Virus removal procedure

The “Police” virus has been prevalent recently and these are the steps that I’ve taken to remove it.

Update: apologies but the images were lost on this post.

  1. Start the PC but keep pressing [F8] until it goes into Windows Safe Mode. You are unlikely to get access to Safe Mode with Networking so if you haven’t got a copy of Malwarebytes, it is important that you download a copy of it (on another PC) and put it on a USB flash stick for step 4 below. 
  2. Once there, you need to run System Restore to the registry get back to a point prior to the PC becoming infected. The way we run System Restore is by running the program itself. The program is called RSTRUI.EXE and these are alternative ways of getting it to run:-
    1. If you have access to the Windows Start button, press that and enter RSTRUI.EXE in the search boxwindows-start

      windows-start-run

    2. Alternatively Press [Control]+[Alt]+[Delete] and select “Start Task Manager”. Hopefully you get the option to click File > Runtask-manager

       

    3. task-manager-run
    4. Another possibility is to start Windows Explorer and navigate to C:\WINDOWS\SYSTEM32\RSTRUI.EXE or possibly C:\WINDOWS\SYSTEM32\RESTORE\RSTRUI.EXE
  3. Once you have started RSTRUI.EXE it will present you with these screens…Select the Restore Point that you know to be before the Virus infected your PC.system-restore1

    system-restore2

  4. This should have removed the virus from the computer’s registry, however you will still have it on your disk drive and it is most likely going to reinfect your PC when you reboot! So you now need to run the copy of Malwarebytes that you downloaded earlier. Use one of the methods in step 2 to find Malwarebytes on your computer or flash stick. Mine was installed earlier to this location…
    C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbam.exeRun a Full Scan of the whole PC, the Registry etc.  It should find and quarantine the virus.  You can then restart the PC and you should have removed the virus.