Home Malware Programs Ransomware Police Central E-crime Unit (PCEU) Ransomware

Police Central E-crime Unit (PCEU) Ransomware

Posted: February 10, 2012

Police Central E-crime Unit (PCEU) Ransomware Screenshot 1Police Central e-crime Unit (PCEU) ransomware is a variant of the 'Metropolitan Police' ransomware Trojan, a Trojan that locks your PC and displays fake warning messages from the police to extract a ransom fee in return for restoring your computer's functionality. SpywareRemove.com malware researchers note that, like all members of the 'Metopolitan Police' family, the Police Central e-crime Unit (PCEU) ransomware isn't a legitimate representative of any legal agency and has no ability to detect or penalize activities (such as viewing of erotic media) that Police Central e-crime Unit (PCEU) ransomware claims have taken place. You should never spend money to pay Police Central e-crime Unit (PCEU) ransomware's ransom demands, since Police Central e-crime Unit (PCEU) ransomware can be removed by suitable anti-malware products after its deactivation (by standard anti-malware tactics, such as Safe Mode or accessing the Command Prompt directly).

Police Central E-Crime Unit (PCEU) Ransomware – a Competent Fraud of E-Crime Detection

Police Central e-crime Unit (PCEU) ransomware is based on a group of Trojans that alter their appearances slightly to match a given legal organization and country; other examples of these Trojans (which may be identified by the names of Trojan.Win32.Reveton, Mal/Reveton-B, W32/Ransom.UK, Trojan-Ransom.Win32.Blocker, Win32/LockScreen.AJA, Trojan:Win32/Reveton.A and Trojan:Win32/Ransom.FL) include the Strathclyde Police Ukash Virus and Fake Federal German Police (BKA) Notice.

Police Central e-crime Unit (PCEU) ransomware and related forms of ransomware Trojans are easily identified due to their distinctive warning messages and their preference for Ukash-based payments. The Police Central e-crime Unit (PCEU) ransomware version of this family's warning is noted below for reference:

Attention!!!
This operating system is locked due to the violation of the laws of the United Kingdom! Following violations were detected:
Your IP address is [IP address]. This IP address was used to visit websites containing pornography, child pornography, zoophilia and child abuse. Your computer also contains video files with Pornographic content, elements of violence and child pornography! Spam-messages with terrorist motives were also sent from your computer.
This computer lock is aimed to stop your illegal activity.

After a Police Central e-crime Unit (PCEU) ransomware infection, the above warning may be all that you can see on your PC, since Police Central e-crime Unit (PCEU) ransomware will try to lock up other functions of your OS and prevent you from using other programs, especially anti-malware programs that could remove Police Central e-crime Unit (PCEU) ransomware from your PC. Thus, SpywareRemove.com malware analysts recommend that you take steps to disable Police Central e-crime Unit (PCEU) ransomware so that Police Central e-crime Unit (PCEU) ransomware can be deleted by suitable anti-malware products. Manual removal of Police Central e-crime Unit (PCEU) ransomware isn't recommended due to the high probability of Police Central e-crime Unit (PCEU) ransomware concealing files in your system folder, as well as the chance that Police Central e-crime Unit (PCEU) ransomware is accompanied by related PC threats.

Stepping Around Police Central e-crime Unit (PCEU) Ransomware's Numerous Traps

Although Police Central e-crime Unit (PCEU) ransomware claims to restore functionality to your PC after its ransom is paid, SpywareRemove.com malware researchers stress the fact that Police Central e-crime Unit (PCEU) ransomware hasn't been programmed with the ability to stop its attack and will not recognize a successful payment to unlock your computer. Paying Police Central e-crime Unit (PCEU) ransomware's ransom fee may also endanger your credit card with the possibility of other fraudulent charges in the future and it's recommended that you change your credit card after such incidents.

Recent variants of ransomware Trojans from Police Central e-crime Unit (PCEU) ransomware's family have also been noted to be able to download and install other PC threats, including PWS:Win32/Reveton.A, a Trojan that specializes in stealing passwords. Since PC threats that are linked to Police Central e-crime Unit (PCEU) ransomware may attempt to steal personal information, you should also consider changing account-related information after you've removed any Police Central e-crime Unit (PCEU) ransomware infection from your PC.


Police Central E-crime Unit PCEU Ransomware Screenshot 2Police Central E-crime Unit PCEU Ransomware Screenshot 3

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Documents and Settings%\All Users\Application Data\[random]\ File name: %Documents and Settings%\All Users\Application Data\[random]\
%Documents and Settings%\All Users\Application Data\[random]\[random].mof File name: %Documents and Settings%\All Users\Application Data\[random]\[random].mof
Mime Type: unknown/mof
%Documents and Settings%\All Users\Application Data\[random]\[random].exe File name: %Documents and Settings%\All Users\Application Data\[random]\[random].exe
File type: Executable File
Mime Type: unknown/exe

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetHKEY_CLASSES_ROOT\PersonalSS.DocHostUIHandler

26 Comments

  • David Bellas says:

    I think there hhas been a mistake and my compurter has been blocked. David Bellas

  • lorant barta says:

    hi i am used my computer just watching videos and the police blocked my computer i never watcing chindren like they said and i can not use my computer now .

  • kirsty suthers says:

    my computer has been locked n i think its a mistake.

  • Grant Hartley says:

    Hi i was also watching a movie online (livestream) on "1channel" the devils rejects movie when this virus infected my system.
    i instantly started in safe mode with command prompt and did a restore backup, but could only manage to go to about 3 hours previus to infection, i do not have any expliced media on my laptop. after restore i have full use of my C: local disk. but my recovery is locked my 2nd F: drive is locked all my games and pics and mp3s are, even all my favorites in web browser are all locked. every malware tool i use says they find and remove the bad registery files but dont, including many "HKEY_ FILES. not sure how to fix these problems,

  • Aleksandra says:

    Hi , my laptop just been blocked , lol, i didn't do anythint that it says i did.. whats !?

  • Jac says:

    Hi

    I've had a message from the PCEU and have had my user blocked. Message says I have to pay a fine of £100 within 72 hours otherwise a case is held.

    What the hell is all this? I'm confused 🙁

  • Tobysarah says:

    i just downloaded this to delete the PCSU virus which is states it can do. what a waste of money since i still have the virus.

  • Emmhaitch says:

    My laptop was blocked by this virus, and 'demanded' the £100 fine. I restarted in 'safe mode' and then did a system restore to 5 days ago which was the option offered, I then followed this with a full mcAfee security scan which seems to have stopped the problem (fingers crossed)

  • billryleys says:

    This nasty piece of work will lock up your computerIt has ben improved on since the last time I encontered it. The last time all I had to do was start in safe mode and reset to an earlier date.It will not let me do this now. This is a good scam and I am suprised that microsoft have not addressed this promlem. I am sure their is a solution somewhere on the internet but I have not found it yet. Most of the solutions involve downloading a program from another computer on to a stick or cd. You then plug this into your computer(you are sometimes asked to hold down a key or two during this operation.They unfortunatly do not work and I have not found one yet that does.So good luck and kep on searching.

  • bill ryley says:

    Do not worry this is a scam but do worry about how you are going to get rid of it

  • Matt w says:

    Lol, what is with these comments did you not read the info its a virus scam NOT LEGITIMATE

  • Richard Birnage says:

    Infected yesteday afternoon. It's blocking safe-mode start-up, too, now. MS's website is useless in its own right - giving a link to here was the best it could manage

  • Richard Birnage says:

    Infected yesterday afternoon. It blocks start in safe mode. MS's website doesn't help - most useful thing was a link to here.

  • richard says:

    GO TO START MENU
    ALL PROGRAMS
    ACCESSORIES
    SYSTEM TOOLS
    SYSTEM RESTORE this will work. i tried all bunch of suggestion and download. but this will 100% work. just be fast to go to system restore before Police central e-crime unit take over your monitor again.

  • yash says:

    hi my laptop got blocked by this virus today aswell can i just conform this is a virus? and if i take it to a computer shop will they be able to get rid of it for me?

  • HeisenbergDK says:

    I regained control by doing a SYSTEM RESTORE in SAFE MODE. (restoring to a system image from 10 days earlier)

    Then I was finally allowed to install programs like: RUBotted and Spyhunter.

    I think the trick is to remove the internet connection as fast as possible after infection.

  • Steve says:

    There's a video on youtube now which goes through removing the virus from your computer. Download the ERD commander to boot your computer then delete the necessary infected files & folders + the registry entries. It took me a while to find the infected files as they won't named the same as the ones on the video. Your best bet is to search the dates and times of the infected files created on your computer when you got the virus. This way you can narrow it down.

  • Steven Homer says:

    Hi,

    I have tried various solutions on different pages on the web but none worked. The newer variants (Sept 2012) seem to prevent any boot in any Safe Mode option so you are a bit stuffed. WHAT DID fix it for me was the following

    1. I had access to another laptop - PC would be fine. I also had an external USB caddy which allowed me to access the infected hard drive as an external/slave drive. So you will need the connection to allow the infected drive to connect to a USB connection on the master -not that expensive to buy from any PC store.
    2. The main infected file is Explorer.exe, so I accessed the infected drive Windows Folder and deleted the infected Explorer.exe. I then copied into the same folder a clean version of Explorer.exe. NB the correct one depends on version and Service Pack of Windows you are running but Google will find a link for you
    3. Whilst the infected drive was connected to the master laptop I ran Superantispyware on the infected drive. Download and install SAS onto the clean PC do updates and select "Full Scan", this will allow you to see the external drive in a side window - just tick the box to select Again this can be downloaded from the web and is a free package.
    4. Once the scan was complete I reconnected the infected drive back to the original latpop
    5. The system booted up I then ran superantispyware again and finished the clean up.

    So far no issues.

  • Shaun Herbaut says:

    I have had many customers who have brought their laptop in with this virus scam. The simplest way to remove it is by doing a system restore. follow this link and follow the instructions: http://support.microsoft.com/kb/304449

  • Chris says:

    Its a little virus that has no power behind it to do any damage at all.... I put it on my laptop cos its quite fun removing it,,,, Boot your system in SAFE MODE and go to system restore from a previous backup... THATS IT..

  • mango says:

    high five!!!! you guys are top!!!

  • Patrick says:

    My laptop is infected with e-crime Unit (PCEU) but how do I install your product since I have no access to my laptop

  • janis says:

    thanks gays i was almoust in panic but it works need to restart with date before it start thanks a lot the best wishes for you

  • Andrew says:

    With Windows 7 this virus now only allows restart in "Safe Mode with Command Prompt" ( quickly enter: rstrui.exe ) to open system restore. Use SpyHunter afterwards.

  • Daniel James says:

    Why Can't we trace where the money goes? It must go into someones account! In this day and age the internet police should be able to protect us? I wonder how many people have paid????? Someone is getting rich and causing a lot of problems and making a fortune...... But why is it allowed to carry on?

  • Bob Salt says:

    I did not have enough time to start system restore, I plugged in a usb stick which changed the hardware setup giving me enough time...

Loading...