General Picture of Norsk Politi Institutt for Cybercrime
Norsk Politi Institutt for Cybercrime is one variant targeting norwegians from Reventon family. It is distributed through exploit pages. In such a stealthy way it installs itself, a victim does not know about the infection before it is too late. After the successful installation, the fake warning message is displayed without any gap between logging in and warning screen loading. The same screen may be displayed in safe mode with networking and a blank screen in safe mode if no real-time removal is taken. Here is the page that is the only thing visible:
What the message says is almost the same thing with other common ransomware accusing you of violating the laws of government therefore you have to pay a fine of 100 Euros so that you can save your computer and yourself as well and it also alerts that you will soon face a law case and be put in jail if you fail to send the money. If you fell into the trap and already made a payment, contact your credit card company as soon as possible and dispute the charges made.
Am I out of the Danger If I am Not In Norway?
Please be noted that Norsk Politi Institutt for Cybercrime resembles POLIISI Osasto Tietoverkkorikollisuuden and MINISTÈRE DE L'INTÉRIEUR posted recently, it can infected other people in other countries besides Norway by determining where a targeted PC is localized and the interface language and version of the virus according to the victim's IP address. The hacker will not be that diligent to make up something for one country exclusively. What they want is to get easy money in a large amount.
Step-by-Step Tutorial Shows You How to Unlock Your Computer
Step1.:Reboot your computer and log into Safe Mode with Networking. As the computer is booting but before Windows launches, tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to highlight "Safe Mode with Networking" option and press Enter key.
Step2: Launch msconfig. and disable startup items rundll32
Click "start" —> put msconfig. in "search box" —> press Enter — > disable rundll32
Step3: Reboot your system one more time.
Step4: Reboot into safe mode with
command prompt. There should not be blank
screen, nor the fake message
screen.
Step5: Run regedit. Search for
Winlogon.
Click "start" —> put
regedit in "search box"
—> press Enter —> press and
hold Ctrl+F to search
for Winlogon
Step6:There will be a key labeled
Shell in the right pane. It should
reference Explorer.exe or be blank. If
not, right click it and replace it with
explorer.exe.
Step7: Save changes, reboot to
safe mode with
networking.
Step8: Run msconfig and disable
all unnecessary startup
entries.
Related files and
folders:
%AppData%\<random>.exe
%Temp%\<random>.exe
%StartupFolder%\ctfmon.lnk
Associated registry
entries:%AppData%\<random>.exe
%Temp%\<random>.exe
%StartupFolder%\ctfmon.lnk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
HKEY_LOCAL_MACHINE\Software\[random].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Learn How to Unlock Your PC by Watching the Video Below
Note: if you have blank page in safe mode with networking, unable to access to the Internet or get the fake page pop up in safe mode, the situation is much more tough than you can imagine, but you can always find professional help from Tee Support experts 24/7 ready to help.
No comments:
Post a Comment