The Polícia Judiciária de Portugal virus is a malware that mainly targets computers from Portugal. Its design and functioning are similar to those of Urausy family ransomwares. If you see a message stating “ATENÇÃO! O seu computador pessoal está bloqueado por razões de segurança, pelas seguntes razões”, you can be sure your computer is blocked by Polícia Judiciária de Portugal virus. Here is the extract from the message:
Você está acusado de visualização/armazenamento e/ou distribuição de materiais pornográficos conteúdo proibido (Pornografia infantil/ Bestialidade/Estupro, etc.) Você violou a Declaração Universal sobre a luta contra a disseminação de pornografia infantile e acusado de um crime nos termos do artigo 161 do Código Penal da República Portuguesa.
…
O tamanho da sua multa é de €100 euros.
A penalidade você pode pagar com vouchers PaySafeCard ou Ukash.
The blocking text informs about crimes committed by a computer user, such as distribution and viewing of pornographic content, using PC for spam e-mails and other breach of law. There are penalties also listed in the text yet you are given a chance to avoid severe punishment if you pay the fine as soon as possible. The sum is €100 euros. A computer user who has never heard of how ransomware infections work might easily believe the message and pay the ransom. The blocking screen looks as if sent by Polícia Judiciária de Portugal, Unidade Especial de Polícia and Interpol. If a computer has a webcam installed, it is activated and the warning states that your identity will be disclosed. Yet you should never pay any money before finding out more about the charges and where it comes from. First of all, official authorities never use prepaid payment systems like Ukash or PaySafeCard for collecting fines. If you see one listed as a payment option, you can suspect the message comes from scammers. Secondly, governmental institutions do not send remote warnings over computer. If there are any true charges put on you, you would be informed by other means.
There is no need to tell that paying the ransom will not remove Polícia Judiciária de Portugal virus. You should follow the removal guides given below. Choose the one that suites your situation best because various Polícia Judiciária de Portugal virus versions allow different functions on an infected computer. For the attack to be avoided in the future do not open unfamiliar e-mails or click on suspicious links, if you install any updates, get them only from official websites, follow safe Internet usage tips.
Polícia Judiciária de Portugal virus removal guide
If your computer has more than one user account and not all of them are locked, scan whole PC with anti-malware programs, e.g. spyhunter, by logging to the account that is not blocked. Another option is to use system restore. If none of these methods worked for you, do the following:
- Restart your computer;
- Press F8 while it is still restarting;
- Choose between safe modes in following order: Safe mode, Safe mode with command prompt
Then follow the guides below:
If your computer runs in Safe mode or Safe mode with networking
- Launch MSConfig.
- Disable startup items rundll32 turning on any application from Application Data. Note, that these are typical locations for Polícia Judiciária de Portugal virus but some others might be used.
- Restart the system once again.
- Scan with https://www.2-viruses.com/downloads/spyhunter-i.exe to identify Polícia Judiciária de Portugal virus files and delete it.
Here is a video showing how to complete the steps:
If your computer runs in Safe mode with command prompt
- Run Regedit.
- Search for WinLogon Entries. Write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe
- Search registry for Polícia Judiciária de Portugal virus files and delete the registry keys referencing the files
- Try to reboot and scan with Spyhunter.
- If this fails, try doing system restore from safe mode with command prompt (rstrui.exe)
If none of safe modes could be launched
Some versions of Polícia Judiciária de Portugal virus disable all safe modes, but give a short gap that you can use to run anti-malware programs:
- Reboot normally.
- Start->Run.
- Enter: http://2-viruses.com/downloads/spyhunter-i.exe . If malware is loaded, just press alt+tab once and keep entering the string blindly. Press Enter.
- Press Alt+tab and then R couple times. Polícia Judiciária de Portugal virus process should be killed.
Here is a video detailing this approach:
Hitman Pro USB disk
If you did not succeed using any of the methods above, try scanning PC with a bootable USB or DVD disk. These should be able to remove all versions of Polícia Judiciária de Portugal virus, but will not work if your hard drive is encrypted.
For that, we recommend using Hitman Pro Kickstarter USB.
- Download Hitman Pro on uninfected PC.
- Run Hitman and ask to create Kickstarter USB (option on initial screen)
- When USB ready, reboot infected PC with USB attached and press DEL
- Choose USB as primary boot device.
- Boot normally.
- Run Hitman Pro and https://www.2-viruses.com/downloads/spyhunter-i.exe . One of these programs should detect and remove malware from your PC.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,