and burn it with windows image burner.
Restart you computer booting up with cd, usually press F8 to get the boot menu. When avira start press 1 and enter, then when it is loaded up press scan system at the left down corner. It takes maybe 1-2 hours to complete the scan. When finish restart pc and it will work, but you will get one error because the virus can't start, do this.
Click start, all programs and delete the file in startup folder who has the same name as the popup error when you start your computer.
Now you have your computer back so happy surfing.
Best wish.
Red-Devil
WHEN THE SCREEN COMES UP WITH ALL THE POLICE BULL S
HIT AT THE SAME TIME
CTRL ALT DELETE
THEN HIT CLOSE DOWN
IN AN INSTANT HIT START AND CONTROL PANEL THEN CANCEL CLOSE DOWN
IVE DONE THIS THEN RUN SPY HUNTER AND IT HAS GOT RID OF IT FOR GOOD
YOU WILL FIND IT WONT LET YOU START IN SAFETY MODE WITH NETWORK
and the the screen locks go away
when this happen i quickly pres start then control panel
then when the shut down sigh come up say shut down? press cancel and wa la
I had the same issue, and just wanted to let you know that upon looking at the %temp% folder i found a lot of REG922 files that appeared at exactly that same time as the .jpg files and the .gif files the website uses when "locking" the screen. Once i deleted these the issue was resolved for me, this may not work for everyone but worth a mention.
Thanks
Once Windows has reloaded amd message gone, run you internet security software or download software as descibed in the article.