Greek Police Virus
Written by Tomas Meskauskas
Damage level: Severe
ΕΛΛΗΝΙΚΗ ΔΗΜΟΚΡΑΤΙΑ Virus "Ο ΥΠΟΛΟΓΙΣΤΗΣ ΣΑΣ ΕΧΕΙ ΜΠΛΟΚΑΡΙΣΤΕΙ" - how to remove?
This message (supposedly delivered from the Greek Cyber Crime Unit), blocks computer screens and demands payment of a 100 Euro fine by using Ukash or PaySafeCard. This is a scam. The message is not sent by Greek authorities - it is a deceptive message developed by cyber criminals in order to scare unsuspecting PC users into paying the bogus fine. Note that paying this fine is equivalent to sending your money to cyber criminals. No international authorities (including the Greek Cyber Crime Unit) use screen blocking messages to collect fines for any law infringements. Messages such as these are called ransomware. Cyber criminals responsible for creating these scams, target different countries and the ransomware infections are designed with the capability to determine the IP addresses of computers they infiltrate.
Greece is targeted by a number of ransomware families including Reveton and Urausy, both of which, translate the deceptive message into Greek and exploit the graphics of local authorities. Note that PC users from different countries observe this message as if sent by local authorities or organizations. For example, computer users from the USA observe this message as if it delivered by the FBI Cybercrime Division or the U.S. Department of Homeland Security. Messages that block computer screens have no connection with genuine authorities - it is a scam and should not be trusted.
Greek Republic "Your computer has been blocked" ransomware is proliferated using Trojans and drive-by downloads. Commonly, infections with rogue screen lockers are a consequence of poor PC security. To protect your computer, always use legitimate antivirus and anti-spyware software, and furthermore, keep your operating system and installed software up-to-date. If your computer is already infected with Greek Republic (Cyber Crime Unit) "Your computer has been blocked" ransomware, do not pay any fines - use the removal guide provided to eliminate this scam from your PC.
"Ο ΥΠΟΛΟΓΙΣΤΗΣ ΣΑΣ ΕΧΕΙ ΜΠΛΟΚΑΡΙΣΤΕΙ" virus removal:
Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 8 in "Safe Mode with Networking":
Video showing how to start Windows 7 in "Safe Mode with Networking":
Log in to the account infected with the "Ο ΥΠΟΛΟΓΙΣΤΗΣ ΣΑΣ ΕΧΕΙ ΜΠΛΟΚΑΡΙΣΤΕΙ" virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.
If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.
Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.
3. Next, type this line: rstrui.exe and press ENTER.
4. In the opened window click "Next".
5. Select one of the available restore points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware infiltrating your PC).
6. In the opened window click "Yes".
7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the "Ο ΥΠΟΛΟΓΙΣΤΗΣ ΣΑΣ ΕΧΕΙ ΜΠΛΟΚΑΡΙΣΤΕΙ" scam.
Other tools known to remove the "Ο ΥΠΟΛΟΓΙΣΤΗΣ ΣΑΣ ΕΧΕΙ ΜΠΛΟΚΑΡΙΣΤΕΙ" virus: