I don't think this has been included yet in the McAfee Fake AV Stinger, but it probably will be. It's a new variant of an existing scam first seen in Germany and the Netherlands ("BUNDESPOLIZEI popup" and "POLITIE, Onwettige activiteiten gedetecteerd!!!", respectively). It tries to get you pay up with fake threats of dire consequences for failure to do so.
As a first step, try running Malwarebytes (the free version) which may already have noted this and added it to its database of threats. If that fails to remove it let us know, and we'll ask for it to be added to the Stinger; then you can run GetSusp, which should isolate the files responsible.
Moved from Home & Home Office to Security Awareness/Malware Discussion/Home User Assistance.
Did anyone find a solution to the new onllne virus 'Metropolitan Poice Ukash'
Need your Help!!
I am too affected by the virus : when i login to my laptop i get a screen saying Strathclyde Police Metropolitan Police- you IP is locked as you are viewing illegal sites and child pronography...etc ..inorder to unlock you have pay through UKash using the 19 digit pin ....
I cant get beyond the screen (cant view my desktop,cant go to task manager.. nothing apart from my documents)
I have McAfee Total Protection Installed.
Any help would be much appreciated.
This scareware can be removed by following these steps:
- Boot your PC into safe mode by pressing F8 as it starts up.
- On another PC download a copy of ComboFix from BleepingComputer
- Copy this to a USB Pen or CD.
- Run ComboFix from the removable media, and reboot when it finishes.
- Once back in Windows run ComboFix again to be sure.
Ensure your A/V is up to date and Windows updates are installed.
The scareware will now be gone and you will have your PC back.
Tested under Windows 7 32-bit and 64-bit.
on 02/12/11 09:03:32 CST
Malwarebytes worked thanks Hayton. (Macafee's update did look suspicias afterwards, bt's phone operator didn't seem to worry, but I reinstalled it anyway and it now functions as before.)
<Restart, pressing f8 repeatedly, then select "safe mode with networking", downloade malwarebytes and follow instructions.>
All gone? Excellent. The main thing is not to panic, this is pure scareware.
I have this same problem and malwarebytes didn't solve it, can you help
EDIT : IF THIS POST CONFUSES YOU, IT CONFUSES ME TOO.
Jive (which is the software running this forum) has deleted my message and replaced it with a reply from Ex_Brit, taken from a different thread and a completely different topic.
It looks as if my original post has disappeared into a black hole, but if ever it can be found I will re-instate it here.
I apologise for Jive's ineptitude. It's nothing to do with us.
Please don't attach possibly infected files.
Try booting into Safe Mode by tapping F8 repeatedly while booting up and then initiating System Restore which is usually found in Start/All Programs/Accessories/System Tools, and then go back to before this started.
Also take a look at the following threads to see if they help:
Sorry we only speak English here but I will provide a Google Translation:
Lo sentimos, sólo hablan Inglés aquí, pero puedo darle un traductor de Google:
Por favor, no adjuntar archivos posiblemente infectados.
Trata de arrancar en modo seguro pulsando F8 repetidamente durante el arranque y luego iniciar Restaurar sistema, que generalmente se encuentra en Inicio / Todos los programas / Accesorios / Herramientas del sistema y, a continuación, volver a antes de que esto comenzó.
También eche un vistazo a los temas siguientes para ver si ayudan a:
I got this yesterday. Long story short, this how I dealt with it;
Booted into safe mode with command prompt (hold F8 at start up).
At command prompt I typed 'msconfig'.
In msconfig I clicked on the 'start up' tab.
In the list of programs loading on start up there was one entitled 'Lamp Admit Naval Crust Diana Slob' which definitely sounded dodgy so I clicked on it to remove the tick and made a note of the location.
A reboot into Windows normal mode confirmed that this was the file causing the problem since I now had control over the computer again.
In Windows Explorer I navigated to the affected file and deleted it.
On mine (I'm running Windows 7) it was a file named '0.645436414059299.exe' located in C:\Users\Sollus\AppData\Local\Temp. This worked for me, but I would imagine its sneaky enough to hide anywhere. McAfee is now running properly (I'm disappointed that it didn't stop it in the first place) and I'm now in the process of changing all my passwords.
Hope this is useful.