Yesterday I got RCMP Virus (Royal Canadian Mounted Police Ukash Scam) locked my computer and I have no idea how to get rid of it. When I was on Facebook, a window popped up on my screen saying YOUR COMPUTER HAS BEEN LOCKED telling me that all activities of this computer have been recorded, all my files have been encrypted. It’s telling me that i have violated at least one of the following and then it lists three different laws. It tells me that to unlock my computer and avoid other legal consequences, i am obligated to pay a release fee of $100 CAD. It tells me to buy a Ukash card from a convenience store and that I only have 48 hours to pay it. The warning looks very official and it says that its from the RCMP. Could it be real? If not, how can I get a virus like that? I searched online and found that many people had the same issue. It said I have to restart to safe mode. But once I do that, computer restarts automatically. Currently, this Canada Police Attention UKCash virus blocks mobile devices like Ipad, android phone or android tablet with the weird message a cussed of viewing pornography. You are required to pay a fine of $100 CAD to unlock the mobile device. How to unlock computer from Royal Canadian Mounted Police virus? Is there any RCMP Virus remover?
Royal Canadian Mounted Police Virus, short for RCMP virus, is a scam that locks your computer system or your android phone, tablet, Ipad and will not let the users do anything until they pay a certain amount of dollars. As the symbol of the Government of Canada, Ukash RCMP virus computer blocked virus is required to pay money via Ukash. Similar to West Yorkshire virus or Canadian Security Intelligence Service Virus (CSIS Ukash Virus), Royal Canadian Mounted Police scam is distributed along with Trojans virus via visiting infected webpages, downloading unknown software and reading junk e-mails. They target one special country of each and in this case, Canada is under targeting. And this kind of spywares always has the ability to avoid the detection of antivirus software. As long as your computer system has been infected with this virus, fake registry entries and files would be added so that it can take an overall control of the system for the convenience of its further intentions. The next thing you are going to see is a lot of popping up fake security notices, saying that you are viewing illegal websites mostly about pornography which you are not, and for that reason the fake Royal Canadian Mounted Police virus will lock your computer to prevent you from continuously visiting the illegal pages. As a punishment, you will have to spend $250 via Ukash on the unlock code. Still your android phone, tablet or Ipad has been crashed by the RCMP fine warning message if the mobile device is infected with this fake Canada police virus. But don’t trust any of that! Its detestable intention is to steal your money without fixing your problems.
From the above images, we can see the Royal Canadian Mounted Police virus ransomware attacks Windows computer by blocking their access from the desktop. Cyber criminals try their best in attempt to disguise themselves as the real RCMP to invade target PCs by giving a fake warning to lock down their computers. Then they request a fine from $100 CAD or $250 CAD through Ukash to release the PC. You should never believe in fake RCMP message.
The same virus makers by Royal Canadian Mounted Police virus are so greedy. Now they turn their eye on the increasing Apple markets and create a new version RCMP Mac OS X virus, mainly to attack computer users who use an Apple machine like Macbook Pro or Macbook Air etc and want to get money from them. They put the virus all over the Internet and if a user mistakenly clicks on a spam link from malicious website, their Mac machine can easily be infected by RCMP browser locked virus. Once infected, users are no longer able to use their browser to surf Internet. All it shows on the browser is the RCMP scam page telling that all activities of this computer have been recorded or all your files are encrypted. Then it demands $250 fine through Ukash to unlock the browser. Unlike the traditional Ransomware, this virus won’t take over all your screen but just blocks your browser because it always utilizes java script to hijack internet browsers such as Safari and Chrome on Mac OS X. From that time, you cannot exit out or minimize the browser. When you attempt to do that, RCMP browser virus may give you another pop-up screen filled up with advertisement and stop you from closing it. Please bear in mind this fake RCMP alert is fake. You won’t get any trouble from the real police, thus paying the fine using Ukash vouchers is not the solution to unlock your computer. Users should get rid of RCMP browser locked scam manually.
a. It will change automatically the registry settings and other important files. Any delay in removal may even lead to system crash;
b. The icons in START menu are going to be disappeared and right click of the mouse would not work anymore;
c. It will also slow down the speed, change the home pages and redirect the searching results;
d. Since Trojans come along with it, private information like credit card numbers and passwords could be stolen;
e. It is hidden deep in the system files and can make other useless files of its own;
f. Other viruses and malicious malware could be installed in the computer without permission.
Royal Canadian Mounted Police ransomware has blocked the legitimate antivirus programs from detecting viruses, so it is impossible to let antivirus programs do the entire removal job. And since a small mistake could lead to unexpected damages to your computer system, you may want to backup the system before taking any actions. Following are several guiding tips for you to remove it manually by yourself:
1. Restart the computer and constantly press F8. When a screen looking similar like the one below appears, use the arrow keys to select “Safe Mode with Networking” and press E/ENTER;
2. Press and hold the WINDOWS icon on the keyboard and then press the R letter, the Run Box will appear;
3. Enter all the data and files mentioned below in the Run Box and then delete them all:
%Documents and Settings%\[user name]\desktop\[ Royal Canadian Mounted Police Virus (RCMP)].exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell”=”[SET OF RANDOM CHARACTERS].exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MsConfig\startupfolder\[random names]
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MsCongif\startupreg\[random names]
Step by step guide is below:
1. Restart your phone to safe mode.
Note: “Safe Mode” on Phone starts up without loading any third-party add-ons and different devices have different ways to access safe mode.
For Samsung Galaxy S4, S5 or Samsung Galaxy Note: 1. Power down. 2. Turn on and repeatedly tap the soft-button for “Menu.”
For Samsung Galaxy S3 and others: 1. Power down. 2. Turn on, then press and hold Volume Down (Galaxy S3 and others), Volume Up (LG, ZTE, HTC One and others), or Volume Down and Volume Up together (various Motorola devices) when the vendor’s logo appears.
If you have managed to select Safe Mode, you will see the text “Safe Mode” at the bottom left corner of the screen.
2. Once you have put your android phone in safe mode, and you can’t figure out how to get the virus off your android phone or tablet, you are recommended to contact an expert for further removal instruction.
Do not trust what the Royal Canadian Mounted Police Virus page tells you, it is totally a scam. The virus page shows up the whole screen, and will not allow you to do anything to close this window, even in safe mode on both android device or Windows PC. Some victims will follow the page to pay, and the blocked page is gone, but it is temporary, the computer, android tablet or android phone will be blocked in some days and ask for more money. It will be a hard time if computer get locked by the RCMP virus. Also cyber criminals now keep an eye on the growing Apple market and they design another RCMP virus scam used to attack Apple / Mac OS X users all around the world. When this Ransomware is on the Apple computer, it won’t act like the one on Windows computer by locking the whole computer, it just blocks your online usage by hijacking your browser. However, it is enough to scare people to death and cause many inconvenience. It can completely block your browser and prevent you from getting online. As soon as you open Google Chrome, Firefox or Safari, a page comes up automatically saying that “All activities of this computer have been recorded. All your files are encrypted. Your browser has been blocked due to at least one of the reasons specified below. ” Then it provides a solution to unlock your browser which is to pay $150 CAD or $250 fine via Ukash. Now, the RCMP Ukash also attack mobile devices (Android phone, tablet or Ipad), once your mobile device is blocked, you will get the warning message:”your device has been blocked up for safety reasons.” And it’s asking you to pay fine with Ukash. People who suffer from this scam will find it hard to exit this locked page because force quit doesn’t nothing help. Although everything seems to be authentic, you should not pay anything for this scam. As mentioned above, people should realize that RCMP Virus is nothing but a fake virus that can either lock your computer, android phone, android tablet, Ipad or the web browsers. Even though you don’t want to get the machine ruined or lose your precious data, paying the fine as it requests is not an option to solve your problem. To completely get rid of Royal Canadian Mounted Police Virus (Ukash Scam), manual removal is needed because all the virus files and registry entries have to be deleted permanently which can make sure this virus won’t come back again.
Note: If you are not computer geek and failed to remove the virus, to avoid messing up your computer, Ipad, android tablet or android phone, please contact YooCare professionals to remove the virus safely and completely.
Published by Andrew Gonzalez, last updated on July 23, 2015 8:29 am | Fake Antivirus Removal Tips