Ireland’s national police service virus – remove ukash ransomware from windows

Page 1

Ireland’s National Police Service Virus – Remove Ukash Ransomware from Windows Published on November 25, 2013

About Ireland’s National Police Service Virus There have been cases where full-screen messaged titled Ireland’s National Police Service , claiming to be the guard of the peace military police corps, lock down the whole computer as well as the keyboard to the extent that the key combination – Ctrl+Alt+Delete – will not be activated. With detected information including IP address, country, region, city, ISP, OS and user name, adoption of legal terms, demand of € 100 as ransomware in exchange of freedom, absolution of accusation of law infringement on the Internet and an unblocked computer, Ireland’s National Police Service virus has been successfully convinced wide range of PC users in Ireland that it is real. Nevertheless, it is a crippling Ukash virus.


Computers affected by Ireland’s National Police Service virus could display disordered scene to victims: • • • •

• •

F8 functional key becomes unable to bring up ‘Windows Advanced Options’. Some form of Safe Mode becomes inaccessible. A significant loss of performance happens in accessible mode. Other user accounts, if any, will be locked up by Ireland’s National Police Service virus should there be delay in its removal. Build-in service such as System Restore is always disabled by Ireland’s National Police Service virus. Some secure programs or the mostly used items would disappear from the computer locked by Ireland’s National Police Service virus.


As Ireland’s National Police Service virus is a Trojan supported infection, the longer the virus manages to survive on the compromised computer, the more functions will be disabled even if additional user accounts have been mounted on the same system. Apparently, immediacy is needed in removing Ireland’s National Police Service virus. If more disorder happens because of overwhelming Ireland’s National Police Service virus, feel free to ask for real-time help from VilmaTech Online Support .

Variants of Garda Síochána Virus To further deceive more PC users into handing over the non-existent ransom, cyber criminals keep creating variants (including Ireland’s National Police Service virus) of Garda Síochána that mainly targets Ireland to confuse victims as to which is real. In fear of punishment by the genuine department, not a few victims would do as what the Ireland’s National Police Service virus prescribes within. To prevent law-abiding PC users from being swindled, we hereby list down the variants of malicious Garda Síochána virus. NO.1


NO.2


NO.3


Efficacious Way to Remove Ireland’s National Police Service Virus Of course anti-virus program is always the tool to remove virus, but not always the top option when it comes to Ukash ransomware, which attributes to the fact that Ireland’s National Police Service virus is geared by Trojan that affects computers by copying vicious items


and distributing them into various directories referencing system operation; binding fatal items to system items that are protected by Windows. In other word, Ireland’s National Police Service virus manages to reproduce the deleted item by victim once some vicious executable items are activated. Since security utilities will not definitely help remove system items, even the ones resembles the genuine, manual method is advised to remove Ireland’s National Police Service virus. Be noted that incomplete removal of Ireland’s National Police Service virus can lead to BSOD (blue screen of death). Stick to the below instruction proved to be valid to most of the situations for a complete removal of Ireland’s National Police Service virus. Should there be any uncertainty, it is advised to consult professionals from VilmaTech Online Support for clear and explicit guidance.

Self-help Guide to Remove Ireland’s National Police Service Virus Step1. remove Ireland’s National Police Service virus by firstly enter into Safe Mode with Command Prompt. Windows 8 •

Press and hold Alt,Ctrl and delete key combination to bring up a blue screen with options.


Hold shift key and click on power button at the right-hand bottom at once.

Choose Troubleshoot with arrow keys and hit Enter key to bring up Troubleshoot window. Select Advanced options thereof. Hit Restart button again at the right bottom of the screen. Choose F6 and hit Enter key to get into safe mode with command prompt where a flashing slash/ line will be seen behind ‘System32′.

• • •

Windows 7/XP/Vista • • • •

Cold restart the locked-down computer. As it is booting but before Windows logo being seen, keep tapping “F8 key” continuously. “Windows Advanced Options Menu” window with option will be activated. Highlight “Safe Mode with Command Prompt” option and press Enter key to initiate a window with a flashing slash/ line


behind ‘System32′.

Step2. create a new user account with admin right from cmd lines. • •

Type ‘explore’ (without quotation) and hit Enter key to enable another desktop. Created a new user account with administrator right:

Windows 7 •

Click the Start menu to select Control Panel.


Double click on ‘User Accounts and Family Safety’ to continue the creation.

Select User Accounts to choose ‘Manage another account’ option. Then press on ‘Create a new account’ button to type the name you want to name the new user account. Tick ‘Administrator’ before clicking Create Account to finish creating a new administrative user account.

• •

Windows XP • • •

Click Start button before clicking on Control Panel. Double click on ‘User Account’ to select ‘Create a new account’ option. Type a name for the new user account before clicking on ‘Next’ button to continue.


Tick ’Computer administrator’ before clicking ‘Create Account’ option to finish the process.

Windows Vista • • • •

Start off by pressing on Start menu to select Control Panel. Select ‘Add or Remove User Accounts’ to click on ‘Create a New Account’ option. Enter an account name then select account type as administrator. Click ‘Create Account button’ to finish the process.

Windows 8 •

Double click on ‘Control Panel’ listed on the list of ‘Unpin’ located at the left-hand bottom at the Start screen.


Click on ‘Add a user’ under ‘Users’ located on the left pane. 1. Where Windows Live id is available, use it to create a new account. 2. Otherwise, click on ‘More about logon options’ to fill in the below given form.

Then follow the on-screen hint to finish creating a user account.


Step3. restart the computer once a new user account is created successfully. • •

Restart the computer normally without tapping on any keys when computer restarts. Enter into the newly created user account(take ‘VilmaTech.com for example’) when you are given options.

Step4. disable startup items generated by Ireland’s National Police Service virus . Windows 8 • •

Enable the Search Charm bar on the Start screen to type ‘Task’ before hitting on Enter key. Find and tick items generated by Ireland’s National Police Service virus.


Press ‘Disable’ option to confirm the change.

Windows 7/XP/Vista • • •

Launch Search/ Run box from Start menu to enter ‘msconfig’ there before hitting Enter key. Find and tick items generated by Ireland’s National Police Service virus under the start up tab. Press ‘Disable All’ option to confirm the change.

Step5. remove Ireland’s National Police Service virus by making modifications in database (registry editor). Windows 8 •

Hover mouse over lower right screen to enable Search Charm bar to type ‘regedit’ before hitting on Enter key.


Press and hold Ctrl+F to search for Winlogon.

Locate key labeled ‘Shell’ in the right pane. Right click on it and replace it with ‘explorer.exe’ to help remove Ireland’s National Police Service virus.

Windows 7/XP/Vista • •

Put ‘regedit’ in Run box initiated from Start menu and press Enter key. Press and hold Ctrl+F to search for Winlogon.

Locate key labeled Shell in the right pane.


Right click on it and replace it with ‘explorer.exe’ to help remove Ireland’s National Police Service virus.

Step6. show hidden files to remove the hidden items generated by Ireland’s National Police Service virus. Windows 8


Bring up Windows Explorer window by clicking on Windows Explorer application from Start Screen.

Select View tab on Windows Explorer window to obtain another window with options. Tick ‘File name extensions’ and ‘Hidden items’ options and press on ‘OK’ button for conformation. Navigate to Roaming folder and Temp folder respectively in Drive C to remove files with abnormal name, such as serial numbers with random letters.

• •

Windows 7/XP/Vista


Open ‘Control Panel’ from Start menu and search for ‘Folder Options’.

Under View tab to tick ‘Show hidden files and folders and nontick Hide protected operating system files (Recommended)’ and then click ‘OK’. Navigate to Roaming folder and Temp folder respectively in Drive C to remove files with abnormal name, such as serial numbers with random letters.

If inaccessibility happens to all the Safe Mode, ‘Repair Your PC’ with system CD might be helpful. However, slim hope will be seen out of Windows XP. If nothing is going to work, VilmaTech Online Support will help remove Ireland’s National Police Service virus with complex steps requiring high-tech skills in a bid to regain a completely functional computer.


Windows XP • • •

• •

Insert Windows XP CD into the drive (if Autoplay kicks in, exit out of it). Copy and Paste ‘sfc /scannow’ to the Run box and hit Enter key. All protected files will be scanned by Windows File Protection Service and integrity will be verified; any files with which it finds a problem will be replaced. The process will complete itself completely. Restart your computer once it is completed.

Windows 7 • • • •

Put Windows 7 CD in your CD-ROM and cold restart the infected computer to select ‘boot from the DVD/CD’ or the like. On the “Install Windows” screen, select appropriate language, time, keyboard and then click “Next” button to proceed. Click “Repair Your Computer” on the next screen. On “System Recovery Options” window, select the operating system you want to restore if any are listed, and click “Next” button. The “System Recovery Options” screen shows up and select “Startup Repair” to allow the computer to repair itself.


The infected computer will then restart itself once the repair session is completed.

Windows 8 • • • • • • •

Type ‘Advanced’ in Search Charm bar enabled from Start Screen. Click on ‘Settings’ category to select Advanced startup options. General PC Settings screen appears, scroll down to the bottom to select ‘Advanced startup’. Press on Restart now button to choose ‘Troubleshoot’ option. ‘Advanced options’ come the next followed by ‘Automatic Repair’. Log in the User Account(the one locked down by Ireland’s National Police Service virus) you wish to repair. Automatic repair will now start.


The infected computer will automatically restart once the repair work completes itself.

Windows Vista • •

• • • •

Insert Windows Vista DVD and restart the computer with the DVD in. ‘Press any key to boot from CD or DVD’ will be seen to display in black background, then press any key to start the booting process. ‘Windows is loading files’ will be seen right after that followed by another small progress bar several minutes later. Select the language and keyboard language you prefer and click Next button when you are given options. Click on the Repair Your Computer option at the bottom left of the install screen. Once the ‘Vista installation’ is located, highlight it with arrow keys and then click the Next button to locate the given options:


• •

Click on Startup Repair and allow the wizard finish itself. It is perfectly normal that the computer restarts after it finishes the process.

Conclusion: Ireland’s National Police Service virus is one of the variants of Garda Síochána that mainly targets PC users in Ireland for easy money. Such Trojan-supported virus manages to escape the detection and easy deletion by anti-virus programs with the technique to bind the key part to protected item. Once the database is modified successfully by Ireland’s National Police Service virus, the virus becomes capable of covering the malevolent executable attribute, enabling itself survive security programs. Manual method is therefore recommended. Good PC practice is always in need even if Ireland’s National Police Service virus has been removed completely and thoroughly for any carelessness would lead to vicious infiltration by infections and even Ireland’s National Police Service virus again. Be noted that residual damages can happen after the successful removal of Ireland’s National Police Service virus. Corresponding solution can be found here. Should there be any unexpected problems


happening, ask professionals from VilmaTech Online Support to provide efficient solution to the concrete situation.


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.