Today, I had a callout to rid a customer’s PC of the notorious “police virus”, a particularly malicious adware that launches on startup, connects to the internet and then locks your screen with a full-screen warning from your local police force (in this case, Kent Police) warning you to pay a £100 fine online in order to unfreeze your PC.
You’ve probably heard about it on the news. There are a lot of sites explaining how to get rid of it, and a lot of them end up selling you a licence to an anti-virus, anti-trojan, anti-spyware or anti-malware bit of software.
It is a clever virus. It disables Task Manager, it disables your current anti-virus software, it locks your screen mode so you can’t see any files and worse of all, it launches at startup so there’s no escape.
The best way to get rid of it is to do it manually. As always, if you’re not comfortable rooting around under the bonnet of Windows, stop reading now and email me at firstname.lastname@example.org to arrange to get it done by someone who does.
Restart your PC in Safe Mode.
The first thing to do is to rip the virus out of the registry. Open regedit. Look in the following registries and delete any references to (random characters).exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run Once
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Spend= (random).exe
Navigate to C:\Documents and Settings\(Username)\Start Menu\Programs\Startup and delete the file that is made up of random characters, like this: diopsdi908209hj.exe.ink
Now go to C:\Documents and Settings\(Username)\Local Settings\Temp\ and delete all TMP items that are made up of random characters (th010190910.tmp) or two digit numbers (24.tmp).
Also worth checking on your desktop and in the System32 folder for other instances.
Empty the trash, restart. Uninstall your antivirus software and reinstall it. Update virus definitions. Run a full scan. Job done.