Search this blog

Wednesday, November 30, 2011

Las operaciones sobre las actividades ilegales se detectaron en el ordenador virus

Las operaciones sobre las actividades ilegales se detectaron en el ordenador stands for the scary warning in Spanish language known as quite a serious ransomware virus program. Ransomware means the Trojan infection that blocks the infected computer to such an extent that the user is not able to do anything with it, asking the user to pay the ransom in order to restore the infected PC. Once the PC is turned on the user would face the picture shown at the screenshot, instead of the normal desktop background/theme. Please keep in mind that this is nothing but insignificantly modified version of previous trojan horses, such as La policía ESPAÑOLA or Metropolitan Police viruses. You should be aware of the fact that the very scary activity and fictitious accusations of you sending spam messages and watching/sharing illegal videos with explicit content remained without any amendments in this new virus with modified name. It is quite logical that most probably it is going to be spread primarily within Spanish-speaking countries.

It should be noted that this ransomware hijacks your PC and asks you to pay the ransom for further information on how to unlock your computer. It would tell you that you need to exchange cash ($150) for a Ukash or Paysafecard vouchers and send the pin code by e-mail to the address of This virus promises you that you will get the unlock code within the next 24 hours. It says that if you decline to effect the payment as the ransom your IP address and personal data will be sent to Interpol. Well, this is all quite frustrating for unwary users, isn't it? No doubt, this would indeed be quite a scary piece of news, however, bear in mind that such message is totally fabricated. The program we’re talking about cannot encrypt or remove your files. Neither can it steal your personal or private data. In other words, this is nothing but the bogus warning/notice. Therefore, if your PC has been attacked and blocked with Las operaciones sobre las actividades ilegales se detectaron en el ordenador virus please don’t hesitate to carefully obey the instructions to delete this virus as provided below, including the excellent video tutorial for removal of this scam on the example of Metropolitan Police virus removal. Please do not hesitate to get in touch with us if you require any assistance on our part.

Las operaciones sobre las actividades ilegales se detectaron en el ordenador removal video (on the example of Metropolitan Police virus removal):

Important removal milestones:

  1. Restart your system into "Safe Mode with Command Prompt". While the PC is booting press the "F8 key" continuously, which should present the "Windows Advanced Options Menu" as presented in the image below. Apply the arrow keys in order to move to "Safe Mode with Command Prompt" and hit Enter key of your keyboard. Login as the same user you were previously logged in under the normal Windows mode.
  2. Safe Mode with command prompt
  3. Once Windows boots successfully, the Windows command prompt would appear as described at the screenshot below. At the command prompt, type-in the word "explorer", and press Enter. Windows Explorer should open. Please do not yet close it. You can minimize it for a while.
  4. Afterwards open the Registry editor by applying the same Windows command prompt. Type-in the word "regedit" and hit Enter button of your keyboard. The Registry Editor should open.
  5. You know how it normally looks like, don't you? Well, here is the screenshot of it:

  6. Find the following registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ In the right-side panel select the registry entry named Shell. Right click on this registry key and select "Modify" option. Its default value should be "Explorer.exe". However, Metropolitan Police virus did its job, and so after you click "Modify" you would see totally different value of this registry entry.
  7. Copy the location of the modified value of the above-mentioned registry entry to the piece of paper or memorize its location. It shows where exactly the main executable of Metropolitan Police virus is located.
  8. Modify the value of the registry entry back to "explorer.exe" and save the settings of the Registry Editor.
  9. Go to the location indicated in the value of modified registry entry. Remove the malicous file. Use the file location you copied into the piece of paper or otherwise noted in step in previous step. In our case, "Metropolitan Police" virus file was located and running from the Desktop. There was a file called "contacts.exe", but it may have different (random) name.
  10. Get back to "Normal Mode". In order to reboot your PC, when at the command prompt, type-in the following phrase "shutdown /r /t 0" (without the quotation marks) and hit Enter button.
  11. The virus should be gone. However, in order to clean your PC from other possible virus threats and malware remnants, make sure to download and run GridinSoft Trojan Killer downloadable through the button below.

malware removal tool

Associated virus files to be removed:


Associated virus registry entries to be removed:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[random].exe"

No comments:

Post a Comment

Search this blog