Remove Metropolitan Police virus (Removal Guide)
BY
STELIAN PILICI ON NOVEMBER 1, 2012
If your computer is locked, and you are seeing an “
Your computer has been locked!” notification that pretends to be from the Metropolitan Police, then your computer is infected with a piece of malware known as Trojan Urausy.
View attachment 352509
How did the “Metropolitan Police” virus got on my computer?
The Metropolitan Police virus is distributed through several means. Malicious websites, or legitimate websites that have been hacked, can infect your machine through exploit kits that use vulnerabilities on your computer to install this Trojan without your permission of knowledge.
Another method used to propagate this type of malware is spam email containing infected attachments or links to malicious websites. Cyber-criminals spam out an email, with forged header information, tricking you into believing that it is from a shipping company like DHL or FedEx. The email tells you that they tried to deliver a package to you, but failed for some reason. Sometimes the emails claim to be notifications of a shipment you have made. Either way, you can’t resist being curious as to what the email is referring to – and open the attached file (or click on a link embedded inside the email). And with that, your computer is infected with the Metropolitan Police virus.
The threat may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software, for instance a bogus update for Adobe Flash Player or another piece of software.
The Metropolitan Police virus is also prevalent on peer-to-peer file sharing websites and is often packaged with pirated or illegally acquired software.
What is the “Metropolitan Police ” ransomware?
The Metropolitan Police virus is part of the Troj/Urausy Ransomware family of computer infections that target computers in United Kingdom.
When installed the Metropolitan Police virus will display a bogus notification that pretends to be from Metropolitan Police and National Security Agency, and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.
The Metropolitan Police virus will lock you out of your computer and applications, so whenever you’ll try to log on into your Windows operating system or Safe Mode with Networking, it will display instead a lock screen asking you to pay a non-existing fine of $300 in the form of an Ukash or MoneyGram Xpress voucher. The malware’s authors prefer these payment services because transactions made through them cannot be reversed and are hard to trace.
Furthermore, to make this alert seem more authentic, this virus also has the ability to access your installed webcam, so that the bogus Metropolitan Police notification shows what is happening in the room.
Am I infected with the “Metropolitan Police” virus?
If your computer is infected with the Metropolitan Police ransomware, this infection will display a localized webpage that covers the entire desktop of the infected computer and demands payment for the supposed possession of illicit material. The message displayed by this ransomware infection can be localized depending on the user’s location, with text written in the appropriate language.
View attachment 352510
View attachment 352511
View attachment 352512
Cyber criminals often updated the design of this lock screen, however you should always keep in mind that the Metropolitan Police will never lock down your computer or monitor your online activities.
The Metropolitan Police lock screen is a scam, and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you send an $300 Ukash or MoneyGram Xpress voucher to these cyber criminals, and if you have, you can should request a refund, stating that you are the victim of a computer virus and scam.
How to remove the “Metropolitan Police” virus (Removal Guide)
This page is a comprehensive guide, which will remove the Metropolitan Police infection from your your computer. Please perform all the steps in the correct order. If you have any questions or doubt at any point, STOP and ask for our assistance.
The Metropolitan Police virus will start automatically when you login to your computer and display its screenlocker so that you are unable to access your computer, therefore we will need to remove this infection by using any of the below methods:
OPTION 1: Remove Metropolitan Police virus with with HitmanPro Kickstart
OPTION 2: Remove Metropolitan Police lock screen virus with System Restore
OPTION 3: Remove Metropolitan Police virus with Kaspersky Rescue Disk
OPTION 1: Remove Metropolitan Police virus with HitmanPro Kickstart
HitmanPro.Kickstart is the solution against police ransomware and other persistent malware that has taken your computer hostage or prevents normal computer use.
As the Metropolitan Police ransomware infection has locked you out of your computer, we will need to create a bootable USB drive that contains the HitmanPro Kickstart program.
We will then boot your computer using this bootable USB drive and use it to clean the infection so that you are able to access Windows normally again.
To perform this step, you will also need a USB drive, which will have all of its data erased and will then be formatted. Therefore, only use a USB drive that does not contain any important data.
- Using a “clean” (non-infected) computer, please download HitmanPro Kickstart from the below link.
HITMANPRO DOWNLOAD LINK (This link will open a download page in a new web page from where you can download HitmanPro Kickstart)
- Once HitmanPro Kickstart has been downloaded, please insert the USB flash drive that you would like to erase and use for the installation of HitmanPro Kickstart. Then double-click on the file namedHitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe(for 64-bit versions of Windows).
To create a bootable HitmanPro USB drive, please follow the instructions from this video:
- Now, remove the HitmanPro Kickstart USB drive and insert it into the computer infected with the Metropolitan Police virus.
- Once you have inserted the HitmanPro Kickstart USB drive, turn off the infected computer and then turn it on. As soon as you power it on, look for text on the screen that tells you how to access the boot menu.
View attachment 352513
The keys that are commonly associated with enabling the boot menu areF10, F11 or F12.
- Once you determine the proper key (usually the F11 key) that you need to press to access the Boot Menu, restart your computer again and start immediately tapping that key. Next, please perform a scan with HitmanPro Kickstart as shown in the video below.
- HitmanPro will now reboot your computer and Windows should start normally.Then please download Malwarebytes Anti-Malware andHitmanPro, and scan your computer for any left over infections as seen below.
OPTION 2: Remove Metropolitan Police lock screen virus with System Restore
System Restore helps you restore your computer’s system files to an earlier point in time. It’s a way to undo system changes to your computer without affecting your personal files, such as e‑mail, documents, or photos.
Because the Metropolitan Police virus will not allow you to start the computer in Windows regular mode, we will need to start System Restore from the Safe Mode with Command Prompt mode.
STEP 1: Restore Windows to a previous state using System Restore
- Reboot your computer into Safe Mode with Command Prompt. To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard.
View attachment 352514
If you are using Windows 8, the trick is to hold the Shift button and gently tap the F8 key repeatedly, this will sometimes boot you into the new advanced “recovery mode”, where you can choose to see advanced repair options. On the next screen, you will need to click on theTroubleshoot option, then select Advanced Options and selectWindows Start-up Settings. Click on the Restart button, and you should now be able to see the Advanced Boot Options screen.
- Using the arrow keys on your keyboard, select Safe Mode with Command Prompt and press Enter on your keyboard.
https://malwaretips.com/blogs/metropolitan-police-virus/
It's a 2012 link is the only problem, but with plenty of advice.
