I’ve got the Canadian version of the Ukash virus like Royal Canadian Mounted Police virus on my mac book pro. Yesterday I was searching information on browser and then my computer was blocked by Royal Canadian Mounted Police (RCMP) warning screen. I was shock. I cannot access my desktop and use my browser to surf Internet. Instead, it gave me this warning, telling me I have to pay CAD $100 through Ukash to unlock my computer. I don’t know what was wrong with that because I never watch a porn or do anything illegal. Is it real? Today when I turned my PC on, I got a white screen with nothing. Is my computer dead? How to unlock my computer from RCMP virus and get my PC/browser unlocked? Any help will be appreciated.
Royal Canadian Mounted Police Virus (also called RCMP virus) is a ransomware that blocks targeted computers and tries to extort money from their users as much as it can. This virus targets to attack PC users in Canada no matter you are using a Windows computer or a Mac OS X computer. It always comes with the help of a Trojan, then runs in the background by seeking discovered vulnerability. There are other versions of such Ransomware that target computer users worldwide, for example: Gema and GVU virus from Germany, Sacem virus from France, FBI Moneypak Virus from USA and Buma Stemra from the Netherlands. Similar viruses that attack Canadian users are included: Cybercrime Investigation Department Virus, Canadian security intelligence service virus and so on. They are all designed to scare innocent users and then hackers can easily earn money from those users who trusted this scam.
As mentioned above, we have known that this attack is targeted specifically to Canadians. How does it work? Firstly, Royal Canadian Mounted Police Virus starts automatically when system is started and from that moment, your computer or browser will be totally blocked. All you can see on the screen is a fake warning, it claims that they have detected illegal computer activity related to copyright violations on your computer and a $100 CAD fine needs to be paid in order to unlock the computer. That warning also suggests that if the fine is not paid there are potential prison terms and additional fines. Do not fall for this, or you will only lose your money. The actual alert states:
Your PC is blocked due to at least one of the reasons specified below.
You have been violating ‘Copyright and Related Rights Law o (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Canada.
Article 128 of the Criminal Code provides for a fine of 200 to 500 minimal wages or a deprivation of liberty for 2 to 8 years.
You have been viewing or distributing prohibited Pornographic content (Child Porno, Zoophilia and etc). Thus violating
Article 202 of the Criminal Code of Canada. Article 202 of the Criminal Code provides for a deprivation of liberty for four to 12 years.
Article 208 of the Criminal Code provides for a fine of up to CAD $100,000 and/or a deprivation of liberty for 4 to 9 years.”
First, the Royal Canadian Mounted Police Virus (RCMP virus) warning is 100% false and it should not be paid. There were not copyright violations and there is no risk of further fines or jail time. This is all orchestrated by a group of cyber criminals that are fraudulently extorting money from Canadians through this method. The sheer numbers of PC’s that get infected by this virus always turn up users that believe the warning to be true and pay the fine out of fear. With so many people participating in illegal file sharing and downloading it makes sense that some will feel the fine is real and pay it to avoid future trouble.
Since the computer screen is locked the average user may not see any other options available besides just paying the money. Even if they attempt to shut the computer down by disconnecting the power supply and then restarting they will again be greeted by the warning. At this point they are tricked into thinking the RCMP virus is real and pay the crooks. But after payment is done, they will realize it is just a scam because even they have entered the code as required, computer will still be locked and money will be lost as a result.
Royal Canadian Mounted Police warning is totally a scam. Since payment is made via a prepaid direct transfer there is no way for those who are scammed to ever recover that money. It also prevents any way for tracing the payments to the hackers. Once the fine is paid the use will expect the warning to go away but they will soon see that it is not and they have been scammed. By that time the hackers are long gone and on to the next victim. Thus, there is no need for a users to pay a fine with Ukash or Paysafecard. And all it needs to be done is to find out all the infected files and registry entries first and delete this virus thoroughly.
The RCMP virus is also referred to as the Royal Canadian Mounted Police attack, and it is a ransomware virus that will pop up on the infected computer at the start up and disable all functions of the computer. The user is not able to access and computer feature or close out or minimize the alert on the screen. The only option is to manually power off the computer and then restart it, but once again the warning message will pop up and there is nothing that can be done to access other windows or functions of the PC. All you can see on the screen is like the following picture:
Just like most of Ransomware, it always demands payment, either because of “authority” or using threats to destroy all the data. This version requests users to pay CAD$100 via Ukash or Paysafecard.
This version has a brief appearance but also has the same goal to trick you into paying a ransom of $250. It asks for a Ukash Voucher for $250 to unlock your PC. You shouldn’t need to do that because it is a scam.
This is the earliest version of Royal Canadian Mounted Police Virus which also needs a fine of $100 through Ukash.
Royal Canadian Mounted Police Virus (Ukash Scam) is not only able to infect computers running Windows operating system, it also can attack Apple computer with Mac OS X. Careless users always get infected when they visit web sites that have been hacked with exploit kits. Afterwards, the RCMP browser locked virus blocks you out of your browser even of the whole computer. Each time the web browser is opened, you are not able to see your homepage as usual because a fake RCMP virus alert will take over your browser immediately. It states child pornography etc. were detected on your computer and your browser has been blocked unless you pay a fine in the amount of CAD $250 via Ukash. To threaten computer users further, it shows a scary picture with handcuffs on the middle of your screen meaning you will be arrested if you don’t pay the fine. Below the picture it also lists your IP address and your country and city indicating that police is supervising your activities now. Even though this virus owns a trusty appearance, users should not believe in that for it is just a virus designed by hacker in order to tricky you and get money from your pocket. This type of Apple Ransomware is different from the other browser hijacker viruses which change browser settings and your default homepage, it is more aggressive because it won’t give you any way to pass the virus screen page. To unlock your browser from RCMP Ukash virus, please contact YooCare experts online for Your Browser Has Been Locked Virus removal.
It will take control of your computer rapidly once it is downloaded.
It will pretend itself as a legit warning and then ask for a ransom.
It can disable your task manager and even pop up in safe mode.
It can connect to a remote IRC server and forward the data to cybercriminals without a computer user’s awareness.
It can’t be simply uninstalled or removed in control panel.
Although this Royal Canadian Mounted Police Virus page seems to be legitimate, it is 100% fake. It even uses web cam control to make users panic and makes them to pay for the ransom wrongly. If your computer is infected, you will detect your webcam will be on without your permission as if it is recording you. If you do not have a web cam connected, the video screen on the page will appear to be blank. As mentioned above, we can see how this scam works to deceive innocent users. It is good at using scare tactic to extract money from victims. Hence, users must remove this virus manually as soon as possible.
The Ransomware can greatly affect your system and programs to make them perform poorly, and this makes PC victims shock at their terrible computer situations. Payment to the fine is not a useful or trustworthy method to get your computer unlocked eventually, for the Ukash Ransomware is a malicious and tricky virus itself which is nothing useful but a dangerous threat to your computer. How about PC stores? Many PC users may drive miles of way to take the victimized computers to local PC stores or call a technician at door to unlock their computers, but neither PC stores nor technicians can help you unlock your computer efficiently. By this way, you may have to wait for several hours or days and spend much money to get targeted computers unlocked at last. Furthermore, many executable programs of your computer may be corrupted by the ransomware and functions badly, particularly the anti-virus software. Since the virus can block your antivirus programs to stop them from running even lock your PC entirely, under such circumstance, manual removal is required to handle with the virus. This manual removal guide is for advanced computer users to follow. If you are not 100% confident of what you will have to do, it’s suggested to get help from experts.
Please do a system backup before you start to delete The Royal Canadian Mounted Police Virus manually.
1. Restart your PC before windows launches, tap “F8” constantly. Choose“Safe Mode with Networking” option, and then press Enter key.
2. Press Ctrl+Alt+Del keys together and stop the Ransomware processes in the Windows Task Manager.
Random.exe (The name of the virus process may be different all the time)
(If you can’t figure out the process of the virus, you can end the process called explorer.exe first so that virus won’t come up)
3. Delete associated files from your PC completely as follows:
C:\Documents and Settings\<Current User>
4. Search for all related registry entries infected by this dangerous virus and wipe them out:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
5. Reboot the computer to normal mode when the above steps are done.
Royal Canadian Mounted Police Virus is another Ukash related computer Ransomware that was designed to steal money from less experienced computer users. The ransomware is also designed by cyber criminals to gain remote access to targeted computer without any permission, in the purpose of performing illegal activities randomly. It aims at swindling peoples’ money away by blocking an infected computer located in Canada completely. As soon as it comes to the target computers, it blocks your computer completely and only displays one message warning that your IP has been found to visit pornographic content or other illegal websites. Then it claims that you have to pay a fine for these actions in order to get your PC unlocked. Many unwary computer users agree to pay this fine just because they are so scared and do not find any other solution. The virus blocks you from accessing desktop, task manager. You are not even able to browse the Internet to check solution or even launch your antivirus program. Some users may get the desktop back in safe mode and wonder if system restore to an earlier time will work. However, many computer users found that after they did a system restore, things are going to be worse. Not only did the computers freeze, but also lose their precious data. Furthermore, the virus may be still in the computer making chaos secretly. Royal Canadian Mounted Police Virus can completely lock infected system, detect your IP address, making your computer at huge risk. It may refer to the ZeroAccess Rootkit which can be used to steal private information. Meanwhile, this ransomware can open a backdoor and invite other threats such as browser hijacker virus to a computer, causing your search constantly redirected. Therefore, considering the risk of this malware, it is suggested users to follow the manual guide above to unlock the PC from Royal Canadian Mounted Police Virus.
Note: Manual removal is a skillful and risky job, if any mistakes are made in the process, you may damage your computer immediately. If you are not sure how to do, please contact YooCare PC experts 24/7 online for help right now.
Published by Andrew Gonzalez, last updated on February 21, 2014 3:57 am | How to Guides