FacebookTwitterLinkedIn

Dansk Rigspolitiet Virus

Also Known As: Dansk Rigspolitiet Ransomware
Type: Ransomware
Damage level: Severe

Tomas Meskauskas Written by on (updated)

What is Dansk Rigspolitiet?

The Dansk Rigspolitiet, Koncern IT message, "OBS! Computeren er blevet blokeret af sikkerhedsmæssige årsager anført nedenfor", blocks computer screens and demands payment of a DKK 1000 fine using PaySafeCard or Ukash for alleged law violations, such as watching child pornography, using pirated copies of music and video files, etc.

This is a scam. The message is not sent by Dansk Rigspolitiet, it is a ransomware virus developed by cyber criminals. The screen-blocking message makes fake accusations of law violations in order to trick unsuspecting PC users from Denmark into paying a bogus fine. Note that paying this fine is equivalent to sending your money to cyber criminals.

Dansk Rigspolitiet

This message is not related to any legitimate authorities and is a consequence of a computer security infection. PC users from Denmark should be aware that no authorities or organizations, internationally, employ screen-blocking messages to collect fines for any law infringements.

This particular ransomware virus exploits the names of the Danish authorities "Politi" and "Dansk Rigspolitiet", however, other known variants of this scam target PC users from different countries and exploit the names of the Svensk National Bureau of InvestigationPoliisihallituksen, and many others.

Such localization of fake messages is possible since ransomware viruses have IP address detection capabilities. By using the IP address information, cyber criminals present victims from different countries with localized variants of their fake messages.

If your computer screen is blocked with a message supposedly sent by Dansk Rigspolitiet, and requesting payment of 1000 DKK in order to unblock your system, your computer is infected with a ransomware virus. Do not trust this message or pay the fine - it is a scam.

A variant of this ransomware virus, Dansk Politi "Computeren er låst af Politiet", originates from a family called Revoyem (DirtyDecrypt). Note that at time of writing, no known tools are available to decrypt files encrypted by this ransomware virus.

Dansk Politi

Update 2015/02/05 - Cyber criminals have updated the design of Dansk Rigspolitiet ransomware virus:

denmark Dansk Rigspolitiet ransomware virus reveton 2015

The Dansk Rigspolitiet ransomware virus originates from a family called Urausy. Cyber criminals responsible for creating this scam use Ukash or paysafecard pre-paid card services to collect the bogus fines. Furthermore, they implement a fake 48-hour countdown timer in order to create a sense or urgency.

The fake message states that unless the fine is paid within 48 hours, a criminal case will be opened. Common sources of ransomware viruses are infected email messages, malicious websites, and drive-by downloads.

To protect your computer from ransomware viruses, users should keep their operating system and installed programs (Flash, Java, etc.) up-to-date, since ransomware viruses are proliferated using 'exploit kits', which infiltrate users' computers via any security vulnerabilities detected within out-dated software.

To remain safe online, PC users should also use legitimate antivirus and anti-spyware programs. If your PC is already infected with Dansk Rigspolitiet ransomware, do not pay the fine - use this removal guide to eliminate the scam from your computer.

A fake message presented by the Dansk Rigspolitiet ransomware virus:

DANSK RIGSPOLITIET Koncern IT.
OBS! Computeren er blevet blokeret af sikkerhedsmæssige årsager anført nedenfor.
Du er anklaget for visning/lagring og/eller spredning af forbudte pornografi (børnepornografi/ dyresex/voldtægt osv). Du har overtrådt World Declaration om ikke-spredning af børnepornografi. Du er anklaget for at begå forbrydelsen omhandlet i artikelt61 i strafferet af Kongeriget Danmark.
Artikel 161 i strafferet af Kongeriget Danmark indeholder bestemmelser om straf for frihedsstraf fra 5 til 11 år.
Også, er du mistænkt for overtrædelse af "ophavsret og beslægtede rettigheder Lou" (downloading af piratkopieret musik, video) og anvendelse og/eller udbredelse af ophavsretligt beskyttet indhold. Således er du mistænkt for overtrædelse af artikel 148 i strafferet af Kongeriget Danmark.
Artikel 148 i strafferet af Kongeriget Danmark indeholder bestemmelser om straf for frihedsstraf fra 3 til 7 år eller 150-550 grundbeløb bøder. Det var fra din computer, at uautoriseret adgang til information om statens betydning og data lukket for offentlig adgang var blevet stjålet fra.
Uautoriseret adgang kunne have været arrangeret af dig selv om lejesoldat motiver. Eller uden din viden og samtykke, kunne din computer have været påvirket af malware. Derfor er du mistanket af uskyldigt overtrædelse af artikel 215 i strafferet af Kongeriget Danmark Flov om uagtsom og hensynsløs tilsidesættelse af computere og hjælpemidler") indtil undersøgelsen er holdt.
Artikel 215 i strafferet af Kongeriget Danmark indeholder bestemmelser om straf for frihedsstraf fra 5 til 8 år, og/eller op til DKK 1.500.000 danske kroner bøde.
Endvidere efter blev oplysninger om din personlige computer undersøgt. blev det konstateret, at din personlige computer havde været benyttet for bulk-spamming, enten arrangeret af dig selv om lejesoldat motiver, eller uden din viden og samtykke. hvis din computer kunne have været ramt af malware. Bulk-spamming er en måde at sprede malware over forbudte pornografi. Derfor er du mistanken af uskyldigt overtrædelse af artikel 301 i strafferet af Kongeriget Danmark ("Om bulk-spamming og malware (virus) spredning") indtil undersøgelsen er holdt.
Artikel 301 i strafferet af Kongeriget Danmark indeholder bestemmelser om straf for frihedsstraf op til 5 år og op til DKK 3.000.000 danske kroner bøde. Vær venligst opmærksom at både dine personlige identiteter og placering er godt identificeret, og straffesag kan åbnes i løbet af 96 timer som provision forbrydelser for ovenstående artikler. Straffesag kan sendes til retten.
I henhold til Ændringer til strafferet af Kongeriget Danmark dateret Juli 10, 2013, og i henhold til erklæringen om menneskerettigheder, kan din foragt for loven fortolkes som utilsigtede (hvis du begik ingen overtrædelse af loven før) og ingen arraignment vil følge. Men det er et spørgsmål om, hvorvidt du har betalt bøden til statskassen (til effekten af initiativer til beskyttelse af cyberspace).
Straffen sæt skal betales på 48 timer. På udløbet af 48 timer, vil der følge automatisk indsamling af data om dig og din forseelse, og straffesag vil blive åbnet imod dig. Mængden af bøden er DKK 1000 danske kroner. Du kan betale bøden med værdikuponer PaySafeCard eller Ukash. Så snart pengene ankommer til statskassen konto, vil din computer blive frigivet i løbet af 24 timer.
Derefter i 7 dage sigt, bør du afhjælpe overtrædelserne som er forbundet med computeren. Ellers vil din computer blive blokeret igen og straffesag mod dig vil blive indledt (med ingen mulighed for at betale bøden).
Vær venligst opmærksom, at du skal kun indtaste verificerede koder af værdikuponer og afstå fra caching af værdikuponer allerede brugt til bøde betaling. Hvis forkerete koder blev indtastet, eller hvis forsøg blev gjort for at annullere værdikuponer efter transaktionen, vil du blive sigtet for bedrageri (artikel 377 i strafferet af Kongeriget Danmark; 1 til 3 års fængsel), og straffesag vil blive åbnet.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
 ▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Dansk Rigspolitiet ransomware virus removal:

Step 1

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Windows 8 users: Go to the Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced Startup options, in the opened "General PC Settings" window select Advanced Startup. Click on the "Restart now" button. Your computer will now restart into "Advanced Startup options menu".

Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into the Startup Settings screen. Press "5" to boot in Safe Mode with Networking.

Windows 8 Safe Mode with networking

Video showing how to start Windows 8 in "Safe Mode with Networking":

Step 2

Log in to the account infected with the Dansk Rigspolitiet ransomware virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.


If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window click "Next".

restore system files and settings

5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware virus infiltrating your PC).

select a restore point

6. In the opened window click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the Dansk Rigspolitiet ransomware virus.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode making its removal complicated. For this step, you require access to another computer.

After removing the Dansk Rigspolitiet ransomware virus from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.

Other tools known to remove the Dansk Rigspolitiet ransomware virus:

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

How to prevent against infection
New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Top Removal Guides
QR Code
Dansk Rigspolitiet Ransomware QR code
Scan this QR code to have an easy access removal guide of Dansk Rigspolitiet Ransomware on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.