Home / Removal Guide / Ransomware / PCEU virus. How to remove Police Central E-Crime Unit ransomware

PCEU virus. How to remove Police Central E-Crime Unit ransomware

[Total: 0    Average: 0/5]

There is a serious ransomware virus infection in the cyber world today that users the good name of PCEU (Police Central e-crime Unit) of the UK’s Metropolitan Police and says that your computer has been locked. This is the direct successor of the Metropolitan Police ransomware that has been extremely active in attacking computers in the United Kingdom of Great Britain and Northern Ireland since the year 2011. Actually, 2011 has been the year of rise of ransomware infections that began attacking many European and Western countries. Today PCEU scam remains active and targets the computers of innocent users. Many systems have indeed been locked with this serious Trojan that completely disables the desktop (screen) of the infected computer, as well as the keyboard. The purpose of this scam is to make users really horrified with the bunch of faulty accusations about alleged (fake) crimes supposedly committed by user while surfing the web. Without any doubt, obtaining such a scary notification out of the blue might indeed be scary, especially if you don’t realize that this warning has nothing to do with real PCEU (Police Central e-Crime Unit) of the UK’s Metropolitan Police.

PCEU virus screenshot

PCEU virus

Text of PCEU virus scary warning:

Your Computer has been locked
You have broken the law, your actions are illegal and will lead to criminal liability.
The work of your computer has been suspended on the grounds of unauthorized cyberactivity.
Possible violations are described below:
Article – 174. Copyright
Imprisonment for the term of up to 2-5 years
(The use or sharing of copyrighted files). A fine from 18,000 up to 23,000 GBP.
Article – 183. Pornography
Imprisonment for the term of up to 2-3 years
(The use or distribution of pornographic files). A fine from 18,000 up to 25,000 GBP.
Article – 184. Pornography involving children (under 18 years)
Imprisonment for the term of up to 10-15 years
(The use or distribution of pornographic files). A fine from 20,000 up to 40,000 GBP.
Article – 104. Promoting Terrorism
Imprisonment for the term of up to 25 years without appeal
(Visiting the websites of terrorist groups). A fine from 35,000 up to 45,000 GBP with property confiscation.
Article – 68. The distribution of virus programs Imprisonment for the term of up to 2 years
(The development or distribution of virus programs, which have caused harm to other computers). A fine from 15,000 up to 28,000 GBP.
Article – 113. The use of unlicensed software Imprisonment for the term of up to 2 years
(The use of unlicensed software). A fine from 10,000 up to 22,000 GBP.
Article – 99. Cheating with payment cards, carding
Imprisonment for the term of up to 5 years
(The operation with the use of payment card or its details which was not initiated or not confirmed by the holder). A fine from 30,000 up to 75,000 GBP with property confiscation.
Article – 156. Spamming pornographic content
Imprisonment for the term of up to 2 years
(Spamming pornographic content by means of e-mail or social Networks). A fine from 16,000 up to 38,000 GBP.

Restoring the computer locked with PCEU ransomware might not be an easy undertaking. The point is that this PCEU malware may have various variations. Some of them allow the computer to be booted into safe mode with networking or command prompt, whereas others don’t. However, in the majority of the cases PCEU virus belongs to the Reveton type of computer infection, and this means that it is possible to unlock your system using some simple and clear manual steps that you will need to undertake.

Police Central E-Crime Unit ransomware, of course, comes to your system without approval or permission. Restarting the computer to get rid of this scam doesn’t help, no matter of how many times you’ve attempted to reboot your system. Still, there are solutions that will help you unlock your system. The first solution is automatic whereas the second one implies undertaking some manual procedures. The choice, of course, is all yours.

When dealing with PCEU ransomware you should realize the fact that this is the scam, so you should immediately ignore all scary alerts and warnings associated with it. Remember that you’ve never committed any crimes of which you’re being accused. Hence, there’s nothing to be worried about. Go ahead and get rid of PCEU malware from your computer as described below with the help of GridinSoft Trojan Killer.

Ransomware removal solutions

Solution 1 (automatic)

NB! This solution is applicable for all GreenDot MoneyPak, Ukash and Paysafecard ransomwares.

  1. Reboot your system and press F8 repeatedly while it is restarting.
  2. Select Safe Mode with Networking.
  3. Safe Mode with Networking

  4. Click Start and in the open space type Run, or press [Win]+R on keyboard.
  5. Start - Run

  6. Type msconfig and press “OK“.
  7. msconfig

  8. Disable startup items rundll32 turning on any application from Application Data.
  9. Reboot your computer once again.
  10. Scan your system with GridinSoft Trojan Killer to identify the infected file and delete it.

NB! Some versions of these viruses disable all safe modes, but give a short gap that you can use to run anti-malware tools. Then act as follows:

  1. Reboot normally.
  2. Click Start and in the open space type Run.
  3. Start - Run

  4. Enter the text https://trojan-killer.net/download.php in the open field.
  5. Download link for Trojan Killer

  6. If the malware is loaded, just press Alt+Tab once and keep entering the string blindly then press Enter. Press Alt+tab and then R (letter) a couple of times. The process of ransomware virus should be killed after you succeed to download, install our recommended software and scan your system with it.

Solution 2 (automatic)

  1. Go to your friend, relative or anybody else who has computer with Internet connection.
  2. Take your USB flash drive / Memory Stick with you.
  3. Download GridinSoft Trojan Killer installation file from this site https://trojan-killer.net/download.php and save it to your USB flash drive / Memory Stick.
  4. Get back to your infected PC and insert the USB Drive / Memory Stick into the respective USB slot.
  5. Perform hard reset (press reset button on your computer) if your infected PC has been on with ransomware’s background. If not, then simply turn your PC on.
  6. Before the very boot process begins keep repeatedly hitting “F8” button on your keyboard.
  7. In the window that appeared select “Safe Mode with Command Prompt” option and press Enter.
  8. Safe Mode with Command Prompt

  9. Choose your operating system and user account which was infected with ransomware virus.
  10. In the cmd.exe window type “explorer” and press “Enter” button on your keyboard.
  11. Select “My Computer” and choose your USB flash drive / Memory Stick.
  12. Run the installation file of GridinSoft Trojan Killer. Install the program and run scan with it. (update of the program will not work for “Safe mode with command prompt” option)
  13. When the hijackers are successfully disabled (fixed) by GridinSoft Trojan Killer you may close GridinSoft Trojan Killer application.
  14. In the cmd.exe window type “shutdown /r /t 0” and press “Enter” button on your keyboard.
  15. shutdown /r /t 0

  16. Upon system reboot your PC will be unlocked and you will be able to use it just as before the infection took pace.
  17. However, it is recommended that you now update GridinSoft Trojan Killer and run the scan with it again to remove the source of the infections causing ransomware virus to infect your PC.

Similar automatic removal video

Solution 3 (manual)

  1. Restart your system into “Safe Mode with Command Prompt“. While the PC is booting press the “F8 key” continuously, which should present the “Windows Advanced Options Menu” (for Windows XP) or “Advanced Boot Options” (for Windows 7 and Vista) as presented in the image below. Apply the arrow keys in order to move to “Safe Mode with Command Prompt” and hit Enter key of your keyboard. Login as the same user you were previously logged in under the normal Windows mode.
  2. Safe Mode with Command Prompt

  3. Once Windows boots successfully, the Windows command prompt would appear as described at the screenshot below. At the command prompt, type-in the word “explorer.exe“, and press Enter. Windows Explorer should open. Please do not yet close it. You can minimize it for a while.
  4. explorer.exe

  5. Afterwards open the Registry editor by applying the same Windows command prompt. Type-in the word “regedit.exe” and hit Enter button of your keyboard. The Registry Editor should open.
  6. regedit.exe

  7. Find the following registry entry:
  8. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon

  9. In the right-side panel select the registry entry named Shell. Right click on this registry key and select “Modify” option. Its default value should be “Explorer.exe“. However, ransomware virus did its job, and so after you click “Modify” you would see totally different value of this registry entry.
  10. Copy the location of the modified value of the above-mentioned registry entry to the piece of paper or memorize its location. It shows where exactly the main executable of ransomware virus is located.
  11. Modify the value of the registry entry back to “explorer.exe” and save the settings of the Registry Editor.
  12. Go to the location indicated in the value of modified registry entry. Remove the malicous file. Use the file location you copied into the piece of paper or otherwise noted in step in previous step.
  13. Get back to “Normal Mode“. In order to reboot your system, when at the command prompt, type-in the following phrase “shutdown /r /t 0” (without the quotation marks) and hit Enter button.
  14. shutdown /r /t 0

  15. The virus should be gone. However, in order to clean your PC from other possible virus threats and malware remnants, make sure to download and run GridinSoft Trojan Killer.

Similar manual removal video

Check Also

How to detect Anatova Ransomware?

[Total: 0    Average: 0/5] Anatova malware is not a typical bot or keylogger, this …

.Tfudeq (_openme.txt) scary alerts (removal instructions)

[Total: 0    Average: 0/5] .Tfudeq (_openme.txt) malware is not a typical bot or keylogger, …

One comment

  1. thank you so much this was a life saver I had tried every other possible way and each way was going to cost me money and would take for ever but this was fantastic thank you so much

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.