Palestinian Civil Police Force Virus
Written by Tomas Meskauskas
Damage level: Severe
Computer blocked by Palestinian Civil Police Force Virus (cashU scam) removal instructions
The Palestinian Civil Police Force message blocks users' computer screens and demands payment of a fine for alleged law violations. This is not a legitimate message, it is a ransomware virus created by cyber criminals to extort money from unsuspecting Palestinian PC users. This fake message makes bogus claims that the computer was blocked due to the user watching pornography or using pirated music and video files. Note that paying the $100 (100 Euro or 500 NIS) fine is equivalent to sending your money to cyber criminals responsible for creating this scam. This particular ransomware virus originates from a family called Urausy and predominantly targets Palestinian PC users.
Computer users should be aware that no international authorities (including the Palestinian Civil Police Force) or organizations use computer screen-blocking messages to collect fines for any law violations. Ransomware viruses from the Urausy family are localized so that PC users from different countries observe these fake messages as if sent by local authorities. For example, computer users from Canada receive this message as if sent by the Royal Canadian Mounted Police, and PC users from Australia, as if sent by the Australian Federal Police. If you see this message on your computer, you are dealing with a ransomware virus. Do not pay any fines - it is a scam.
The Palestinian Civil Police Force ransomware virus infiltrates Internet users' operating systems using exploit kits, which inject malicious code via any security vulnerabilities detected. Commonly this malware is proliferated using drive-by downloads, malicious websites, and infected email messages. If you see this message, do not trust it. Use the removal guide provided to eliminate the Palestinian Civil Police Force cashU scam from your computer.
Palestinian Civil Police Force virus removal:
Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Log in to the account infected with the Palestinian Civil Police Force ransomware virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.
If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.
Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.
3. Next, type this line: rstrui.exe and press ENTER.
4. In the opened window click "Next".
5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware infiltrating your PC).
6. In the opened window click "Yes".
7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the Palestinian Civil Police Force ransomware virus.
Other tools known to remove the Palestinian Civil Police Force ransomware virus: