FacebookTwitterLinkedIn

Police Cybercrime Investigation Virus

Also Known As: Cybercrime Investigation Departament Ransomware
Type: Ransomware
Damage level: Severe

Tomas Meskauskas Written by on (updated)

What is Police Cybercrime Investigation?

If you see a message purportedly from the Cyber Investigation Department demanding payment of a 100 CAD (Canadian Dollars) fine, your PC is infected with ransomware from the 'Reveton' family. This is a scam created by cyber criminals to scare you into believing that you have violated certain laws and to trick you into paying a bogus fine.

This particular screen locker is targeted at Canadian computer users, however, other variants of this scam target computer users from the USA, UK, and Germany, etc.

Like its previous versions, this screen locker exploits the name of  an authority in order to make the message appear authentic. Neither the Police Cyber Investigation Department nor any other authorities collect fines for copyright violations in this way.

To further scare you into believing that this message and its demands are genuine, Cyber criminals incorporate a video recording window. This deceptive and intimidating tactic is used in the latest versions of 'Reveton' ransomware infections.

The screen locker also displays your location, IP address, and ISP. Whilst on first inspection this message might seem legitimate, it is in fact a scam.

Do not pay this fine - you will send your money to cyber criminals. The screenshots below are captured from Reveton and Urausy ransomware infections.

The removal guide provided will help remove both of these screen-lockers.

police cybercrime investigation department canada police cybercrime investigation department scam Cybercrime Investigation Department rogue program

Another variant of this ransomware virus called Police Cybercrime (Canadian Security Intelligence Service CSIS) "The computer is locked by Internet Service Provider", originates from a family called Revoyem (DirtyDecrypt). At time of writing, no known tools are available to decrypt the files encrypted by this ransomware virus.

Police Cybercrime (Canadian Security Intelligence Service CSIS)

Police Cybercrime Investigation Department ransomware originates from a family of ransomware called 'Reveton'; the previous versions targeting other countries were The FBI Federal Bureau of Investigation scam and Police Central e-crime Unit ransomware. Cyber criminals use your computer IP address to determine your country, and in this way, display the screen locker in your language.

Ignore the threatening message displayed by this ransomware and eliminate it from your computer.

Ukash (Smart Voucher Limited) is a legitimate company and is not related to ransomware viruses - Cyber criminals use the name of this service to extort money from unsuspecting PC users.

A fake message displayed by the Police  Cybercrime Investigation Department virus:

Police Cybercrime Investigation Department .
Attention! Your PC is blocked due to at least one of the reasons specified below:
You have been violating Copyright and Related Rights Laws (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Canada. Article 128 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years. You have been viewing or distributing prohibited Pornographic content (Child Porno/Zoofilia and etc). Thus violating article 202 of the Criminal Code of Canada. Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years. Illegal access to computer data has been initiated from your PC, or you have been...
Article 208 of the Criminal Code provides for a fine of up to CAD 100,000 and/or a deprivation of liberty for four to nine years.
Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law On Neglectful Use of a Personal Computer. Article 210 of the Criminal Code provides for a fine of CAD 2,000 to Cad 8,000. Spam distribution or other unlawful advertising has been effected from your PC as a profit-seeking activity or without knowledge, your PC may be infected by malware...

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
 ▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Police Cybercrime Investigation Departament virus removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK.

During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

alt

Video showing how to start Windows 7 in "Safe Mode with Networking":

Step 2

Log in to the account infected with the Cybercrime Investigation Department scam. Start your Internet browser and download a legitimate anti-spyware program.

Update the anti-spyware software and start a full system scan. Remove all the entries detected.


After completing these steps, your computer should be clean. Reboot your computer in normal mode.

Alternative Cybercrime Investigation Departament virus removal guide:

If this ransomware blocks your screen when you start your computer in Safe Mode with Networking, try starting your PC in Safe Mode with Command Prompt.

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

win 7 safe mode with command prompt

2. In the opened command prompt, type explorer and press Enter. This command will open the explorer window.

Do not close it and continue to the next step.

3. In the Command Prompt type regedit and press Enter. This will open the Registry Editor window.

4. In the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

registy editor winlogon

5. In the right side of the window, locate "Shell" and right click on it. Click on Modify.

The default value in the Data column is Explorer.exe - if you see something else displayed in this window, remove it and type Explorer.exe (take a note of whatever else was displayed in the Data column - this is the path of the rogue execution file). Use this information to navigate to the rogue executable and remove it.

6. Restart your computer, download and install legitimate anti-spyware software, and perform a full system scan to eliminate any remnants of Cybercrime Investigation Departament ransomware.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode, making its removal more complicated.

For this step, you need access to another computer. After removing Cybercrime Investigation Departament ransomware from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.

Anti-spyware programs known to detect and remove Cybercrime Investigation Departament virus:

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

How to prevent against infection
New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Top Removal Guides
QR Code
Cybercrime Investigation Departament Ransomware QR code
Scan this QR code to have an easy access removal guide of Cybercrime Investigation Departament Ransomware on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.