DotFab Blog » Malware Removal»How to Remove Politie Office Central Virus? (Ransomware Removal Guide)

How to Remove Politie Office Central Virus? (Ransomware Removal Guide)

 

A full screen notification pops up and takes over your computer whenever you turn your PC on? The notification resembles the official document from Politie Office Central? The message in the notification says that your computer is blocked because it is involved in the distribution of pornographic material, violation of copyright and related law and so on? Then your computer has been infected by Politie Office Central Ukash virus. This post will guide you to remove this virus.

 

What Is Politie Office Central Ukash Virus?

 

Politie Office Central Ukash virus is a ransomware program which targets computer users from Belgium. Once installed on your computer, Politie Office Central Ukash virus will display a full screen fake notification that pretends to be from Politie Office Central. The bogus notification claims that your computer is blocked due to illegal activities such as distributing copyright content, pornographic material and spam mail and asks you to pay a non-existing fine of 100 euro via Ukash or Paysafecard payment system to gain access to your computer again.

The screenshot of Politie Office Central Ukash virus:

Politie Office Central Ukash virus

The message displayed in the fake notification:

Politie
Office central de lutte contre la criminalité liée aux technologies de l’information et de la communication
Attention! Votre ordinateur est bloqué à cause d un ou de plusieurs motifs, indiqués ci-dessous. 
Vous avez violé la loi “Sur le droit d’auteur et les droits contigus (Vidéo, Musique, Logi-ciel) et vous avez illégalement servi et/ou diffusé le contenu protégé par le droit d’auteur, de ce fait vous avez violé l’article 128 du Code pénal de la France.
L’article 128 du Code pénal prévoit lamende d’un montant de 2 jusqu’à 500 rémunérations du travail minimales ou la privation de liberté pour de 2 à 8 ans.
Vous avez visionné ou diffusé le contenu pornographique interdit (Child Porno/Zoofilia and etc), ayant violé l’article 202 du Code pénal de la France.
L’article 202 du Code pénal prévoit la privation de liberté pour de 4 à 12 ans. L’accès illégal aux données informatiques a été effectué de votre ordinateur ou vous…
L’article 208 du Code pénal prévoit l’amende d’un montant de 100.000€ et/ou la privation de liberté pour de 4 à 9 ans. L’accès illégal a été effectué à votre insu, votre ordinateur est probablement infecté par Le logiciel nuisible, de ce fait vous voulez la loi sur ‘L’utilisation négligente de Ordinateur”. L’article 210 du Code pénal prévoit l’amende d’un montant de 2000€ jusqu’à 8000E.
La diffusion du spam ou une autre opération publicitaire illégale à but lucratif a été effectué de votre ordinateur, ou à votre insu, votre ordinateur est probablement infecté par le logiciel nuisible.
L’article 212 du Code pénal prévoit l’amende d’un montant jusqu’à 250.000€ et la privation de liberté pour jusqu’à 6 ans. Si cette opération donnée a été produite à votre insu, vous tombez sous le coup de (article 210 indiqué ci-dessus du Code pénal de la France. Maintenant nous déterminons votre identité et votre location, pendant 72 heures une affaire pénale contre vous est à ouvrir en vertu d’un ou de plusieurs articles indiqués ci-dessus.
Conformément aux amendments au Code pénal de la France du 28 mai 2012, cette infraction à la loi (en cas d’absence de la répétition d’un crime) peut être considérée avec sursis en cas du paiement de l’amende au profit de (État. Vous ne pouvez payer l’amende que pendant 72 heures après la violation.
À l’expiration de 72 heures la possibilité de payer L’amende est annulée, une affaire pénale contre vous sera pendant prochaines 72 heures automatiquement ouverte!
La somme de l’amende fait 100E. 
Au paiement de l’amende et après ce que l’argent est reçu sur le compte de l’État votre ordinateur sera débloqué pendant 1 à 72 heures. Après le déblocage vous avez 7 jours ouvrables pour corriger cette infraction.
Si vous, à l’expiration de 7 jours ouvrables, n’avez pas corrigé tous les délits, votre ordinateur sera bloqué de nouveau, et une affaire pénale contre vous sera automatiquement ouverte en vertu d’un ou de plusieurs articles énumérés ci-dessus. Vous pouvez payer l’amende au profit de l’État par les procédés suivants.

Politie Office Central Ukash virus will lock down your computer system and all the applications. It will take over your desktop with the bogus notification within few seconds whenever you try to log on into your Windows operating system or Safe Mode with Networking.

You should know that the Politie Office Central virus message is a scam and you should never pay the ransom as it requested, because even you pay the money, the virus will not be removed. And you should know that governmental department will never report about your wrongdoing in this way, not to mention use pre-paid card payment system to collect the fine.

 

How Does Politie Office Central Ukash Virus Infect Your Computer?

 

Politie Office Central Ukash virus gets on your computer when visit malicious websites or compromised websites that may drop this Trojan onto your computer, or when you install free software. Sometimes it will disguise as useful software. Spam email is also a way to distribute this kind of virus, so you be cautious when you get email from unknown address and do not open the attachment or links contained in such emails.

 

How to Remove Politie Office Central Ukash Virus?

 

                                                                                                           

Deny Flash

Some variants of ransomware exploit Java or Flash vulnerabilities to load the malicious code. The symptoms of the infection may be suspended by denying flash. Then you can navigate through the infected system. If step is not necessary for the removal, then skip to the next step.

To deny/disable flash:
Visit http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html → select the Deny radio option

                                                                                                           

 

Option 1 Restore the Operating System Through Safe Mode with Command Prompt

 

System Restore will bring your computer operating system back to a point before you get infected by this Politie Office Central Ukash virus.

 

1. Turn off your computer and then back on.

2. During the start, tap F8 key repeatedly till you are brought to the Windows Advanced Options Menu.

3. Use the arrow keys to highlight Safe Mode with Command Prompt and then press Enter.

Safe Mode with Command Prompt

4. Once the Command Prompt window comes out, quickly type “explorer” and hit Enter.

If you fail to do so in a few seconds, the ransomware will not allow you to type any more. You should restart the computer to the safe mode and repeat the process.

Command Prompt window

5. Find out the file rstrui.exe and press Enter.

The location of the file:

Windows XP: C:\windows\system32\restore\rstrui.exe

Windows 7/Vista: C:\windows\system 32\rstrui.exe

rstrui.exe file

6. Follow all the steps to restore your computer system to an earlier time and date (restore point) before the infection.

4

Please note that some professionally crafted ransomware variants will delete all you system backup, so you can’t execute system restore.

7. Run a computer scan with Anvi Smart Defender and remove the infected files.

Anvi Smart Defender direct download link

Download and install Anvi Smart Defender → run Anvi Smart Defender → switch to Scan tab → run a Full Scan

Anvi Smart Defender

8. Boot your computer into normal mode and run a system scan again to make sure all the infected files were removed.

Now your computer should have got rid of the infection of the Politie Office Central Ukash virus, but you will notice that some software installed after the restore point has gone.

 

Option 2 Use Anvi Rescue Disk to Remove Politie Office Central Ukash Virus

 

If your computer is blocked from everything, including the running of Safe Mode with Command Prompt, then you need to go through Option 2.

You can follow the instructions in the following video to get rid of Politie Office Central Ukash Virus by using Anvi Rescue Disk.

 

Or, you can follow the following step by step instruction.

Step 1 Use a clean computer to download the Anvi Rescue Disk iso image file Rescue.iso and the USB disk production tool BootUsb.exe from Anvisoft official site.

Direct download link: http://www.anvisoft.com/software/rsd/

Please kindly note that Rescue.iso is a large file download; please be patient while it downloads.

Step 2 Record Anvi Rescue Disk iso image to USB drive.

You can also record the iso image to a CD/DVD. We will introduce the steps to record iso image to a CD/DVD in following guide.

1. Connect USB to the computer.

You’d better backup your important data and format your USB drive before use it to record the iso image.

2. Locate your download folder and double click on BootUsb.exe to start it. And then click “Choose File” button to browse into your download folder and select Rescue.iso file as your source file.

USB burning

3. Select the path of USB drive, such as Drive H:

4. Click “Start Burning” to start the burn of USB Rescue Disk boot drive.

5. Close BootUsb.exe tool when you get the following message.

congratulations

Now, you have bootable Anvi Rescue Disk to repair your infected computer.

Alternative Option-Record the iso Image to a CD/DVD

Any CD/DVD record software is fine for burn iso image. If you don’t have one, you can download and install Nero Burning ROM and ImgBurn. Here we will use Nero Burning ROM for demonstration purpose.

1. Open and start Nero Burning ROM and select Burn Image from the drop-down menu of the Recorder.

CD/DVD recorder

2. Locate your download folder and select Rescue.iso file as your source file and then click Open button.

3. Click Burn button to start record the iso image.

After a few minutes, you will have a bootable Anvi Rescue Disk to repair your computer.

Step 3 Restart your computer and configure your computer to boot from USB drive/CD/DVD that recorded Anvi Rescue Disk. Basically, you can use F8 to load USB boot menu.

For different motherboard, you may need to use the Delete or F2, F11 keys, to load the BIOS menu. Normally, the information how to enter the BIOS menu is displayed on the screen at the start of the OS boot.

boot menu instruction

The keys F1, F8, F10, F12 might be used for some motherboards, as well as the following key combinations:

• Ctrl+Esc
• Ctrl+Ins
• Ctrl+Alt
• Ctrl+Alt+Esc
• Ctrl+Alt+Enter
• Ctrl+Alt+Del
• Ctrl+Alt+Ins
• Ctrl+Alt+S

Step 4 After you enter Anvisoft Rescue Disk menu, please selected your preferred language and press Enter to continue.

Anvi Rescue disk language setting

Step 5 Now you are in the mini Operating system, please double click Rescue tool to start Anvi Rescue disk.

Anvi Rescue Disk

Step 6 Make sure that your computer is connected to network connection before you run a scan on your computer. You can go to Network Troubleshooting Tips for Ransomware Removal using Anvi Rescue Disk for tutorial.

Internet connection

Step 7 Please run a full scan by clicking the “Scan Computer” button in the middle of the program to detect and kill the PC lockup virus.

Anvi Rescue disk scan

Step 8 Clicking “Fix Now” to Remove the detected threat by Anvi Rescue Disk.

Anvi Rescue disk fix now

Step 9 Switch to Repair tab. Scan and fix the registry error with the “Repair” module of Anvi Rescue Disk.

Anvi Rescue disk repair

Important Notice: You must repair the registry error after kill the virus. You are probably disabled to boot your Windows without fixing registry damaged by the virus.

Step 10 Download and install Anvi Smart Defender to full scan your computer and remove all the infections detected.

Some ransomware variants are incredibly persistent, so you are highly recommended to download the antimalware promgram Anvi Smart Defender to remove all the detected threats as prompted.

Download-ASD-in-Rescue-Disk

After download, please restart your computer to normal Windows mode and then go to the folder: C:\Users\[username]\Downloads.

Double click asdsetup.exe file to install Anvi Smart Defender, then perform a Full Scan.

Or you can download it from this direct download link: http://www.dotfab.com/download_asd.html when you boot your computer to normal Windows mode.

Now your computer should be free from the infection of Politie Office Central Ukash virus.

 

                                                                                                           

Malware prevention tips

The malware usually explores the vulnerabilities of your computer system to infect your computer. You should upgrade your system timely and patch the system vulnerabilities when prompted.

Apart from that you can keep the antimalware program Anvi Smart Defender as an additional protection to your computer. The Guard function puts your computer under a real-time protection, but you need to buy its pro version to get Full Guard. It will keep you away from malware and malicious websites.

Click Anvi Smart Defender to buy its pro version.