‘METROPOLITAN POLICE Attention! Illegal activity was revealed!’ Ransomware
Posted: June 22, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 89 |
| First Seen: | September 3, 2012 |
|---|---|
| OS(es) Affected: | Windows |
'METROPOLITAN POLICE' Attention! Illegal activity was revealed! is a fake alert that's used by ransomware Trojans to intimidate you into paying a fraudulent fee. Trojans that use the "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" message will block you from using files, folders and various applications, while also threatening to delete your files. This threat isn't a reason to pay the "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" fine, however, since "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" is a mere bluff that the Trojan in question can't back up with action. Using Safe Mode with Command Prompt and appropriate anti-virus software can remove the "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" fake message and Trojans from your computer, without harming your data or program files.
How "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" Uses Fear of Law to Steal Your Money
"'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" message is strongly reminiscent of similar ransomware Trojans like Trojan.Ransom Fake Federal German Police (BKA) notice variante. A Trojan that uses "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" warnings will attack your PC in a manner almost identical to that of an equivalent German Trojan, albeit with a modified message in English:
- The installed Trojan will modify your desktop to display a fake Metropolitan police message. "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" message will claim that you've been caught trafficking in illegal files (such as child pornography) and threaten to delete the contents of your PC after 24 hours, unless a fine is paid. The initial message text reads as follows:
ATTENTION! ILLEGAL ACTIVITY WAS REVEALED!
Your operational system is locked as a result of Great Britain law violation!
The following violations were revealed: your IP address was detected on illegal pornographic sites including child pornography, zoophilia and violent scenes with children!
Naturally, all "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" warnings are fake, and not the work of legitimate authorities. "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" alert can't detect illegal activities on your computer or IP address, and lacks the ability to delete your files, as "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" threatens to do in the rest of the fake alert.
- The Trojan responsible for the "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" message will also lock your computer and prevent you from opening files or launching programs. "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" message can persist even in Safe Mode, but fortunately, there are ways to overcome this.
Do not Let "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" Handcuff Your PC
Paying the fines that "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" message pushes on you is an unnecessarily self-destructive action. Not only can "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" infections not delete your files, "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" alert can be removed with basic anti-malware strategies and software. Once "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" pop-up message and the Trojan that generates it are removed from your PC, all symptoms related to a "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" attack will likewise disappear.
Even though the Trojan that pops up the "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" message can keep your computer locked down in Safe Mode, Safe Mode with Command Prompt will let you make changes and prevent the Trojan infection from launching itself. After this, removing "'METROPOLITAN POLICE' Attention! Illegal activity was revealed!" alert and related Trojan is as simple as scanning your computer with a trustworthy security program.
File System Modifications
- The following files were created in the system:
# File Name 1 [SET OF RANDOM CHARACTERS].exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[SET OF RANDOM CHARACTERS].exe"
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:movie.exe
File name: movie.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.