Remove METROPOLITAN POLICE Ransomware (Uninstall Guide)

"METROPOLITAN POLICE" Attention! Illegal activity was revealed! is a ransomware-based malware that demands you to pay up in order to regain control of your computer. About a month ago, we wrote about ransomware that replaces the Windows desktop with a fake warning from the German Federal Police (BUNDESPOLIZEI). Apparently cybercrooks are moving to Great Britain. As we wrote previously, if your computer is infected with ransomware, you will notice the difference right away. Your Desktop will be taken over by a scam notice headed METROPOLITAN POLICE. It will stop you from accessing your files, programs and system tools. Even if you start your machine in Safe Mode or Safe Mode with Networking you'll get the same issue. The trojan claims that you were watching illegal pornographic websites and states that if you don't pay £75 in 24 hours then your computer will be wiped clean. Don't worry, the Trojan is not capable of doing this. On the other hand, no one would really want to run the risk of losing important files or family photos so there is a great chance that someone will actually fall victim to scam artists behind the Metropolitan Police malware. To remove the METROPOLITAN POLICE ransomware from your computer, please follow the steps in the removal guide below. Good luck and be safe online!

---

Metropolitan Police malware removal instructions:

1. Reboot your computer is "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm



2. When Windows loads, the Windows command prompt will show up as show in the image below. At the command prompt, type explorer, and press Enter. Windows Explorer opens. Do not close it.



3. Then open the Registry editor using the same Windows command prompt. Type regedit and press Enter. The Registry Editor opens.



4. Locate the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

In the righthand pane select the registry key named Shell. Right click on this registry key and choose Modify.



Default value is Explorer.exe.



Modified value data points to Trojan Ransomware executable file.



Please copy the location of the executable file it points to into Notepad or otherwise note it and then change value data to Explorer.exe. Click OK to save your changes and exit the Registry editor.

5. Remove the malicous file. Use the file location you saved into Notepad or otherwise noted in step in previous step. In our case, "Metropolitan Police" was run from the Desktop. There was a file called movie.exe.

Full path: C:\Documents and Settings\Michael\Desktop\movie.exe



Go back into "Normal Mode". To restart your computer, at the command prompt, type shutdown /r /t 0 and press Enter.



6. Download recommended anti-malware software (STOPzilla) and scan your computer for malware. That's it!

---

Associated Metropolitan Police malware files and registry values:

Files:

• [SET OF RANDOM CHARACTERS].exe

Registry values:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[SET OF RANDOM CHARACTERS].exe"

Share this information with other people: