How to Remove Bundespolizei Police Ransomware Virus Manually

Questions and Answers

The “Bundespolizei” virus holds your computer ransom by demanding a fine for your allegedly illegal internet activities. If you’ve contracted this virus, use the following instructions to remove it manually.

EditSteps

1. 
   1
   Restart your computer. If your computer isn’t working properly enough to run its own restart, force one by hitting the restart button (if you have one) or by turning the power button off and then back on.
2. 
   2
   As the computer starts back up, tap the F8 key. This will open an Advanced Options menu. Tapping the key several times will increase your odds of sending the command at the right moment. Note that if you hit F8 too soon on certain operating systems, you may get a keyboard error message and have to restart the computer; if you hit it too late, Windows will simply open normally and you’ll have to try again.
3. 
   3
   Choose “Safe Mode with Command” from the Advanced Options menu. When you log in, you will see a command window (cmd.exe). This will allow you to modify the computer while still in safe mode.
4. 
   4
   Optional Step: Type “Taskmgr.exe” and press enter to open the Task Manager. (Do not type the quotation marks.) Only do this step if you already know or could easily recognize executable files associated with the virus.

   • Go to the Processes tab to find and end all processes associated with the virus. Simply click on the process and hit End Process at the bottom right-hand corner of the window. If you aren’t sure whether or not a process is associated with the virus, don’t end it.
     
     
   • Close the Task Manager. This will take you back to the command window.
     
5. 
   5
   Type "Regedit" and press enter. (Again, do not type the quotation marks.) This will open the Registry Editor.
6. 
   6
   Locate a folder named “Winlogon” in the panel to the left. The full directory is “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.”
7. 
   7
   In the panel to the right, find the registry key named “Shell.” The complete filename should be something like “C:\Documents and Settings\username\desktop\VIRUS INFO.exe.”
   Though the virus-info portion of the filename will be different for different computers, common examples include “contacts.exe,” “jashla.exe,” and “mahmud.exe.” Write down this information: you will need it again later.
8. 
   8
   Right-click the word “Shell” and choose Modify. A dialogue box should pop up that gives you the value name (Shell) and the value data (C:\Documents and Settings\YOUR USERNAME\desktop\VIRUS INFO.exe).
9. 
   9
   Modify the value data to read “Explorer.exe” and hit okay. (Again, do not type the quotation marks.) This restores the default value.
10. 
    10
    Go to Edit > Find and type the virus info you wrote down earlier. (Ex. “contacts.exe,” “jashla.exe,” “mahmud.exe,” etc.) Make sure that Keys, Values, and Data are all checked in the Find options.
11. 
    11
    Find and delete all the virus’s registry keys. Hit Find Next to find a registry key containing your virus info, then right-click the name and choose Delete. Do this until there are no more registry keys associated with this virus.
12. 
    12
    When you’re done, exit the registry editor. You should now be back at the command window.
13. 
    13
    Type “shutdown /r /t 0” and hit Enter. (Again, do not type the quotation marks.) This will restart your computer in normal mode.
14. 
    14
    If this doesn't work or you cannot find any entries related to the 'Police' virus, Reboot your PC in safe mode (tapping F8 key whilst booting)
15. 
    15
    - Go to Start -> Run and type 'msconfig'
16. 
    16
    - In the folder Boot Options turn of everything
17. 
    17
    - Save
18. 
    18
    - Reboot your PC
19. 
    19
    Virus gone
20. 
    20
    You can leave it this way or repeat steps above and turning on the options one by one. When the virus reappears after reboot, you know where the virus is