Yesterday I got RCMP Virus (Royal Canadian Mounted Police Ukash Scam) locked my computer and I have no idea how to get rid of it. When I was on Facebook, a window popped up on my screen saying YOUR COMPUTER HAS BEEN LOCKED telling me that all activities of this computer have been recorded, all my files have been encrypted. It’s telling me that i’ve violated at least one of the following and then it lists three different laws. It tells me that to unlock my computer and avoid other legal consequences, i’m obligated to pay a release fee of $100 CAD. It tells me to buy a Ukash card from a convenience store and that I only have 48 hours to pay it. The warning looks very official and it says that its from the RCMP. Could it be real? If not, how can I get a virus like that? I searched online and found that many people had the same issue. It said I have to restart to safe mode. But once I do that, computer restarts automatically. I’m not an expert on computers. How to unlock computer from Royal Canadian Mounted Police virus? Is there any RCMP Virus remover?
Royal Canadian Mounted Police Virus, short for RCMP virus, is a scam that locks your computer system and will not let the users do anything until they pay a certain amount of dollars. As the symbol of the Government of Canada, Ukash RCMP virus computer blocked virus is required to pay money via Ukash. Similar to West Yorkshire virus or Canadian Security Intelligence Service Virus (CSIS Ukash Virus), Royal Canadian Mounted Police scam is distributed along with Trojans virus via visiting infected webpages, downloading unknown software and reading junk e-mails. They target one special country of each and in this case, Canada is under targeting. And this kind of spywares always has the ability to avoid the detection of antivirus software. As long as your computer system has been infected with this virus, fake registry entries and files would be added so that it can take an overall control of the system for the convenience of its further intentions. The next thing you are going to see is a lot of popping up fake security notices, saying that you are viewing illegal websites mostly about pornography which you are not, and for that reason the fake Royal Canadian Mounted Police virus will lock your computer to prevent you from continuously visiting the illegal pages. As a punishment, you will have to spend $250 via Ukash on the unlock code. But don’t trust any of that! Its detestable intention is to steal your money without fixing your problems.
From the above images, we can see the Royal Canadian Mounted Police virus ransomware attacks Windows computer by blocking their access from the desktop. Cyber criminals try their best in attempt to disguise themselves as the real RCMP to invade target PCs by giving a fake warning to lock down their computers. Then they request a fine from $100 CAD or $250 CAD through Ukash to release the PC. You should never believe in fake RCMP message.
The same virus makers by Royal Canadian Mounted Police virus are so greedy. Now they turn their eye on the increasing Apple markets and create a new version RCMP Mac OS X virus, mainly to attack computer users who use an Apple machine like Macbook Pro or Macbook Air etc and want to get money from them. They put the virus all over the Internet and if a user mistakenly clicks on a spam link from malicious website, their Mac machine can easily be infected by RCMP browser locked virus. Once infected, users are no longer able to use their browser to surf Internet. All it shows on the browser is the RCMP scam page telling that all activities of this computer have been recorded or all your files are encrypted. Then it demands $250 fine through Ukash to unlock the browser. Unlike the traditional Ransomware, this virus won’t take over all your screen but just blocks your browser because it always utilizes java script to hijack internet browsers such as Safari and Chrome on Mac OS X. From that time, you cannot exit out or minimize the browser. When you attempt to do that, RCMP browser virus may give you another pop-up screen filled up with advertisement and stop you from closing it. Please bear in mind this fake RCMP alert is fake. You won’t get any trouble from the real police, thus paying the fine using Ukash vouchers is not the solution to unlock your computer. Users should get rid of RCMP browser locked scam manually.
a. It will change automatically the registry settings and other important files. Any delay in removal may even lead to system crash;
b. The icons in START menu are going to be disappeared and right click of the mouse would not work anymore;
c. It will also slow down the speed, change the home pages and redirect the searching results;
d. Since Trojans come along with it, private information like credit card numbers and passwords could be stolen;
e. It is hidden deep in the system files and can make other useless files of its own;
f. Other viruses and malicious malware could be installed in the computer without permission.
Royal Canadian Mounted Police ransomware has blocked the legitimate antivirus programs from detecting viruses, so it is impossible to let antivirus programs do the entire removal job. And since a small mistake could lead to unexpected damages to your computer system, you may want to backup the system before taking any actions. Following are several guiding tips for you to remove it manually by yourself:
1. Restart the computer and constantly press F8. When a screen looking similar like the one below appears, use the arrow keys to select “Safe Mode with Networking” and press E/ENTER;
2. Press and hold the WINDOWS icon on the keyboard and then press the R letter, the Run Box will appear;
3. Enter all the data and files mentioned below in the Run Box and then delete them all:
%Documents and Settings%\[user name]\desktop\[ Royal Canadian Mounted Police Virus (RCMP)].exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell”=”[SET OF RANDOM CHARACTERS].exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MsConfig\startupfolder\[random names]
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MsCongif\startupreg\[random names]
Do not trust what the Royal Canadian Mounted Police Virus page tells you, it is totally a scam. The virus page shows up the whole screen, and will not allow you to do anything to close this window, even in safe mode. Some victims will follow the page to pay, and the blocked page is gone, but it is temporary, the computer will be blocked in some days and ask for more money. It will be a hard time if computer get locked by the RCMP virus. Also cyber criminals now keep an eye on the growing Apple market and they design another RCMP virus scam used to attack Apple / Mac OS X users all around the world. When this Ransomware is on the Apple computer, it won’t act like the one on Windows computer by locking the whole computer, it just blocks your online usage by hijacking your browser. However, it is enough to scare people to death and cause many inconvenience. It can completely block your browser and prevent you from getting online. As soon as you open Google Chrome, Firefox or Safari, a page comes up automatically saying that “All activities of this computer have been recorded. All your files are encrypted. Your browser has been blocked due to at least one of the reasons specified below. ” Then it provides a solution to unlock your browser which is to pay $150 CAD or $250 fine via Ukash. People who suffer from this scam will find it hard to exit this locked page because force quit doesn’t nothing help. Although everything seems to be authentic, you should not pay anything for this scam.As mentioned above, people should realize that RCMP Virus is nothing but a computer virus that can either lock your computer or the web browsers. Even though you don’t want to get the computer ruined or lose your precious data, paying the fine as it requests is not an option to solve your problem. To completely get rid of Royal Canadian Mounted Police Virus (Ukash Scam), manual removal is needed because all the virus files and registry entries have to be deleted permanently which can make sure this virus won’t come back again.
Published by Andrew Gonzalez, last updated on March 10, 2014 3:13 am | Fake Antivirus Removal Tips