Metropolitan Police Virus

Also Known As: Metropolitan Police Ransomware
Type: Ransomware
Damage level: Severe
Distribution: High
Damage Level

Metropolitan Police virus removal guide

What is Metropolitan Police?

"Metropolitan Police - your computer was locked to stop your illegal activity!" is a ransomware computer infection. This fake message was created by Cyber criminals and blocks computer users from accessing their desktops. This screen locker targets computer users from the United Kingdom. Recently, ransomware became popular amongst Cyber criminals who continue to create and distribute new versions of their misleading screen lockers. To make their messages appear more authentic, Cyber criminals exploit the names of authorities, and in this case, use the Metropolitan Police. Other previously-released screen lockers use the names of the FBI and Interpol.

Furthermore, the creators of these rogue screen lockers are able to detect your computer's IP address and use this information to ensure the fake messages appear in your language. The message that blocks your desktop states that you have to pay a fine of £100 in order to unlock your PC. Do not pay this fine - it is a scam. No authorities use screen lockers to collect fines for any violations. If you pay the fine, you will send your money to cyber criminals and your PC will remain infected.

metropolitan police virus

metropolitan police scam screenshot

Metropolitan Police scam

"Metropolitan Police - your computer was locked to stop your illegal activity!" is merely another scam that attempts to trick unsuspecting PC users into paying a bogus fine. Cyber criminals use Ukash and Paysafecard for money transactions, making it difficult to track them. If you see this type of message on your computer screen, use the removal guide provided to remove it and unlock your PC.

A fake message shown within the Metropolitan Police virus:

Metropolitan Police Working together for a safer London Location: United Kingdom.
This computer was locked to stop your illegal activity!
To unlock the computer you must pay a fine of 100 pounds.
You could pay the fine in two ways:
1) Paying by Ukash:
To do this, you should enter the 19 digits code in the payment form and press OK. (if you have several codes, enter them one after the other and press OK). If errors occur, send your IP address and payment code to email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
2) Paying by Paysafecard:
To do this, you should enter the 19 digits code in the payment form and press OK. (if you have several codes, enter them one after the other and press OK). You could buy Ukash in many places: shops, stand-alone-terminals, online or via E-Wallet (electronic cash). Below you can find the list of points of sale of Ukash in United Kingdom...

Quick menu:

Metropolitan Police virus removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

alt

Video showing how to start Windows 7 in "Safe Mode with Networking":

Step 2

Log in to the account infected with Metropolitan Police virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries detected.

remover for Metropolitan Police virus

If you need assistance removing Metropolitan Police Virus, give us a call 24/7:
1-877-484-8393
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.

Cannot boot in Safe Mode with Networking? (Metropolitan Police virus blocks Safe Mode with Networking)

If you have more than one user account in your operating system - please log-in to the clean account and download the recommended malware removal software, install it and run a full system scan, and remove all the security infections detected. If, however, you have only one user account, please follow this guide (it will demonstrate how to create a new user account using Safe Mode with Command Prompt - using this newly created user account, you will be able to remove Metropolitan Police ransomware).

If Metropolitan Police virus also blocks your operating system's Safe Mode with Networking, follow these removal instructions:

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt mode loads, enter the following line: net user removevirus /add and press ENTER.

alt

3. Next, enter this line: net localgroup administrators removevirus /add and press ENTER.

creating new user using command prompt

4. Finally, enter this line: shutdown -r and press ENTER.

adding a new user in command prompt

5. Wait for your computer to restart, boot your PC in Normal Mode, and then login to the newly created user account ("removevirus"). This account will not be affected by the ransomware infection and you will be able to download and install recommended malware removal software to eliminate this virus from your computer.

new user account created

6. Download and install recommended malware removal software to eliminate this ransomware infection from your computer:

remover for Metropolitan Police virus

If you need assistance removing Metropolitan Police Virus, give us a call 24/7:
1-877-484-8393
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.

If the newly created user account is also affected by the ransomware infection, try performing a System Restore:

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window, click "Next".

restore system files and settings

5. Select one of the available restore points and click "Next" (this will restore your computer's system to an earlier time and date, prior to the ransomware infiltrating your PC).

select a restore point

6. In the opened window, click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of Metropolitan Police ransomware.

Alternative Metropolitan Police virus removal guide:

If this ransomware blocks your screen when you start your computer in Safe Mode with Networking, try starting your PC in Safe Mode with Command Prompt.

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

win 7 safe mode with command prompt

2. In the opened command prompt type explorer and press Enter. This command will open explorer window. Do not close it and continue to the next step.

3. In the Command Prompt type regedit and press Enter. This will open the Registry Editor window.

4. In the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

registy editor winlogon

5. In the right side of the window, locate "Shell" and right click on it. Click on Modify. The default value in the Data column is Explorer.exe - if you see something else displayed in this window, remove it and type Explorer.exe (take a note of whatever else was displayed in the Data column - this is the path of the rogue execution file). Use this information to navigate to the rogue executable and remove it.

6. Restart your computer, download and install legitimate anti-spyware software, and perform a full system scan to eliminate any remnants of Metropolitan Police scam.

remover for Metropolitan Police virus

If you need assistance removing Metropolitan Police Virus, give us a call 24/7:
1-877-484-8393
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode, making its removal more complicated. For this step, you need access to another computer. After removing Metropolitan Police scam from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.

Other tools known to remove Metropolitan Police virus:

If you continue having problems removing Metropolitan Police virus, or you cannot start your computer in Safe Mode, try booting your computer using a rescue disk. For this step you will need access to another computer.

Comments 

 
#13 kelly 2013-06-23 17:38
%SystemRoot%system32restorerstrui.exe

is the command line you all need for system restore in xp this works on a Dell laptop
Quote
 
 
#12 Red-Devil 2013-01-30 11:59
Hi all.

Being dealing with this virus some time as is it my job. The easy way to fix this is to download Avira AntiVir Rescue System cd, choose the iso file. When download is finish just double-click it and burn it with windows image burner.

Restart you computer booting up with cd, usually press F8 to get the boot menu. When avira start press 1 and enter, then when it is loaded up press scan system at the left down corner. It takes maybe 1-2 hours to complete the scan. When finish restart pc and it will work, but you will get one error because the virus can't start, do this.

Click start, all programs and delete the file in startup folder who has the same name as the popup error when you start your computer.

Now you have your computer back so happy surfing.

Best wish.
Red-Devil
Quote
 
 
#11 jack frere 2013-01-13 12:08
IF IT HELPS YOU CAN GET INTO THE PC AS FOLLOWS
WHEN THE SCREEN COMES UP WITH ALL THE POLICE BULL S
HIT AT THE SAME TIME
CTRL ALT DELETE
THEN HIT CLOSE DOWN
IN AN INSTANT HIT START AND CONTROL PANEL THEN CANCEL CLOSE DOWN

IVE DONE THIS THEN RUN SPY HUNTER AND IT HAS GOT RID OF IT FOR GOOD
YOU WILL FIND IT WONT LET YOU START IN SAFETY MODE WITH NETWORK
Quote
 
 
#10 TJ 2013-01-12 12:17
My computer is locked, and when I try all of these solutions, nothing works. When I go into safe mode and try to fix it, it always goes back to the locked page. Frustrated.
Quote
 
 
#9 Clive 2012-12-09 04:08
To Chris and Ashlea. Variants of this virus will change explorer.exe so that the shell pointer looks right but explorer is no longer bringing up explorer but the virus instead. In this case you have to download explorer.exe appropriate for your operating system on another PC and then remove explorer.exe and substitute the replacement.
Quote
 
 
#8 Ying 2012-11-18 10:38
what i did was pres Ctrl + alt + delete then press shut down

and the the screen locks go away
when this happen i quickly pres start then control panel

then when the shut down sigh come up say shut down? press cancel and wa la
Quote
 
 
#7 neil 2012-10-31 14:24
thanks for your help Ian, I will be downloading some of this software. thanks again Neil
Quote
 
 
#6 Jarvis 2012-10-16 16:56
Hi all,

I had the same issue, and just wanted to let you know that upon looking at the %temp% folder i found a lot of REG922 files that appeared at exactly that same time as the .jpg files and the .gif files the website uses when "locking" the screen. Once i deleted these the issue was resolved for me, this may not work for everyone but worth a mention.

Thanks
Quote
 
 
#5 Ian RM 2012-10-14 09:21
There is a more simple way to removed it. Start your PC in safe mode as described. Once loaded in safe mode, use the Windows repair function and RESTORE the computer back to a previous date. A date prior to the first appearance of the scam message.

Once Windows has reloaded amd message gone, run you internet security software or download software as descibed in the article.
Quote
 
 
#4 admin 2012-10-08 08:09
Hi Chris, try using a Kaspersky rescue disk. Instructions can be found here: http://www.pcrisk.com/computer-technician-blog/general-information/6775-how-to-boot-your-computer-using-a-rescue-disk
Quote
 
About the author:

I am passionate about computer security and technology. I have an experience of 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an editor for pcrisk.com since 2010.

Follow me on Google+ to stay informed about the latest online security threats.

Our malware removal guides are free. However, if you want to support us you can send us a donation.