Metropolitan Police Fake Virus
- Details
- Written by Neville Matthews Neville Matthews
- Published: 02 October 2012 02 October 2012
Metropolitan Police Fake Virus - Removal
Machine - Dell runing Windows XP Home Edition SP2
This is the second one of these I have seen in the last two weeks, not quite the same as the last one. This time it was a bit more difficult to remove because couldn't get to Safe Mode as it would BSOD'd (Blue Screen of Death) so couldn't get to the registry that way or attempt a System restore.
I ran a Anti-Virus scanner which found nothing perhaps because a screen pop-up is not actually doing anything to the file system so was not reported as a Virus. Possibly running SpyBot might have found it but was unable to get the machine in a state that any program installations could be performed.
The symptoms were Ctrl-Alt-Del are disabled and a screen pops up taking the whole screen asking for money. It is diffuclt to stop, ALT-Tab doesn't work nor does pressing the Windows key. What to do?
The question now is whether to do a Windows repair install, with the inherent risks or edit the registry to try to find the culprit.
On this occasion I tracked down a bootable XP creator with an Explorer like tool and a Registry editor. Using the explorer program and looking in the usual places, for files created on the date we know the problem occurred, turned up a very likely candidate. Next using this file name scan the Registry for the entry. Next moved the file to somewhere that the boot process wouldn't can't find it. Boot the machine to prove the particular file found was the problem., it was. Now edit the registry to remove the entry, finally delete the offending file/program (Shift-Delete not just Delete).
Run a number of power off/on to proove the problem had done away, problem solved - Happy client!
If you have a Virus or unwanted Adware program and you want it removed contact us.