What is Royal Canadian Mounted Police virus?
Royal Canadian Mounted Police Ukash virus (can also be found as Royal Canadian Mounted Police virus or RCMP virus) is a dangerous ransomware, which, after infiltrating the system, displays a huge notification on the desktop that asks to pay a ransom. Threats that belong to this group are spread all over the world and different versions attack different countries, so it’s almost clear that Royal Canadian Mounted Police virus is used to infect Canadians and near countries. Once this threat enters the system, it blocks it down and starts showing a huge alert saying ‘Royal Canadian Mounted Police’. This alert has been asking to pay CAD $100 but today it is asking to make a payment of $500. This payment should be made via PayPal cash cards. Of course, you should never do that. That’s because you haven’t made any law violations and you are not dealing with people from police. hackers are the ones that are hiding behind this scam, so there is no point in paying the fine. If you can clearly see that you have been infected by Royal Canadian Mounted Police virus, you should ignore its alert and remove infected files from the system. In most of the cases, it seems that it’s impossible because you can’t launch any program (including anti-malware) when infected with ransomware. However, you just need to know about some simple steps that will help you to unblock your PC system. Besides, at the moment of writing, scammers have developed this virus and now it can easily affect Android OS. If your device is blocked byRoyal Canadian Mounted Police ransomware, you should also look at the guide in the end of this post.
HOW CAN I GET INFECTED WITH Royal Canadian Mounted Police scam?
RCMP virus is distributed by Trojan that comes inside together with fake flash update or video codec. Besides, scammers have also been noticed using spam to spread this virus. Once inside, this ransomware virus locks the desktop down and displays an alert, which asks to pay the fine. In most of the cases, this virus is also attributed to Ukash screen-lockers that ask to use this prepayment system for ‘paying the fine’. Before you do that, you must realize that Royal Canadian Mounted Police virus is a ransomware infection that belongs to scammers seeking to extort money from innocent PC users. Please, ignore this notification and remove this virus as soon as possible:
Your PC is blocked due to at least one of the reasons specified below.
You have been violating ‘Copyright and Related Rights Law o (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Canada.
Article 128 of the Criminal Code provides for a fine of 200 to 500 minimal wages or a deprivation of liberty for 2 to 8 years.
You have been viewing or distributing prohibited Pornographic content (Child Porno, Zoophilia and etc). Thus violating
Article 202 of the Criminal Code of Canada. Article 202 of the Criminal Code provides for a deprivation of liberty for four to 12 years.
Article 208 of the Criminal Code provides for a fine of up to CAD $100,000 and/or a deprivation of liberty for 4 to 9 years.
HOW TO REMOVE Royal Canadian Mounted Police virus?
When trying to remove Canadian Mounted Police virus, you have to unlock your computer first. For that, follow these options:
* Flash drive method:
1. Take another machine and use it to download Reimage, SpyHunter 5Combo Cleaner, Malwarebytes or other reputable anti-malware program.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with Canadian Mounted Police virus once more and run a full system scan.
* Users infected with Canadian Mounted Police virus are allowed to access other account on Windows system. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.
* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select ‘Deny’: http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. After doing that, run a full system scan with anti-malware program.
* Manual Canadian Mounted Police virus removal:
- Reboot you infected PC to ‘Safe mode with command prompt’ to disable ransomware virus (this should be working with all versions of this threat)
- Run Regedit
- Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
- Search the registry for these files you have written down and delete the registry keys referencing the files.
- Reboot and run a full system scan with updated Reimage. You can also use SpyHunter 5Combo Cleaner or Malwarebytes.
* Canadian Mounted Police virus removal from Android OS:
1. Reboot your Android device into Safe Mode:
- Find the power button and press it for a couple of seconds until you see a menu. Tap the Power off.
- Once you see a dialog window that offers you to reboot your Android to Safe Mode, select this option and OK.
If this failed to work for you, just turn off your device and then turn it on. Once it becomes active, try pressing and holding Menu, Volume Down, Volume Up or Volume Down and Volume Up together to see Safe Mode.
2. Uninstall malicious app (Police virus may hide under BaDoink, Video Player, Network Driver System, Video Render, ScarePakage and other suspicious names):
- When in Safe Mode, go to Settings. Once there, click on Apps or Application manager (this may differ depending on your device).
- Here, look for previously mentioned malicious app(s) and uninstall all of them.
If this failed, enter a random, 15 digit length, code of imaginary MoneyPak xpress Packed voucher that is asked by FBI android virus or follow these steps:
- Go to Settings -> Security. Here, select Device administrators.
- Here, look for previously mentioned malicious app(s) and uncheck it
- In order to finish the removal of Canadian Mounted Police virus, select Deactivate and OK.