Removing "Police Virus - Your Operating System is Locked" screen-locking malware
Written by Tomas Meskauskas on (updated)
What is" Police Virus - Your Operating System is Locked"?
"Police - Your operating system is locked" is a ransomware infection developed and distributed by cyber criminals. If you see this type of message blocking your computer screen, your PC is infected with a ransomware infection. Do not pay any fines demanded by this message, of which there are several variants.
For example, PC users from Europe are ordered to pay a 100 Euro fine to unlock the operating system, whereas those from the USA and Canada, $200. Note that international authorities have no connection with this message - it is a scam.
If you pay this fine, you will send your money to cyber criminals and your operating system will remain locked. This ransomware infection originates from a family of screen lockers called Goscri.
Cyber criminals responsible for creating this scam have localized their screen lockers - computer users will observe variants of this ransomware associated with their country. For example, PC users from the USA will observe the American flag in the header and the message will be modified accordingly as if sent from FBI.
Cyber criminals exploit the names and graphics of local authorities in order to make their ransomware appear authentic. The localization of ransomware infections is possible due to this type of infection's ability to detect the IP address of the target computer.
Combined IP address and ISP detection is sufficient to determine the location (country) of the computer. If you observe the "Police - Your operating system is locked" message on your PC, do not pay the fine. The correct way to deal with this scam is to eliminate it from your computer.
"Police - Your operating system is locked" ransomware is distributed using Trojans and drive-by downloads. Computer users can determine that this message is fake simply by studying it - the text is full of spelling mistakes. Cyber criminals also using malicious websites and search engine poisoning attacks to infiltrate Internet users' computers.
To protect your PC, always use legitimate antivirus and antispyware software, and by frequently updating your operating system and installed programs, you will make your computer secure. If your computer is already infected with "Police - Your operating system is locked" ransomware, use the removal guide provided to eliminate it from your PC.
Ukash (Smart Voucher Limited) is a legitimate company and not related to ransomware viruses - cyber criminals use this service to extort money from unsuspecting PC users.
A deceptive message presented by the Police (Ukash virus):
POLICE.
Attantion!!!
Your operating system is locked due to violation of the laws of the (country name). Following violations were detected: This computer was used to visit websites containing pornography, child pornography, zoophilia and child abuse. Your computer also contains video files with pornographic content, elements of violence and child pornography! Spam-massages with terrorist motives were also sent from your computer. This computer lock is aimed to stop your illegal activity. To unlock the computer you are obliged to pay a fine of 100 euro. You can pay the forfeit in two ways:
1) Paying through Ukash: To do this, you should enter the 19 digits code in the payment and press "ENTER" (if you have several codes, enter them one after the other and press "ENTER")
2) Paying through Paysafecard: To do this, you should enter the 16 digits code (if necessary with a password) in the payment and press "ENTER" (if you have several codes, enter them one after the other and press "ENTER")
Where can I buy Ukash?
You can buy Ukash in many places, for example: shops, stalls, stand-alone terminals, on-line or through E-Wallet (electronic cash). Below you could find the ofpoint of sale Ukash in your country.
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is Police Virus - Your Operating System is Locked?
- STEP 1. "Police Virus - Your Operating System is Locked" virus removal using safe mode with networking.
- STEP 2. "Police Virus - Your Operating System is Locked" virus removal using safe mode with command prompt.
- STEP 3. "Police Virus - Your Operating System is Locked" ransomware removal using System Restore.
- STEP 4. Remove "Police Virus - Your Operating System is Locked" manually by deleting files and registry entries.
Police (Ukash virus) removal:
Step 1
Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Step 2
Log in to the account infected with Police (Ukash virus). Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.
Cannot boot in Safe Mode with Networking? (Police Ukash virus blocks Safe Mode with Networking)
If you have more than one user account within your operating system, please log-in to the clean account and download the recommended malware removal software, install it and run a full system scan, remove all security infections detected.
If, however, you have only one user account, please follow this guide (this describe how to create a new user account using Safe Mode with Command Prompt. Using this newly-created user account you will be able to remove the Police Ukash virus).
If the Police Ukash virus also blocks your operating system's Safe Mode with Networking, follow these removal instructions:
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. When Command Prompt Mode loads, enter the following line: net user removevirus /add and press ENTER.
3. Next, enter this line: net localgroup administrators removevirus /add and press ENTER.
4. Finally, enter this line: shutdown -r and press ENTER.
5. Wait for your computer to restart, and then boot your PC in Normal Mode. Login to the newly-created user account ("removevirus"). This account will not be affected by the ransomware infection and you will be able to download and install recommended malware removal software to eliminate this virus from your computer.
6. Download and install recommended malware removal software to eliminate this ransomware infection from your computer:
If the newly-created user account is also affected by the ransomware infection, try performing a System Restore:
Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.
3. Next, type this line: rstrui.exe and press ENTER.
4. In the opened window, click "Next".
5. Select one of the available restore points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware infiltrating your PC).
6. In the opened window click "Yes".
7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of Police ransomware.
Alternative Police (Ukash virus) removal guide:
If this ransomware blocks your screen when you start your computer in Safe Mode with Networking, try starting your PC in Safe Mode with Command Prompt.
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. In the opened Command Prompt, type explorer and press Enter. This command will open the Explorer window - do not close it and continue to the next step.
3. In the Command Prompt, type regedit and press Enter. This will open the Registry Editor window.
4. In the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
5. In the right side of the window, locate "Shell" and right click on it. Click on Modify. The default value in the Data column is Explorer.exe - if you see something else displayed in this window, remove it and type Explorer.exe (take a note of whatever else was displayed in the Data column - this is the path of the rogue execution file). Use this information to navigate to the rogue executable and remove it.
6. Restart your computer, download and install legitimate anti-spyware software and perform a full system scan to eliminate any remnants of Police (Ukash virus).
Other tools known to remove Police (Ukash virus):
Frequently Asked Questions (FAQ)
My computer is infected with "Police Virus - Your Operating System is Locked" malware, should I format my storage device to get rid of it?
No, "Police Virus - Your Operating System is Locked" malware's removal does not require formatting.
What are the biggest issues that "Police Virus - Your Operating System is Locked" malware can cause?
"Police Virus - Your Operating System is Locked" is a screen-locking ransomware (screenlocker) - a type of malware designed to deny access to devices by displaying a ransom-demanding message (which can be disguised as a fine issued by authorities).
However, in addition to financial losses (brought upon by paying a ransom or fake fine), screenlockers may have other harmful functionalities, such as data-stealing abilities that pose privacy-related threats.
What is the purpose of "Police Virus - Your Operating System is Locked" malware?
Since the goal of "Police Virus - Your Operating System is Locked" malware is to extract payments from victims, its purpose is to generate revenue. While most malicious programs share this goal, cyber criminals can also use malware for their own amusement or to disrupt processes (e.g., websites, services, etc.), carry out personal vendettas, or even launch politically/geopolitically motivated attacks.
How did "Police Virus - Your Operating System is Locked" malware infiltrate my computer?
Malware is most commonly spread via drive-by (stealthy/deceptive) downloads, spam emails and messages, online scams, dubious download channels (e.g., freeware and third-party sites, Peer-to-Peer sharing networks, etc.), illegal software activation tools ("cracks"), and fake updates.
Furthermore, some malicious programs can self-proliferate via remote servers and removable storage devices (e.g., USB flash drives, external hard drives, etc.).
Will Combo Cleaner protect me from malware?
Yes, Combo Cleaner is capable of detecting and eliminating practically all known malware infections. It has to be mentioned that since sophisticated malicious software tends to hide deep within systems - running a full system scan is essential.
Outstanding!
▼ Show Discussion