Barry King> Computer Services and Support> Lady Lacey

Got a question ? free answers ...



Remove RCMP ( and related ) Virus

Warning: If you google for RCMP virus remove and get to a site which recommends you to delete any files or registry entries - DO NOT DO THIS. The following procedure will / should find and do all of the things to rid you of this particular problem.



Questions about viruses ?





The RCMP virus has been around for years. It is one of the scareware viruses in that it threatens police action unless you pay the RCMP - supposedly. Well - no money ever makes it to the RCMP - or any other legitimate agency. It is a scam - and if you do pay they won't even release your computer - the cads.



There are many more names / disguises for this virus: FBI moneypak virus, Citadel Reventon Malware, United States Cyber Security virus, FBI Ultimate Game Card virus, All Activity on This Computer Has Been Recorded-Fake FBI Warning infection, FBI Online Agent virus, Internet Crime Compliant Center Virus, PCeU virus (aka Metropolitan Police Ukash virus), Malex ransomware, Your computer is locked for violating the Law of Great Britain virus, DOJ virus, File Encryption Virus, SGAE virus, An Garda Síochána. Ireland’s National Police Service virus, ISCA 2012 virus, Automated Information Control System virus, ACCDFISA Protection Program ransomware, Celas ransomware, Votre ordinateur est bloque! Gendarmerie Ukash virus, Canadian Police Association Virus, Urausy virus/ransomware, Office Central de Lutte contre la Criminalité Virus, Bundesamt fur Polizei Virus, Canadian Police Cybercrime Investigation Department Virus, GEMA: Your computer has been locked virus, Den Syenska Polisen IT-Sakerhet Ransomware, Bundes Polizei Ukash virus, Australian Federal Police Ukash Virus, etc.



RCMP Virus



Ukashi Virus



The Urausy malware group seems to be the original designer - others have altered and made it nastier over time. Most anti virus programs will catch this virus - but if you catch it it can be removed. If at any point in this process you cannot perform the required step call me or a qualified computer repair technician.



Perform the following steps:



Turn your computer off - remove the power plug ( if laptop also remove battery for ten seconds ). Replace power and press the power on button. While the computer is powering up repeatedly hit the F8 key once a second. You should see the Windows Advanced Options Menu as seen below. If you didn't get this screen try a couple of times more. If you can't get this screen running and you can't boot into another account on the computer then call me or any other reputable computer repair technician.



Safe Mode networking

We are going to try and run a program called Malwarebytes. It is an anti virus program and is good at detecting and removing this type of malware / virus. Select the Safe Mode with Networking option. You should see a screen something like this:



Safe mode desktop

You may be asked to sign inti your account here.



If you get the same Virus screens and you do NOT have a second login account you must take the computer to a technician to fix. At this point we want to run the Malwarebytes anti virus program. If you already have this program skip the download step.



Download and install the FREE version of malwarebytes - the free and paid versions will remove as much of any virus it detects. Start Internet Explorer ( Firefox, etc. ) and go to one of these sites or goolge for download free Malwarebytes:



After downloading and installing Malwarebytes, run the program. You should see the screen below ( or similar ), choose the Full Scan option.



Malwarebytes full scan

This will take an hour or more - do not stop the scan until it completes. When the full scan completes you should see something like the following:



malwarebytes results

Select all of the entries and Remove Selected



At this point you can reboot the computer as normal and log into your account. The RCMP / other virus should not be locking up your system. However - you are not finished. You have got to check for other signs of damage. If any of these steps fail you will have to contact myself or some other computer technician.



  • Open up the Control Panel. Depending on your system open the Security icon and then the Firewall Icon. Ensure that the firewall is ON - if it is off try and turn it on.
  • Run Windows Update this is located in the Control Panel or alternately select Start then All Programs then look for Windows Update as one of the programs to run. On the Windows Update screen try and run the Check for Updates option.
  • Ensure that your Anti Virus program is still running. Run the check for updates or run scan now is working.
  • Run Task Manager is available - select buttons Ctrl-Alt-Del to bring it up


If all of the above work normally you have removed the virus. There may be other damage to your computer that you may encounter - if you can't fix it send me an email describing the problem. Most emails are answered freely if I know or can find you have removed. Please describe the problem in as much detail as possible.



References:

250-869-9759

Skype : Call me

If we can't fix it it's FREE

Serving:

  • Kelowna
  • Peachland
  • Westbank / West Kelowna
  • Elsewhere - Remote Support
Share

Computer Services and Support, #50 - 2005 Boucherie Rd, Westbank / West Kelowna, BC, V4T1R5, 250-869-9759