"Europol - Your computer has been LOCKED" virus - how to unlock your computer?
"Europol - Your computer has been LOCKED" is a fake message that blocks computer users screen and asks to pay a non existent fine of 100 euro for supposedly made law violations. The deceptive message presented in this ransomware infection states that your computer was locked because you have downloaded or distributed copyrighted content (music and video files). These accusations are totally fake, the deceptive text that is in this message was created by Cyber criminals to scare PC users into paying this fake fine.
You should realize that none of the authorities around the world (including Europol) are using such screen lockers to collect fines for any law infringements. This message is a ransomware infection which originates from a family called Vicas, the second screenshot shows a fake message from Uremtoo ransomware. Previously released versions of this scam were exploiting the name of Interpol to scare PC users into paying fake fines. You shouldn't pay the fine of 100 euro - you will send your money to Cyber criminals and your computer will remain locked. Furthermore if you pay the money through Paysafecard or Ukash (prepaid cards) it will be very complicated to get back your money, such services were chosen by Cyber criminals to make their tracking more difficult for real authorities.
Europol - Your computer has been LOCKED scam is targeted at PC users from UK, however such ransomware infections are localised so PC users from France will see the same message translated to their local language. While other ransomware infections are also changing the graphics that appear in their deceptive messages this infection seems to only translate the text to different languages. Ransomware infections are able to identify the IP address of the PC that they infiltrate and accordingly present the localised version of the fake message. Don't trust any information presented in Europol - Your computer has been LOCKED virus and don't pay the fine, use the provided removal guide to eliminate this scam from your PC.
Ukash (Smart Voucher Limited) is a legitimate company and it's not related to ransomware viruses - Cyber criminals are using this service to escort money from unsuspecting PC users.
Fake message shown in Europol - Your computer has been LOCKED virus:
Your PC is blocked due to at least one of the reasons specified below:
Your computer has been trying to download and/or to install pirated software or multimedia files protected by international laws and has been blocked According to EU legislation you are required to pay 100 EUR administrative fees if this is the first time you have violated the copyright law. Downloading, installing and distributing Such materials is highly punishable and may leave a long lasting effect on your job and on your friends and relatives, if we don't receive a payment within 48 hours your personal information will be Sent TO your local police authorities. Your hardware used for distribution of pirated software will be confiscated and you will be arrested, charged and convicted for up to 5 years in prison time and registered as a thief for the rest of your life.
To help you make your payment faster and totally anonymous to you, we decided to accept vouchers that are spread nationwide and can be purchased in all major stores.
Eli Legislation p. 163.1 131 Every person who transmits, makes available, distributes, sells, advertises, imports, exports or possesses for the purpose of transmission, making available, distribution, sale, advertising or exportation any illegal software files is guilty of an indictable of fence and liable to imprisonment for a term not exceeding ten years and to a minimum punishment of imprisonment for a term of five years.
Fake message presented in other variants of Europol (Ukash or PaySafeCard) ransomware:
EUROPOL
European law enforcement agency
All activities of this computer has been recorded. All your files are encrypted.
You PC (Windows 7(64-Bit)) is blocked due to at least one of the reasons specified below.
You have been subjected to violation of Copyright and Related Rights Law Video, Music, Software) and illegally using or distributing copyrighted contents, thus infringing Article 1, Section 8. Clause 8. also known as the Copyright of the Criminal Code of Great Britain.. Article 1, Section 8, Cause 8 of the Criminal Code provides for a fine 01 100 to five hundred minimal wages or a deprivation of liberty for two to eight years. You have been viewing or distributing prohibited Pornographic contents: (Child Porno, Zoophilla and etc), terrorist materials. Thus violating article 202 of the Criminal Code of Great Britain, Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years. Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law on Neglectful Use of Personal Computer. Article 210 of the Criminal Codes provides for a fine of up to £100,000 and or deprivation of liberty for four to nine years. Pursuant to the amendment to Criminal Code of Great Britain of May28, 2011, this law infringement (if it is not repeated -first time) may be considered as conditional in case you pay the fine.
To unlock your computer and to avoid other legal consequences, you are obliged to pay a release fee of £100. Payable through Ukash or Paysafecard. You can buy the code at any shop organ station. When you pay the fine, your PC will be unblocked in 3 to 48 hours after the money is put into the your account, Please note: Fines may only be paid within 48 hours. As soon as 48 hours elapse, the possibility to pay the fine expires, and the criminal case will be initiated against you automatically within the next 48 hours!
Europol - Your computer has been LOCKED virus removal:
Step 1
During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.
Step 2
Log in to the account that is infected with Europol - Your computer has been LOCKED virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries that it detects.
remover for Europol - Your computer has been LOCKED virus
Some Europol virus variants encrypts files on user's computer.
If you are dealing with such infection you can use some of the tools listed below to decrypt your files.
To regain control of your files (decrypt) try using these tools:
Trojan.Winlock decoding utility (Dr.Web)
After completing these steps your computer should be clean, reboot your computer in normal mode.
Alternative Europol - Your computer has been LOCKED ransomware removal guide:
1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.
2. When command prompt mode loads enter the following line: cd restore and press ENTER.
3. Next type this line: rstrui.exe and press ENTER.
4. In the opened window click "Next".
5. Select one of the available restore point and click "Next" (this will restore your computer's system to an earlier time and date, before the ransomware infiltrated your PC).
6. In the opened window click "Yes".
7. After restoring your computer to a previous date download and scan your PC with a recommended anti-spyware software to eliminate any left remnants of Europol (Ukash or PaySafeCard) virus.
remover for Europol - Your computer has been LOCKED virus
If you can't start your computer in safe mode with networking (or with command prompt) you should boot your computer using a rescue disk. Some variants of ransomware disables safe mode making it's removal more complicated. For this step you will need access to another computer. After removing Europol - Your computer has been LOCKED scam from your PC restart your computer and scan it with a legitimate antispyware software to remove any possibly left remnants of this security infection.
Other tools known to remove Europol - Your computer has been LOCKED ransomware:
Some malicious software modifies browser settings and disables downloads of spyware and virus removing software. If you have problems downloading anti-spyware software with Internet Explorer, try downloading with Chrome, FireFox, Opera, etc.
If you can't access Internet:
Load your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.
Start Task manager. Press ctrl+alt+del (or ctrl+shift+esc) and end task the processes of rogue program. ( if after this procedure you can't access any programs press ctrl+alt+del, click File, select New Task, and type explorer.exe then press OK.
Open Internet explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if a Use a proxy server for your LAN is checked, un-check it and press OK.
After this procedure you should be able to access Internet. Now you can download anti-spyware software from our "Top spyware removers" section and run a full scan. Download, install and don't forget to update your selected anti-spyware program.
Manual Europol - Your computer has been LOCKED scam removal:
If you were unable to remove Europol - Your computer has been LOCKED virus using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)
End these Europol - Your computer has been LOCKED virus processes:
random.exe
Delete these Europol - Your computer has been LOCKED virus files:
%Temp%\<random>.exe
%StartupFolder%\ctfmon.lnk
Comments