Severity scale:  
  (99/100)

Public Security Directorate Virus. How to remove? (Uninstall guide)

removal by Jake Doevan - -   Also known as Ukash virus, Hashemite Kingdom of Jordan Public Security Directorate Virus | Type: Ransomware
12

Public Security Directorate Virus (also known as The Hashemite Kingdom of Jordan Public Security Directorate Virus) is a dangerous ransomware infection, which locks computer down once it gets inside it. Of course, it does that for a reason. Just like its classic variant known as FBI virus, Public Security Directorate Virus tries to mislead its victims that they have a deal with governmental authority and that they have been noticed for violating some laws. Typically, this virus lists the use of pornographic content and similar violations. Additionally, this virus asks to pay a fine of 300 dollars using a CashU code in order to avoid more serious charges. Though it sounds convincing, you should never follow this requirement because you will lose the money and won't have your PCs unlocked. In order to fix your computer, you should ignore this hoax and remove Public Security Directorate virus from your computer.

HOW CAN I GET INFECTED WITH Public Security Directorate Virus?

If you are interested in Public Security Directorate virus distribution, we won't say anything new about it because this virus classically relies on trojan horse when it needs to infect the machine without user's knowledge. This trojan can get on your computer via malicious or hacked websites, infected freeware and shareware, spam and similar ways. Once installed, it blocks the whole system and locks computer's screen with this huge notification that reports about illegal activities and asks to pay the fine. Please, keep in mind that governmental organizations have never been using such systems as CashU for collecting their payments. Even ore, they have never been blocking PCs after noticing illegal activities on the Internet. Beware that you can safely ignore Public Security Directorate Virus and remove this threat from your computer.

HOW TOR EMOVE Public Security Directorate Virus?

Before you get ability to run a scan on your computer and remove infected files that belong to Public Security Directorate Virus, you have to unblock your computer's system. For that, follow these steps:

* Flash drive method:

1. Take another machine and use it to download Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus, Reimage or other reputable anti-malware program.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with Public Security Directorate virus once more and run a full system scan.

* Users infected with the Public Security Directorate Virus are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.

* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.

* Manual Public Security Directorate Virus removal:

  1. Reboot you infected PC to 'Safe mode with command prompt' to disable Public Security Directorate Virus (this should be working with all versions of this threat)
  2. Run Regedit
  3. Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  4. Search the registry for these files you have written down and delete the registry keys referencing the files.
  5. Reboot and run a full system scan with updated Reimage to remove remaining Public Security Directorate virus files.

This video guide shows how to remove FBI virus and all ransomware threats that belong to this group of viruses:

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Public Security Directorate Virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Public Security Directorate Virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Public Security Directorate Virus (2013-04-19)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing Public Security Directorate Virus (2013-04-19)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Public Security Directorate Virus (2013-04-19)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing Public Security Directorate Virus (2013-04-19)

Public Security Directorate Virus manual removal:

Kill processes:
tpl_0_c.exe

ch810.exe

0_0u_l.exe

[random].exe

jork_0_typ_col.exe

vsdsrv32.exe

Protector-[rnd].exe

Inspector-[rnd].exe

Delete registry values:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun[random].exe

HKEY_LOCAL_MACHINESOFTWAREFBI Moneypak Virus

HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem ‘DisableRegistryTools’ = 0

HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem ‘EnableLUA’ = 0

HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionInternet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0

HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem ‘DisableRegedit’= 0

HKEY_CURRENT_USERSoftwareFBI Moneypak Virus

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ‘Inspector’

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallFBI Moneypak Virus

HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem ‘DisableTaskMgr’ = 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsprotector.exe

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunInspector %AppData%Protector-[rnd].exe

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsWarnOnHTTPSToHTTPRedirect 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettingsID 4

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettingsUID [rnd]

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettingsnet [date of installation]

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystemConsentPromptBehaviorAdmin 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystemConsentPromptBehaviorUser 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystemEnableLUA 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAAWTray.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAAWTray.exeDebugger svchost.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVCare.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVCare.exeDebugger svchost.exe

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVENGINE.EXE

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsAVENGINE.EXEDebugger svchost.exe

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableRegistryTools” = 0

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem “DisableTaskMgr” = 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “ConsentPromptBehaviorAdmin” = 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “ConsentPromptBehaviorUser” = 0

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem “EnableLUA” = 0

Unregister DLLs:
wpbt0.dll

Delete files:
%Program Files%FBI Moneypak Virus

%AppData%Protector-[rnd].exe

%AppData%Inspector-[rnd].exe

%AppData%vsdsrv32.exe

%AppData%result.db

%AppData%jork_0_typ_col.exe

%appdata%[random].exe

%Windows%system32[random].exe

%Documents and Settings%[UserName]Application Data[random].exe

%Documents and Settings%[UserName]Desktop[random].lnk

%Documents and Settings%All UsersApplication DataFBI Moneypak Virus

%CommonStartMenu%ProgramsFBI Moneypak Virus.lnk

%Temp%_0u_l.exe

%Temp%[random].exe

%StartupFolder%wpbt0.dll

%StartupFolder%ctfmon.lnk

%StartupFolder%ch810.exe

%UserProfile%DesktopFBI Moneypak Virus.lnk

WARNING.txt

V.class

cconf.txt.enc

tpl_0_c.exe