DotFab Blog » Malware Removal»How to Remove New Zealand E-crime Lab Virus? (Ransomware Removal)

How to Remove New Zealand E-crime Lab Virus? (Ransomware Removal)


Your computer desktop has been taken over by a full screen notification purportedly from New Zealand Police, New Zealand E-crime Lab, Centre For Critical Infrastructure Protection (CCIP) and Interpol? You are freaked out by what is stated in this notification? Wondering if you should pay the alleged fine? Actually, you are infected by computer virus that you should remove immediately, so you should never pay the fine.


What Is New Zealand E-crime Lab Virus?


New Zealand E-crime Lab virus is classified as ransomware and belongs to the the Trojan/Urausy Ransomware family that has being in the wild since last year. This kind of ransomware works alike—prevents you from using your computer by displaying a full screen image pretending to be from the local authorities and asking you for payment to regain access. It is harder and harder to remove this kind of ransomware, because its author has crafted it to encrypt files on your computer or delete all the restore points on your computer.


The symptoms of being infected by New Zealand E-crime Lab virus:


Ⅰ. New Zealand E-crime Lab virus blocks you out of the Windows operating system and all the applications on the infected computer.


Ⅱ. You get the lock screen image titled with “Attention! Your computer has been blocked up for safety reasons listed below” instead whenever you try to boot your computer into Windows operating system or Safe Mode.

New Zealand E-Crime Lab virus


Ⅲ. In the fake notification it displayed, it claims that illegal online activities have been detected on your computer, so you have to pay a none-existing fine of NZD $100 via Ukash vouchers within 48 hours to unlock your computer, otherwise you will be accused.

Part of the message displayed in this bogus notification:

New Zealand Police
New Zealand E-Crime Lab
Centre for Infrastructure Protection (CCIP)

Your computer has been blocked for safety reasons listed below.

You are accused of viewing/storage and/or dissemination of banned pornography (child pornography/zoophilia/rape etc). You have violated World Declaration on non-proliferation of child pornography. You are accused of committing the crime envisaged by Article 161 of New Zealand criminal law.

Article 161 of New Zealand criminal law provides for the punishment of deprivation of liberty for terms from 5 to 11 years.

Also, you are suspected of violation of “Copyright and Related rights Law” (downloading of pirated music, video, warez) and of use use and/or dissemination of copyrighted content. Thus, you are suspected of violation of Article 148 of New Zealand Criminal Law.

Article 148 of New Zealand criminal law provides for the punishment of deprivation of liberty for terms from 3 to 7 years or 150 to 550 basic amounts fine.

It was from your computer, that unauthorized access had been stolen to information of State importance and to data closed for public Internet access.

The penalty set must be paid in course of 48 hours as of the breach. On expiration of the term, 48 hours that follow will be used for automatic collection of data on yourself and your misconduct, and criminal case will be opened against you.

Amount of fine is NZD $100. You can pay a fine Ukash vouchers.

As soon as the money arrives to the Treasury account, your computer will be unblocked in course of 24 hours.

Then in 7 day term you should remedy the breaches associated with your computer. Otherwise your computer will be blocked up again and criminal case will be opened against yourself (with no option to pay fine).


Ⅳ. Even you are lucky enough to restart your computer to Safe Mode successfully, you will find that all the restore points are deleted.


Even if it exploits the names and logos of New Zealand Police, New Zealand E-crime Lab, Centre For Critical Infrastructure Protection (CCIP) and Interpol, you should be aware that it is a scam and this bogus notification has nothing to do with these authorities. You should never pay the ransom as it requested, for the cyber criminals will not unlock your computer even you pay the money. On the contrary, this may put your personal information at risk.


Other Prevailing  Ransomware Infections: Mandiant U.S.A. Cyber Security MoneyPak/MoneyGram virusWhite Screen VirusRoyal Canadian Mounted Police Ukash VirusU.S. Department of Homeland Security RansomwareREloadit VirusPolice Central e-crime Unit VirusFBI Cybercrime Division VirusYour Computer Has Been Locked RansomwareICE Cyber Crimes Center Moneypak VirusAustralian Federal Police (AFP) Ukash VirusCheshire Police Authority PCeU VirusFBI MoneyPak VirusFBI “System Failure” Virus, ICE Cyber Crime Center virus, United States Cyber Security virus, Department of Justice virus, Ministry of Public Safety Canada ransomware, Internet Police Department virus, FBI Department of Defense ransomware, etc.


Removal Instructions for New Zealand E-crime Lab Virus Using Anvi Rescue Disk



Deny Flash

Some variants of ransomware exploit Java or Flash vulnerabilities to load the malicious code. The symptoms of the infection may be suspended by denying flash. Then you can navigate through the infected system. If this step is not necessary for the removal, then skip to the next step.

To deny/disable flash:
Visit → select the Deny radio option



Since your computer is blocked from everything, including the running of Safe Mode with Command Prompt, and all the restore points are deleted, then this removal guide may walk you out of this ransomware.

You can follow the instructions in the following video to get rid of the New Zealand  E-crime Lab virus by using Anvi Rescue Disk.


Or, you can follow the following step by step instruction.


Step 1 Use a clean computer to download Anvi Rescue Disk files

Download the Anvi Rescue Disk iso image file Rescue.iso and the USB disk production tool BootUsb.exe from Anvisoft official site.

Direct download link:

Please kindly note that Rescue.iso is a large file download; please be patient while it downloads.


Step 2 Record Anvi Rescue Disk iso image to USB drive

You can also record the iso image to a CD/DVD. We will introduce the steps to record iso image to a CD/DVD in following guide.

1. Connect USB to the computer.

You’d better backup your important data and format your USB drive before use it to record the iso image.

2. Locate your download folder and double click on BootUsb.exe to start it. And then click “Choose File” button to browse into your download folder and select Rescue.iso file as your source file.

USB burning

3. Select the path of USB drive, such as Drive H:

4. Click “Start Burning” to start the burn of USB Rescue Disk boot drive.

5. Close BootUsb.exe tool when you get the following message.


Now, you have bootable Anvi Rescue Disk to repair your infected computer.


Alternative Option-Record the iso Image to a CD/DVD

Any CD/DVD record software is fine for burn iso image. If you don’t have one, you can download and install Nero Burning ROM and ImgBurn. Here we will use Nero Burning ROM for demonstration purpose.

1. Open and start Nero Burning ROM and select Burn Image from the drop-down menu of the Recorder.

CD/DVD recorder

2. Locate your download folder and select Rescue.iso file as your source file and then click Open button.

3. Click Burn button to start record the iso image.

After a few minutes, you will have a bootable Anvi Rescue Disk to repair your computer.


Step 3 Configure your computer to boot from USB drive/CD/DVD

Restart your infected computer and configure your computer to boot from USB drive/CD/DVD that recorded Anvi Rescue Disk. Basically, you can use F8 to load USB boot menu.

For different motherboard, you may need to use the Delete or F2, F11 keys, to load the BIOS menu. Normally, the information how to enter the BIOS menu is displayed on the screen at the start of the OS boot.

boot menu instruction

The keys F1, F8, F10, F12 might be used for some motherboards, as well as the following key combinations:

• Ctrl+Esc
• Ctrl+Ins
• Ctrl+Alt
• Ctrl+Alt+Esc
• Ctrl+Alt+Enter
• Ctrl+Alt+Del
• Ctrl+Alt+Ins
• Ctrl+Alt+S


Step 4 Boot your computer from Anvi Rescue Disk


1. Restart your computer and press any key to load Anvi Rescue Disk.

2. After you enter Anvisoft Rescue Disk menu, please selected your preferred language and press Enter to continue.

Anvi Rescue disk language setting


Step 5 Scan and remove malicious files and repair registry errors

1. Now you are in the mini Operating system, please double click Rescue tool to start Anvi Rescue disk.

Anvi Rescue Disk


2. Make sure that your computer is connected to network connection before you run a scan on your computer. You can go to Network Troubleshooting Tips for Ransomware Removal using Anvi Rescue Disk for tutorial.

Internet connection


3. Run a full scan by clicking the “Scan Computer” button in the middle of the program to detect and kill the PC lockup virus.

Anvi Rescue disk scan


4. Clicking “Fix Now” to Remove the detected threat by Anvi Rescue Disk.

Anvi Rescue disk fix now


5. Switch to Repair tab. Scan and fix the registry error with the “Repair” module of Anvi Rescue Disk.

Anvi Rescue disk repair

Important Note: You must repair the registry error after kill the virus. You are probably disabled to boot your Windows without fixing registry damaged by the virus.


Step 6 Scan and remove persistent residual files with Anvi Smart Defender

Some ransomware variants are incredibly persistent, so you are highly recommended to download the antimalware promgram Anvi Smart Defender to remove all the detected threats as prompted.


After download, please restart your computer to normal Windows mode and then go to the folder: C:\Users\[username]\Downloads.

Or you can download it from this direct download link: when you boot your computer to normal Windows mode.

1. Double click asdsetup.exe file to install Anvi Smart Defender, then switch to Scan tab to perform a Full Scan.

Anvi Smart Defender-2


2. When scan finished you can click on view details to check the threats have been detected.


Anvi Smart Defender-scan resulte


3. Click on Remove button to delete all the threats have been detected.


Now your computer should be free from the infection of New Zealand E-crime Lab virus. If you have any question concerning the removal of this virus, please feel free to contact us by sending us your email.


How Does This Kind of Ransomware Infect a Computer and How to Prevent?


1. Ransomware of the like often infect a computer through drive-by download and trojan placed on malicious and compromised websites, so keep away from such websites.

2. It may also be distributed via infected attachments or links containing in spam email. Please be cautious when you received email from strangers, and do not open or download attachments, or click on links in such emails unless you trust them.

3. Malwares usually explore the vulnerabilities of your computer system to infect your computer. You should keep your operating system and all the installed applications up-to-date and patch the system vulnerabilities timely when prompted.

4. Apart from that you can keep the antimalware program Anvi Smart Defender as an additional protection to your computer. The Guard function puts your computer under a real-time protection, but you need to buy or upgrade to its pro version to get Full Guard. It will keep you away from malware and malicious websites, too.

Anvi Smart Defender purchase link: 

For more detailed information on how to prevent from being infected by ransomware please browse this post: What Is Ransomware –How to Prevent