01 Dec

Federal Department of Justice and Police Virus Displays! – How to Remove Ransomware (Tips Attached)

Tweet about this on TwitterShare on FacebookShare on Google+Share on TumblrDigg thisPin on Pinterest

Federal Department of Justice and Police Virus has nothing to do with the department, on the contrary, it has been taken advantage by cyber crooks to hoax Swiss for CHF 150. Here is the snapshot of the spurious page that locks up PC screen:

From the content, we can see that CHF 150 paid by Paysafecard is ransom for law infringements, such as using copyrighted content, watching pornography, etc., while in reality all of the statements are fraudulent and are used to scare computer users into paying the none-existent fine. Federal Department of Justice and Police Virus works just like the recent ransomware Internet Crime Complaint Center Virus

Things Should be Noted with Ransomware around

We take ransomware for granted after the successive scam appearance, especially those who had solved ransomware once at the early stage. To know ransomware better, please have a glance at the list made by Tee Support technicians 24/7 online:

  • Fake warning malware straight to boot-looping, even you try to use Last Known Good Configuration
  • Cyber criminals are able to use the name of a local authority and the translated deceptive message to scare PC users into paying a fine. So it is not exclusively to certain area.
  • Trials with safemode with networking but fail to load as does all other safemode with or without network cable attached.
  • Restore to a previous working session does nothing.
  • The longer you have ransomware, the more characteristics will be added to the virus, thus the more functionalities will be disabled.

Should any of the puzzles included in the list above hinders you from deleting it or operating anything, or if unexpected troubles occur, you are welcome to get instant help here.

 Instruction to Elaborate Steps of Manually Unlock to Help You out of Locking Puzzle Effectively

Step1.:Reboot your computer and log into Safe Mode with Networking.
As the computer is booting but before Windows launches, tap the “F8 key” continuously which should bring up the “Windows Advanced Options Menu” as shown below. Use your arrow keys to highlight “Safe Mode with Networking” option and press Enter key.

Step2: Launch msconfig. and disable startup items rundll32

Click “start” —> put msconfig. in “search box” —> press Enter —> disable rundll32

Step3: Reboot your system one more time.

Step4: Reboot into safe mode with command prompt. There should not be blank screen, nor fake screen.

Step5: Run regedit. Search for Winlogon.

Click “start” —> put regedit in “search box” —> press Enter —> press and hold Ctrl+F to search for Winlogon

Step6:There will be a key labeled Shell in the right pane. It should reference Explorer.exe or be blank. If not, right click it and replace it with explorer.exe.

Note: if you cannot load explorer.exe, and cannot see Windows Task Manager or desktop, follow the steps below:

1. start explorer.exe

a) Press “Alt+Ctrl+Del”.

b) Click “Task manager”

c) Click “New Task”.

d) Type “explorer.exe” and press “Ok”

Now explorer.exe will load and you can see your Desktop and all your files .

Step7: Save changes, reboot to safe mode with networking.

Step8: Run msconfig and disable all unnecessary startup entries.

a) Related files and folders

%UserProfile%\Application Data\
%UserProfile%\Start Menu\Programs\

b) Associated registry entries

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0

 Tips to Prevent Future Infections:

  1. Files that don’t have a digital signature or were downloaded from unknown source should always be treated as dangerous.
  2. Avoid running programs that where downloaded from untrustworthy source or don’t have a digital signature.
  3. No clicking on email attachments or open HTML or plain-text messages from unknown senders
  4. Remember not to turn off or disable automated security tools
  5. No surfing gambling, porn, or other legally-risky Websites
  6. No  access to an unknown, untrustworthy WiFi network

To conclude: a better analogy would be a railway station in a big city, where hustlers gather to prey on the credulity of new arrivals. Wise behavior in such places is to walk fast, avoid contact and be brusque with strangers. Try that online.

Here is A Direct Video Showing How to Unlock Federal Department of Justice and Police Virus

Note: if you have blank page in safe mode with networking, unable to access to the Internet or get the fake page pop up in safe mode, the situation is much more tough than you can imagine, but you can always find professional help from Tee Support experts 24/7 ready to help.

Leave a Reply

Your email address will not be published. Required fields are marked *