Interpol Department of Cybercrime virus is an annoying Ransomware locking people from their PCs. It belongs to Police Virus ransomwares aka impersonates law institutions (in this case, Interpol). This is done to force people into paying a fine for up to 200 USD for supposedly broken law using pre-paid cards like Ukash, PaysafeCard and (in USA) Moneypak. Duo to the way pre-paid cards operate, it is impossible to get money paid for Interpol department of Cybercrime ransomware back. Thus it is better to avoid this parasite completely or get rid of it using other ways. Some versions of these ransomwares are really badly written and call themselves “Interpol department of Cibercrime” instead of Cybercrime. This shows lack of attention to details.
Interpol department of Cybercrime virus is distributed using exploit pages, spam messages or trojans hidden in files on various shady sites. Typically, these files are recognized by antiviruses quite soon and PCs running AVs are protected from such scams. However, sometimes your protection fails and the ransomware blocks you completely. department of Cybercrime malware is not too original and will display about the same text to scare you:
Your PC is blocked due to at least one of the reasons specified below.
You have been violating Copyright and Related rights law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of World Department of Cybercrime.
Article 128 of the Criminal Code provides a fine of 2 to 5 hundred minimal wages or a deprivation of liberty for 2 to 8 years.
…
This is obvious, that there is no global Criminal Code that is applicable Worldwide. And generally speaking, police would contact you personally if you would have broken any law. Thus never pay for law institutions using pre-paid cards or you will fund development of future versions of Interpol Department of Cybercrime virus and similar ones.
To remove Interpol Department of Cybercrime ransomware, follow these instructions
1. Reboot and press F8. Choose Safe mode
2a. If malware does not load, run MSConfig and disable all startup entries. Reboot normally. Continue to step 5.
3b . If Malware does load, reboot into safe mode with command prompt
4. Run Regedit and search for Winlogon
5. There will be shell variable under correct Winlogon, which references either explorer.exe (leave untouched), explorer.exe and something else (leave explorer.exe), Something from application data (change to explorer.exe) or something else (leave untouched).
6. Once you find the Interpol Department of Cybercrime virus file name (something from Application Data), search for it in registry and remove.
7. Close Regedit, enter Shutdown -r -t 0.
8. Important: Scan with anti-malware programs like Spyhunter or Malwarebytes Anti-Malware to confirm that your PC is fully cleaned up and no additional infection is present.
If something fails ask your questions bellow, or consult support on +1-888-334-2444.
Video guide for Interpol Departament of Cybercrime virus
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
Iv got the winlogon open but there isnt “shell” in it what do i do?
I enter safe mode with command prompt but then it asks which operating system to start – Microsoft windows Xp professional or that plus setup. How do I move on to do the Regedit part?
Run Microsoft Windows XP. No need to run setup.
Appreciate the help but step 5 is just unreadable. If you are going to write instructions can you please make them possible to follow.
R&B: Watch the video. Without it, the step requires some deeper understanding of how Windows registry works.
I tried going on safe mode and disabling all the startup entries but now it’s completely screwed
up my computer. Nothing will open properly, even the Internet. What have I done wrong?
Ben42: Disable proxy server. This might be after-effect for malware. You can always revert items you have checked it msconfig.
I can’t find the Interpol virus file, and don’t really know what I am looking for. Any suggestions how I would find it?
Susie : Make sure you see hidden and system files. Check MSConfig, if it is simpler version of parasite, it will be listed somehow ( in %appdata% or its subfolders usually, do not delete anything from C:\Windows ). The best way is to scan with anti-malware program.
Hi, Iv got the winlogon open but there isnt “shell” in it too, what should i do?
Jenny: Look for other instances.
I have opened with command prompt and have enter regedit but I cant find winlogon anywhere, what should I do?
It should be there. You could try running rstrui from command line as well, to restore to previous date and then scan with anti-malware programs from normal mode as well.
The video help me removed the virus. If the video was more clear would it been better! Thanks…
Good to hear and sorry for the video quality 🙂
I followed the procedure in the video and the virus was removed. thanks a lot man.
Followed the video and it worked perfect, thank you
amy : glad we had helped!
The vide worked until I had to try to download spyhunter or spybot,they will not download, Keep getting a warning that says was deleted because there was a virus? Please help I have went thru this 3 times today!
Tanya: You have additional infection. Try using hitman pro Kickstarter usb ( create one on uninfected PC). http://www.2-viruses.com/reviews/hitman-pro, run application, put empty usb disk in, choose create kickstart usb, after that boot infected PC from it.