Got a question ? free answers ...
Warning: If you google for RCMP virus remove and get to a site which recommends you to delete any files or registry entries - DO NOT DO THIS. The following procedure will / should find and do all of the things to rid you of this particular problem.
Questions about viruses ?
The RCMP virus has been around for years. It is one of the scareware viruses in that it threatens police action unless you pay the RCMP - supposedly. Well - no money ever makes it to the RCMP - or any other legitimate agency. It is a scam - and if you do pay they won't even release your computer - the cads.
There are many more names / disguises for this virus: FBI moneypak virus, Citadel Reventon Malware, United States Cyber Security virus, FBI Ultimate Game Card virus, All Activity on This Computer Has Been Recorded-Fake FBI Warning infection, FBI Online Agent virus, Internet Crime Compliant Center Virus, PCeU virus (aka Metropolitan Police Ukash virus), Malex ransomware, Your computer is locked for violating the Law of Great Britain virus, DOJ virus, File Encryption Virus, SGAE virus, An Garda Síochána. Ireland’s National Police Service virus, ISCA 2012 virus, Automated Information Control System virus, ACCDFISA Protection Program ransomware, Celas ransomware, Votre ordinateur est bloque! Gendarmerie Ukash virus, Canadian Police Association Virus, Urausy virus/ransomware, Office Central de Lutte contre la Criminalité Virus, Bundesamt fur Polizei Virus, Canadian Police Cybercrime Investigation Department Virus, GEMA: Your computer has been locked virus, Den Syenska Polisen IT-Sakerhet Ransomware, Bundes Polizei Ukash virus, Australian Federal Police Ukash Virus, etc.
The Urausy malware group seems to be the original designer - others have altered and made it nastier over time. Most anti virus programs will catch this virus - but if you catch it it can be removed. If at any point in this process you cannot perform the required step call me or a qualified computer repair technician.
Perform the following steps:
Turn your computer off - remove the power plug ( if laptop also remove battery for ten seconds ). Replace power and press the power on button. While the computer is powering up repeatedly hit the F8 key once a second. You should see the Windows Advanced Options Menu as seen below. If you didn't get this screen try a couple of times more. If you can't get this screen running and you can't boot into another account on the computer then call me or any other reputable computer repair technician.
We are going to try and run a program called Malwarebytes. It is an anti virus program and is good at detecting and removing this type of malware / virus. Select the Safe Mode with Networking option. You should see a screen something like this:
You may be asked to sign inti your account here.
If you get the same Virus screens and you do NOT have a second login account you must take the computer to a technician to fix. At this point we want to run the Malwarebytes anti virus program. If you already have this program skip the download step.
Download and install the FREE version of malwarebytes - the free and paid versions will remove as much of any virus it detects. Start Internet Explorer ( Firefox, etc. ) and go to one of these sites or goolge for download free Malwarebytes:
After downloading and installing Malwarebytes, run the program. You should see the screen below ( or similar ), choose the Full Scan option.
This will take an hour or more - do not stop the scan until it completes. When the full scan completes you should see something like the following:
Select all of the entries and Remove Selected
At this point you can reboot the computer as normal and log into your account. The RCMP / other virus should not be locking up your system. However - you are not finished. You have got to check for other signs of damage. If any of these steps fail you will have to contact myself or some other computer technician.
If all of the above work normally you have removed the virus. There may be other damage to your computer that you may encounter - if you can't fix it send me an email describing the problem. Most emails are answered freely if I know or can find you have removed. Please describe the problem in as much detail as possible.