Search this blog

Wednesday, September 7, 2011

What to do if you see Metropolitan Police warning in front of you?

Some active computer users nowadays may encounter the following message in front of them (see the screenshot below). The main story of it is this: “METROPOLITAN POLICE” Attention! Illegal activity was revealed! We have specifically published this article in order to convince you that the message you see is a fake one. It has nothing to do with the reality and it is surely not originated from the Metropolitan Police of Great Britain. Why do you see it then? The answer is simple – this fake warning is the result of malicious works of virus makers who want to get richer through deceiving you. These cyber crooks want you to pay them some money in order to have this warning removed. By the way, in continuation of it, the warning says that you were supposedly noticed in illegal activities having to do with watching sinful content. Well, we hope this is not the case with you, cause watching such sinful content really damages your soul and heart. But the fact is that this warning is a fictitious one, being far away from the truth. We want to assure you that you should not be afraid of such warning but rather get rid of it immediately. Please see and watch the guidelines prepared by us which will help you to remove this virus immediately.

Metropolitan Police virus

Automatic removal solution (recommended):

  1. Go to your friend, relative or anybody else who has computer with Internet connection.
  2. Take your USB flash drive / Memory Stick with you.
  3. Download GridinSoft Trojan Killer installation file from this site and save it to your USB flash drive / Memory Stick.
  4. malware removal tool

  5. Get back to your infected PC and insert the USB Drive / Memory Stick into the respective USB slot.
  6. Perform hard reset (press reset button on your computer) if your infected PC has been on with Metropolitan Police background. If not, then simply turn your PC on.
  7. Before the very boot process begins keep repeatedly hitting “F8” button on your keyboard.
  8. In the window that appeared select “Safe mode with command prompt” option and press Enter.
  9. Choose your operating system and user account which was infected with Metropolitan Police virus.
  10. In the cmd.exe window type “explorer” and press “Enter” button on your keyboard.
  11. Select “My Computer” and choose your USB flash drive / Memory Stick.
  12. Run the installation file of GridinSoft Trojan Killer. Install the program and run scan with it. (update of the program will not work for “Safe mode with command prompt” option)
  13. When the hijackers are successfully disabled (fixed) by GridinSoft Trojan Killer you may close GridinSoft Trojan Killer application.
  14. In the cmd.exe window type “shutdown /r /t 0” and press “Enter” button on your keyboard.
  15. Upon system reboot your PC will be unlocked and you will be able to use it just as before the infection took pace.
  16. However, it is recommended that you now update GridinSoft Trojan Killer and run the scan with it again to remove the source of the infections causing Metropolitan Police virus to infect your PC.

Automatic removal video:

Metropolitan Police manual removal milestones (optional and might not be effective):

  1. Restart your system into "Safe Mode with Command Prompt". While the PC is booting press the "F8 key" continuously, which should present the "Windows Advanced Options Menu" as presented in the image below. Apply the arrow keys in order to move to "Safe Mode with Command Prompt" and hit Enter key of your keyboard. Login as the same user you were previously logged in under the normal Windows mode.
  2. Safe Mode with command prompt
  3. Once Windows boots successfully, the Windows command prompt would appear as described at the screenshot below. At the command prompt, type-in the word "explorer", and press Enter. Windows Explorer should open. Please do not yet close it. You can minimize it for a while.
  4. Afterwards open the Registry editor by applying the same Windows command prompt. Type-in the word "regedit" and hit Enter button of your keyboard. The Registry Editor should open.
  5. You know how it normally looks like, don't you? Well, here is the screenshot of it:

  6. Find the following registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ In the right-side panel select the registry entry named Shell. Right click on this registry key and select "Modify" option. Its default value should be "Explorer.exe". However, Metropolitan Police virus did its job, and so after you click "Modify" you would see totally different value of this registry entry.
  7. Copy the location of the modified value of the above-mentioned registry entry to the piece of paper or memorize its location. It shows where exactly the main executable of Metropolitan Police virus is located.
  8. Modify the value of the registry entry back to "explorer.exe" and save the settings of the Registry Editor.
  9. Go to the location indicated in the value of modified registry entry. Remove the malicous file. Use the file location you copied into the piece of paper or otherwise noted in step in previous step. In our case, "Metropolitan Police" virus file was located and running from the Desktop. There was a file called "contacts.exe", but it may have different (random) name.
  10. Get back to "Normal Mode". In order to reboot your PC, when at the command prompt, type-in the following phrase "shutdown /r /t 0" (without the quotation marks) and hit Enter button.
  11. The virus should be gone. However, in order to clean your PC from other possible virus threats and malware remnants, make sure to download and run GridinSoft Trojan Killer downloadable through the button below.

Manual removal video:

Associated virus files to be removed:


Associated virus registry entries to be removed:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[random].exe"


kaz said...

Hi, i have just try this but when i got to number 2 it didn't have the option of type-in the word "explorer", the only option was to press the words of my OS 'window xp home edition' at that point it started going thur files, my p.c was still in dos mode but after few sec's it stop going thur then, at that point i had no option but to turn the p.c off.

When i restarted my p.c i pick 'last known good configuration option' instead of "Safe Mode with Command Prompt" then every time i started my p.c the screen would go a light blue after a few sec's on the start up & rebooting over & over still doing the same thing.

I have just try it again, no blue screen now but it doing the same as before when i get to option 2, i can only pick my OS 'XP', it then will start going thur files in dos mode but stopping after a few sec's, my P.C then turn itself off after a min or so. Please can you help me with this without all my data being deleted as i can't do nothing with it at the min ?

Matheus Aprim said...

Hi guys!

I have tried all kind of methods on the internet and youtube,
First, i saw one guy who said, type in the commander regedit , and then go the some shell or something and rename the file to iexplore.exe. Listen carefully, if you have go to this specific file and find shell and then right click and click on modify, if it says iexplore.exe CHANGE IT TO explorer.exe. Then you will see that the black screen will remain but the icons will appear and the start menu.

Oki, if you just have the virus with the officer telling you to pay a 100 pound bill, turn off your computer by holding the power button for 5 seconds. Turn it on and press f8 all the time, then go down to run computer in safety mode with networking. Now if you do not have any virus program or do have some old inactive ones, delete them in the control panel, download the new virus program, ex are AVG free or malware free version. Install it and scan your local disk :/C, you will see that the program will identify 2-5 threads. After the scan is finished, delete the threads and restart the computer. This will work, believe me, it is not harder than this. I tried everything else acting like I was some pro or something, all the typing in the command center and all that wont work!!

cateton said...

Now there is another similar virus it calls Virus policia

harry said...

easiest way in Win 7 is to boot into safe mode with command prompt, type explorer.exe (enter)
select start, type restore (in search programs) select system restore from options given, then restore to a date before the infection. The restore takes a while so be patient.

Paul Rose said...

new version of this where it wont let you go into safe mode. loads up starts safe mode then auto reboots back to full windows mode (XP).

Rustam khan said...

computer services spokane Spokane computer repair plans, Mobile Computer Repair, Computer Repair Spokane, Spokane Tech & Spokane Computer Repair.Our team can also computer repair computer Spokane valley.

Post a Comment

Search this blog