Europol virus or EC3 virus is a dangerous ransomware program, which seeks to rip its victims off. It does that by making them believe that they have violated various laws and now have to pay the fine for the real Europol. Besides, it blocks the entire system down and shows only this fake warning instead of typical user's desktop. Before you fall for this scam and pay the 'fine', keep in mind that such governmental organizations have never been blocking computers when trying to collect their fines. They have more effective methods for that. Europol virus is a huge scam, which continues spreading in Europe for a long time. In order to trick its victims, it shows their IP address, location, EC3 logos, webcam and other details. Please, ignore its professionally-designed warning and stay away from it's requirement to pay the fine. The biggest risk to get infected with Europol virus is for those who live in countries that belong to the European Union.
HOW CAN I GET INFECTED WITH EUROPOL VIRUS?
Europol virus is distributed by trojan horse, which comes on the system without being asked. Mostly, it can be downloaded together with freeware, shareware, fake software and its updates. As soon as it gets inside the target PC, this trojan blocks the whole system and downloads malicious files that belong to Europol virus. So, when eliminating this threat from the system, the main thing will be to get rid of those files. Additionally, Europol virus replaces PC's desktop with a fake notification, which claims:
Attention! Your PC has been locked! Attention!
Your computer has been trying to download and/or to install pirated software or multimedia files protected by international laws and has been blocked According to EU legislation you are required to pay 100 EUR administrative fees if this is the first time you have violated the copyright law. Downloading, installing and distributing Such materials is highly punishable and may leave a long lasting effect on your job and on your friends and relatives, if we don’t receive a payment within 48 hours your personal information will be Sent TO your local police authorities. Your hardware used for distribution of pirated software will be confiscated and you will be arrested, charged and convicted for up to 5 years in prison time and registered as a thief for the rest of your life.
Be aware that there are many different versions of this ransomware that attack different European countries. Viruses use EC3 or Europol symbolic only to look trustworthy and legitimate while legitimate organizations don't use such methods for collecting their fines. Please, ignore them and remove European virus from the system.
HOW TO REMOVE EUROPOL VIRUS?
First of all, you have to remove the lock. Some users have reported about setting computer's date back for that. However, another part of victims find it useless. If you are one of them, please, try these methods:
Flash drive method:
1. Take another machine and use it to download Reimage or other reputable anti-malware program.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with Europol virus once more and run a full system scan.
* Users infected with these ransomware threats are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.
* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.
* Manual Europol virus removal (special skills needed!):
- Reboot you infected PC to 'Safe mode with command prompt' to disable thisI virus (this should be working with all versions of this threat)
- Run Regedit
- Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
- Search the registry for these files you have written down and delete the registry keys referencing the files.
- Reboot and run a full system scan with updated Reimage, Malwarebytes MalwarebytesCombo Cleaner or Plumbytes Anti-MalwareMalwarebytes Malwarebytes.