Cybercrime Investigation Departament scam (Ukash Virus)

How to unblock your computer after Cybercrime Investigation Departament scam?

If you see a message from Cyber Investigation Departament saying that you need to pay a fine of 100 Cad you can be sure that your PC is infected with a ransomware infection from the "Reveton" family. This is a scam created by cyber criminals to scare you into believing that you have violated some laws and to trick you into paying a non existent fine. This particular screen locker is targeted at Canadian computer users, other variants of this scam are targeting computer users from USA, UK, Germany, etc.

As it's previous versions this screen locker is exploiting the name of  an authority to make the message appear more legitimate. Notice that the Cyber Investigation Departament nor any of the other authorities are collecting fines for copyright violations in such way. To further scare you into thinking that this message stating about a fine is real Cyber criminals have incorporated a video recording window. This deceptive way of scaring people has been used in the latest versions of the "Reveton" ransomware infections. This screen locker also displays your location, IP address, and ISP. While on the first sight this message could seem legitimate in reality it's a scam. You shouldn't pay this fine - you will send your money to cyber criminals. Screenshots below are taken from Reveton and Urausy ransowmare infections, notice that the provided removal guide will help remove wither of these screen-lockers.

Cybercrime Investigation Departament originates from a family of ransomware called "Reveton", previous versions targeting other countries were The FBI Federal Bureau of Investigation scam and Police Central e-crime Unit ransomware. Notice that Cyber criminals using your computer's IP address can determine your country, the screen locker that is loaded on the infected machine will be shown in your language. You should ignore the threatening message presented in this ransomware and eliminate it from your computer.

Fake message shown in Cybercrime Investigation Departament screen locker:

Police
Cybercrime Investigation Departament
Attention! Your PC is blocked due to at least one of the reasons specified below.
You have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus
infringing Article 128 of the Criminal Code of Canada. Article 128 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years. You have been viewing or distributing prohibited Pornographic content (Child Porno/Zoofilia and etc). Thus violating article 202 of the Criminal Code of Canada. Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years. Illegal access to computer data has been initiated from your PC, or you have been...
Article 208 of the Criminal Code provides for a fine of up to Cad 100,000 and/or a deprivation of liberty for four to nine years.
Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating
the law On Neglectful Use of Personal Computer. Article 210 of the Criminal Code provides for a fine of Cad 2,000 to Cad 8,000. Spam distribution or other unlawful advertising has been effected from your PC as a profit-seeking activity or without knowledge, your PC may be
infected by malware...

Cybercrime Investigation Departament screen locker removal:

Step 1

Start your computer in safe mode. Click Start, then click Shut down. Select Restart and click OK. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.

Step 2

Log in to the account that is infected with Cybercrime Investigation Departament scam. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries that it detects.

remover for Cybercrime Investigation Departament screen locker

After completing these steps your computer should be clean, reboot your computer in normal mode.

Alternative Cybercrime Investigation Departament removal guide:

If this ransomware blocks your screen when you start your computer in safe mode with networking, try starting your PC in safe mode with command prompt.

1. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.

2. In the opened command prompt type explorer and press Enter. This command will open explorer window, don't close it and continue to the next step.

3. In the command prompt type regedit and press Enter. This will open the registry editor window.

4. In the registry editor window you should navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

5. In the right side of the window locate "Shell" and right click on it. Click on Modify. The default value data is Explorer.exe if you see something else written in this window remove it and type in Explorer.exe (you can write down whatever else was written in the value data section - this is a path of the rogue execution file) - use this information to navigate to the rogue executable and remove it.

6. Restart your computer, download and install a legitmate anti-spyware software and perform a full system scan to eliminate any left remnants of Cybercrime Investigation Departament ransomware.

remover for Cybercrime Investigation Departament screen locker

If you can't start your computer in safe mode with networking (or with command prompt) you should boot your computer using a rescue disk. Some variants of ransomware disables safe mode making it's removal more complicated. For this step you will need access to another computer. After removing Cybercrime Investigation Departament scam from your PC restart your computer and scan it with a legitimate antispyware software to remove any possibly left remnants of this security infection.

Anti-spyware programs known to detect and remove Cybercrime Investigation Departament scam:

• iS3 STOPzilla
• Malwarebytes Anti-Malware

Some malicious software modifies browser settings and disables downloads of spyware and virus removing software. If you have problems downloading anti-spyware software with Internet Explorer, try downloading with Chrome, FireFox, Opera, etc.

If you can't access Internet:

Load your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.

Start Task manager. Press ctrl+alt+del (or ctrl+shift+esc) and end task the processes of rogue program. ( if after this procedure you can't access any programs press ctrl+alt+del, click File, select New Task, and type explorer.exe then press OK.

Open Internet explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if a Use a proxy server for your LAN is checked, un-check it and press OK.

After this procedure you should be able to access Internet. Now you can download anti-spyware software from our "Top spyware removers" section and run a full scan. Download, install and don't forget to update your selected anti-spyware program.

Manual Cybercrime Investigation Departament scam removal:

If you were unable to remove Cybercrime Investigation Departament scam using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)

End these Cybercrime Investigation Departament screen locker processes:

random.exe

Delete these Cybercrime Investigation Departament screen locker files:

%Temp%\<random>.exe
%StartupFolder%\ctfmon.lnk