Police Virus - Your Operating System is Locked

Also Known As: Police Ransomware
Distribution: Low
Damage level: Severe

Police Virus "Your Operating System is Locked" removal guide

What is Police Virus - Your Operating System is Locked? 

"Police - Your operating system is locked" is a ransomware infection developed and distributed by cyber criminals. If you see this type of message blocking your computer screen, your PC is infected with a ransomware infection. Do not pay any fines demanded by this message, of which there are several variants. For example, PC users from Europe are ordered to pay a 100 Euro fine to unlock the operating system, whereas those from the USA and Canada, $200. Note that international authorities have no connection with this message - it is a scam. If you pay this fine, you will send your money to cyber criminals and your operating system will remain locked. This ransomware infection originates from a family of screen lockers called Goscri.

Police: Your operating system is locked scam

Cyber criminals responsible for creating this scam have localized their screen lockers - computer users will observe variants of this ransomware associated with their country. For example, PC users from the USA will observe the American flag in the header and the message will be modified accordingly as if sent from FBI. Cyber criminals exploit the names and graphics of local authorities in order to make their ransomware appear authentic. The localization of ransomware infections is possible due to this type of infection's ability to detect the IP address of the target computer. Combined IP address and ISP detection is sufficient to determine the location (country) of the computer. If you observe the "Police - Your operating system is locked" message on your PC, do not pay the fine. The correct way to deal with this scam is to eliminate it from your computer.

"Police - Your operating system is locked" ransomware is distributed using Trojans and drive-by downloads. Computer users can determine that this message is fake simply by studying it - the text is full of spelling mistakes. Cyber criminals also using malicious websites and search engine poisoning attacks to infiltrate Internet users' computers. To protect your PC, always use legitimate antivirus and antispyware software, and by frequently updating your operating system and installed programs, you will make your computer secure. If your computer is already infected with "Police - Your operating system is locked" ransomware, use the removal guide provided to eliminate it from your PC.

Ukash (Smart Voucher Limited) is a legitimate company and not related to ransomware viruses - cyber criminals use this service to extort money from unsuspecting PC users.

A deceptive message presented by the Police (Ukash virus):

POLICE.
Attantion!!!
Your operating system is locked due to violation of the laws of the (country name). Following violations were detected: This computer was used to visit websites containing pornography, child pornography, zoophilia and child abuse. Your computer also contains video files with pornographic content, elements of violence and child pornography! Spam-massages with terrorist motives were also sent from your computer. This computer lock is aimed to stop your illegal activity. To unlock the computer you are obliged to pay a fine of 100 euro. You can pay the forfeit in two ways:
1) Paying through Ukash: To do this, you should enter the 19 digits code in the payment and press "ENTER" (if you have several codes, enter them one after the other and press "ENTER")
2) Paying through Paysafecard: To do this, you should enter the 16 digits code (if necessary with a password) in the payment and press "ENTER" (if you have several codes, enter them one after the other and press "ENTER")
Where can I buy Ukash?
You can buy Ukash in many places, for example: shops, stalls, stand-alone terminals, on-line or through E-Wallet (electronic cash). Below you could find the ofpoint of sale Ukash in your country.

Instant automatic removal of Police Ransomware: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Spyhunter is a professional automatic malware removal tool that is recommended to get rid of Police Ransomware. Download it by clicking the button below:
▼ DOWNLOAD Spyhunter By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Spyhunter.

Quick menu:

Police (Ukash virus) removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

alt

Video showing how to start Windows 7 in "Safe Mode with Networking":

Step 2

Log in to the account infected with Police (Ukash virus). Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.

Cannot boot in Safe Mode with Networking? (Police Ukash virus blocks Safe Mode with Networking)

If you have more than one user account within your operating system, please log-in to the clean account and download the recommended malware removal software, install it and run a full system scan, remove all security infections detected. If, however, you have only one user account, please follow this guide (this describe how to create a new user account using Safe Mode with Command Prompt. Using this newly-created user account you will be able to remove the Police Ukash virus).

If the Police Ukash virus also blocks your operating system's Safe Mode with Networking, follow these removal instructions:

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: net user removevirus /add and press ENTER.

alt

3. Next, enter this line: net localgroup administrators removevirus /add and press ENTER.

creating new user using command prompt

4. Finally, enter this line: shutdown -r and press ENTER.

adding a new user in command prompt

5. Wait for your computer to restart, and then boot your PC in Normal Mode. Login to the newly-created user account ("removevirus"). This account will not be affected by the ransomware infection and you will be able to download and install recommended malware removal software to eliminate this virus from your computer.

new user account created

6. Download and install recommended malware removal software to eliminate this ransomware infection from your computer:

If the newly-created user account is also affected by the ransomware infection, try performing a System Restore:

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window, click "Next".

restore system files and settings

5. Select one of the available restore points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware infiltrating your PC).

select a restore point

6. In the opened window click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of Police ransomware.

Alternative Police (Ukash virus) removal guide:

If this ransomware blocks your screen when you start your computer in Safe Mode with Networking, try starting your PC in Safe Mode with Command Prompt.

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

win 7 safe mode with command prompt

2. In the opened Command Prompt, type explorer and press Enter. This command will open the Explorer window - do not close it and continue to the next step.

3. In the Command Prompt, type regedit and press Enter. This will open the Registry Editor window.

4. In the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

registy editor winlogon

5. In the right side of the window, locate "Shell" and right click on it. Click on Modify. The default value in the Data column is Explorer.exe - if you see something else displayed in this window, remove it and type Explorer.exe (take a note of whatever else was displayed in the Data column - this is the path of the rogue execution file). Use this information to navigate to the rogue executable and remove it.

6. Restart your computer, download and install legitimate anti-spyware software and perform a full system scan to eliminate any remnants of Police (Ukash virus).

Other tools known to remove Police (Ukash virus):