A lot of users all over the world had been already infected with these ransomwares. Metropolitan Police and FBI have the same goals and methods of work inside your system. As soon as one of them penetrates inside your system it automatically blocks your system. And you will not have the possibility to do anything at all. You will be provided with one message saying that you were caught spreading som ollegal materials or just visiting sites and links with such materials... And that is why you need to pay money to unblock your machine.
But do not rush tu pay anything! These are viruses and that is their aims to steal your money. You need to eliminate them. And the sooner you do that the better for your system.
Removal milestones:
1. Launch your PC in the safe mode with command prompt.
2. Do the next commands:
- reg delete hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /f
- reg delete hklm\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /f
3. Run the registry editor regedit.exe
4. In the registry editor:
- remove the parameter NoDesktop from HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
- remove the parameter DisableTaskMgr from HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
- Set the parameter 0 for HideIcons in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- Set explorer.exe for Shell in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
- remove the parameter Shell from HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
- find the parameter with the random name in HKCU\Software\Microsoft\Windows\CurrentVersion\Run and copy its name to the clipboard - and search in HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
- If the parameter is found remove the full entry
- remove the file, indicated in the parameter with the random name. To do this, enter the following combination del /f /q "parameter value" in the command line.
- remove the parameter with the random name in the registry entries HKCU\Software\Microsoft\Windows\CurrentVersion\Run HKLM\Software\Microsoft\Windows\CurrentVersion\Run
5. Now restart your PC. Enter the following combination shutdown -r -t 0 in the command line.
We recommend you to scan your system with GridinSoft Trojan Killer after the virus is deleted and check whether your system is clean o not.
SOURCE: http://www.deletemalware.net/metropolitan-police-and-fbi-viruses-beware-of-these-ranwomwares/
No comments:
Post a Comment