FacebookTwitterLinkedIn

Nacionalni Preiskovalni Urad Virus

Also Known As: Nacionalni Preiskovalni Urad Ransomware
Type: Ransomware
Damage level: Severe

Tomas Meskauskas Written by on (updated)

What is Nacionalni Preiskovalni Urad?

The following message is a scam and should not be trusted: Nacionalni Preiskovalni Urad, Uprava kriminalistične policije and Urad za informatiko in telekomunikacije, "POZOR! Vaš računalnik je blokiran iz varnostnih razlogov nižje".

The message states that computer users must pay a 100 Euro fine using paysafecard or Ukash - this is a ransomware virus created by cyber criminals. Paying this fine is equivalent to sending your money to cyber criminals.

PC users from Slovenia should be aware that no authorities or organizations, internationally, use computer screen-blocking messages to collect fines for any law violations.

Cyber criminals responsible for developing this scam make false accusations of law infringements (watching pornography involving minors, distributing copyrighted content, etc.) to scare computer users into paying this bogus fine.

Nacionalni Preiskovalni Urad virus

This particular ransomware virus originates from a family called Urausy and is proliferated via infected email messages, drive-by downloads, and malicious websites. After successful infiltration, this security threat blocks the user's desktop and disables all Windows features, which would otherwise allow termination of the fake message.

If you see a message supposedly sent by Nacionalni Preiskovalni Urad, demanding payment of a fine to unblock your computer, your PC is infected with a ransomware virus - do not pay the fine, it is a scam.

Update 2015/02/05 - Cyber criminals have updated the design of Nacionalni Preiskovalni Urad ransomware virus:

slovenia Nacionalni Preiskovalni Urad ransomware virus reveton 2015

The Nacionalni Preiskovalni Urad ransomware virus targets PC users from Slovenia, however, users from other countries are at risk, since ransomware viruses from the Urausy family are localized and target other countries. Localization is possible as ransomware viruses detect the IP address of infected computers, and thus adapt their fake messages accordingly.

For example, PC users from the USA (with operating systems infected by this scam) receive the message translated into English as if sent by the FBI. Department of Defense. 

As ransomware viruses are distributed using 'exploit kits', which rely on outdated software, the best way to protect your computer is to keep all installed programs up-to-date. If your computer is already infected with the Nacionalni Preiskovalni Urad virus, use the removal instructions provided to eliminate this scam.

A fake message presented by the Nacionalni Preiskovalni Urad ransomware virus:

Nacionalni Preiskovalni Urad.

Uprava kriminalistične policije. 
Urad za informatiko in telekomunikacije.

POZOR! Vaš računalnik je blokiran iz varnostnih razlogov nižje.

Obdolženja) ste ogledovanja/prehranjevanja in oz. ali razmnoževanja pornografije z prepovedano vsebino (otroška pornografija, zoofilija, nasilna pornografija in t.d.). Prekršilja) ste Mednarodno deklaracijo o boju proti razmnoževanju otroške pornografije, ter obdolženja) ste kaznivega dejanja po 161. čl. Kazenskega zakonika Rebublike Slovenije.
V skladu s 161 čl. Kazenskega zakonika Rebublike Slovenije je kazen zapor od 5 do 11 let.
Obdolženja) ste tudi kršitve "Zakona o avtorskih in sorodnih pravicah" (nalaganje piratske glazbe, video ter nelicenčnega softverja) ter uporabe in oz. ali razmnoževanja kontenta, ki je pod zaščito avtorskih pravic. Torej osumljenja) ste kršitve 148. čl. Kazenskega zakonika Rebublike Slovenije.
Kazen po 148. čl. Kazenskega zakonika Rebublike Slovenije je globa v vsoti od 150 do 550 minimalnih plač ali zapor od 3 do 7 let.
Preko vašega računalnika je bil opravljen neupravičen vhod v sistem z zaprto za javnost informacijo ter s podatki deržavnega pomena v spletu.
Neupravičen vhod ste opravilja) bodisi namenoma oz. z namenom neupravičene bogatitve ali pa je takšen vhod lahko opravljen tudi brez vaše vednosti in soglasja preko virusnega programa, s katerim je okužen vaš računalnik. Tako do preiskave ste osemljen(a) nenamerne kršitve 215. čl. Kazenskega zakonika Rebublike Slovenije ("Zakon o malomarni uporabi računalniške opreme ter računalnika").
Po 215. čl. Kazenskega zakonika Rebublike Slovenije velja kot kazen globa v vsoti do €100.000,00 evro in oz. ali zapor od 5 do 8 let.
V postopku analize podatkov v vašem računalniku je bilo ugotovljeno redno množično razpošiljanje spama iz vašega računalnika, kar ste opravilja) bodisi namenoma oz. z namenom neupravičene bogatitve ali pa takšno razpošiljanje spama lahko opravljeno tudi brez vaše vednosti in soglasja preko virusnega programa. s katerim je okužen vaš računalnik. Podatki v elektronskih pismah s spamom širjajo virusni softver ali materiale s prepovedano pornografsko vsebino. Tako do preiskave ste osemljenja) nenamerne kršitve 301. čl. Kazenskega zakonika Rebublike Slovenije )Zakon o boju s spamom in razmnoževanjem virusnega softverja oz. virusi).
Po 301. čl. Kazenskega zakonika Rebublike Slovenije velja kot kazen globa v vsoti do €250.000,00 evro in zapor do 5 let.
Opozarjamo vas, da so vaši posebni podatki ter lokacija ugotovljeni ter zoper vas se lahko sproži kazenski postopek. in to najkasneje 96 ur po kršitvi zgoraj navedenih členov Kazenskega zakonika. Gradivo v kazenski zadevi se bo predano v pristojno sodišče.
Vendarle v skladu s popravki Kazenskega zakonika Rebublike Slovenije z dne 10. julija 201 3 ter z Deklaracijo človekovih pravic lahko kršitve, katerih ste osumljenja), veljajo kot nenamerne (v primeru, če gre za vaš prvi primer kršitev) in vi lahko oproščenja) kazenske odgovornosti. To bi veljalo v primeru, ko plačate globo v korist države (za razvoj projektov v smeri zaščite spletnega omrežja).
Globo plačate najkasneje 48 ur od kršitve. Po poteku tega roka se takoj začne 48-urni postopek avtomatičnega popolnega zbiranja vaših osebnih podatkov, in zoper vas se lahko sproži kazenski postopek.
Vsota globe znaša €100 evro. Globo lahko plačate preko napotnic PaySafeCard.
Takoj po plačilu globe bojo denarna sredstva zaračunana na račun države. Vaš računalnik pa bo odblokiran tekom 24 ur.
Najkasneje 7 dni po opravljenem odblokiranju vašega računalnika morate opraviti vsa nujna popravila v vašem računalniku. Če tega ne opravite, se bo vaš računalnik ponovno blokiran, in zoper vas se lahko sproži kazenski postopek (brez možnosti plačila globe).
Opozarjamo vas, da v postopku plačevanja globe vtipkate dejanske kode napotnic, kakor tudi ne prenašate po opravljenem plačilu vnesene napotnice v gotovino. V primeru vtipkanja napačnih kodov napotnic ali poskusa anuliranja napotnic po opravljenem plačilu, boste obtožen(a) tudi goljufije (377. čl. Kazenskega zakonika Rebublike Slovenije, po katerem je kazen zapor od 1 do 3 let) ter zoper vas bo sprožen kazenski postopek.

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
 ▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Nacionalni Preiskovalni Urad virus removal:

Step 1

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Windows 8 users: Go to the Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced Startup options, in the opened "General PC Settings" window select Advanced Startup. Click on the "Restart now" button. Your computer will now restart into "Advanced Startup options menu".

Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into the Startup Settings screen. Press "5" to boot in Safe Mode with Networking.

Windows 8 Safe Mode with networking

Video showing how to start Windows 8 in "Safe Mode with Networking":

Step 2

Log in to the account infected with this ransomware virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.


If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window click "Next".

restore system files and settings

5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the virus infiltrating your PC).

select a restore point

6. In the opened window click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of this ransomware virus.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt),boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode making its removal complicated. For this step, you require access to another computer.

After removing the Nacionalni Preiskovalni Urad ransomware virus from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.

Other tools known to remove the Nacionalni Preiskovalni Urad ransomware virus:

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

How to prevent against infection
New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Top Removal Guides
QR Code
Nacionalni Preiskovalni Urad Ransomware QR code
Scan this QR code to have an easy access removal guide of Nacionalni Preiskovalni Urad Ransomware on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.