Severity scale:  
  (98/100)

CIBS POL virus. How to remove? (Uninstall guide)

removal by Jake Doevan - -   Also known as Ukash virus, Police virus | Type: Ransomware
12

CIBS Pol virus is a dangerous ransomware that must be avoided no matter how trustworthy it looks. That's because it belongs to a dangerous group of scammers who spread their viruses in order to swindle the money. They do that by blocking their target PCs down and then convincing their victims to pay a fine for various law violations, such as the use of copyrighted content or distribution of malware. Besides, CIBS Pol. Virus is set victim's IP address and location in order to look more professionally. Please, ignore this sneaky program because it will cause you only unwanted activity on computer. If you see a misleading CIBS Pol. Bundesamt fur Polizei warning on its desktop, run a full system scan with anti-spyware and remove infected files.

HOW CAN I GET INFECTED WITH CIBS Pol virus?

This ransomware attacks those systems that are not protected very well. It typically gets inside the PC through its backdoors when its owner enters infected website or illegal domain. It must be said that the biggest risk of getting infected with this threat is for those who live in Switzerland. Once CIBS Pol virus attacks the PC, it immediately blocks it down. Additionally, it replaces the desktop with its fake notification that says:

ACHTUNG!
Ihr Computer ist aus einem oder mehreren der unten aufgeführten Gründe gesperrt.
Sie haben gegen das Gesetz über «Urheberrecht und verwandte Schutzerchte» (Video, Musik, Software) verstoßen und unrechtmäßig urheberrechtliche Inhalte genutzt, bzw. Verbreitet und somit gegen Art. 128 des Schweizerischen Strafgesetzbuches verstoßen.
(…)
Sobald 72 Stunden verstreichen, verfällt die Möglichkeit, die Geldbuße zu zahlen, und ein Strafverfahren gegen Sie automatisch innerhalb der nächsten 72 Stunden eingeleitet! Die Höhe der Geldstrafe beträgt 100 €. Sie können eine Geldstrafe zahlen Ukash oder Paysafecard.
Wenn Sie die Geldbuße zu zahlen, wird Ihr PC in Ito 72 Stunden freigeschaltet bekommen, nachdem das Geld in die staatliche Rechnung stellen wird. Da Ihr PC entsperrt ist, werden Sie 7 Tage, um alle Verstöße zu berichtigen. Falls alle Verstöße nicht nach 7 Werktagen korrigiert werden, wird Ihr PC wieder gesperrt werden, und ein Strafverfahren gegen Sie eingeleitet automatisch unter einen oder mehrere Artikel oben angegeben.

Additionally, this alert asks to pay the fine of 100 Euro via Ukash, Paysafecard or other prepayment system. Please, never do that because you will lose your money and will support scammers and their future crimes. So, you must remove CIBS POL virus immediately after detection.

HOW TO REMOVE CIBS POL virus?

First of all, follow these steps to unblock your computer:

Flash drive method:

1. Take another machine and use it to download Reimage or other reputable anti-malware program.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with CIBS Pol virus once more and run a full system scan.

* Users infected with CIBS Pol virus are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.

* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.

* Manual CIBS Pol virus removal:

  1. Reboot you infected PC to 'Safe mode with command prompt' to disable thisI virus (this should be working with all versions of this threat)
  2. Run Regedit
  3. Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  4. Search the registry for these files you have written down and delete the registry keys referencing the files.
  5. Reboot and run a full system scan with updated Reimage to remove remaining files.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove CIBS POL virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall CIBS POL virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing CIBS POL virus (2013-03-03)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing CIBS POL virus (2013-03-03)
Hitman Pro
We have tested Hitman Pro's efficiency in removing CIBS POL virus (2013-03-03)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing CIBS POL virus (2013-03-03)
CIBS POL virus snapshot
CIBS POL virus snapshot

CIBS POL virus manual removal:

Kill processes:
[random].exe