Las operaciones sobre las actividades ilegales se detectaron en el ordenador Ransomware

"Las operaciones sobre las actividades ilegales se detectaron en el ordenador", this is the sentence the Spanish ransomware begins. It's a slightly modified variant of the previous Trojan called "La policía ESPAÑOLA". The behavior and false accusations of sending spam and watching/sharing illegal adult videos remain unchanged. The trojan hijacks your computer and demands ransom payment for further instructions on how to unlock the system. You need to exchange cash ($150) for a Ukash or Paysafecard voucher and email the pin code to info@stopkriminal.net. Hopefully, you will get the unlock code during the next 24 hours. If you refuse to pay the ransom, your IP address and personally identifiable information will be sent to Interpol. Scary isn't it? It would be, if it wasn't fake. It can't encrypt or delete your files. It can't steal personally identifiable information either. It's just a fake notification. If your computer is infected with this Las operaciones sobre las actividades ilegales se detectaron en el ordenador ransomware, please follow the removal instructions below. Good luck and be safe online!


http://deletemalware.blogspot.com

---

Las operaciones sobre las actividades ilegales se detectaron en el ordenador ransomware removal instructions:

1. Reboot your computer is "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm



2. When Windows loads, the Windows command prompt will show up as show in the image below. At the command prompt, type explorer, and press Enter. Windows Explorer opens. Do not close it.



3. Then open the Registry editor using the same Windows command prompt. Type regedit and press Enter. The Registry Editor opens.



4. Locate the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

In the righthand pane select the registry key named Shell. Right click on this registry key and choose Modify.



Default value is Explorer.exe.



Modified value data points to Trojan Ransomware executable file.



Please copy the location of the executable file it points to into Notepad or otherwise note it and then change value data to Explorer.exe. Click OK to save your changes and exit the Registry editor.

5. Remove the malicous file. Use the file location you saved into Notepad or otherwise noted in step in previous step. In our case, "Las operaciones sobre las actividades ilegales se detectaron en el ordenador" was run from the Desktop. There was a file called calc.exe.

Full path: C:\Documents and Settings\Michael\Desktop\calc.exe



Go back into "Normal Mode". To restart your computer, at the command prompt, type shutdown /r /t 0 and press Enter.



6. Download anti-malware software and scan your computer for malicious software.

If this removal guide didn't help you, please follow the general Trojan.Ransomware removal guide.

---

Associated Las operaciones sobre las actividades ilegales se detectaron en el ordenador malware files and registry values:

Files:

• [SET OF RANDOM CHARACTERS].exe

Registry values:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[SET OF RANDOM CHARACTERS].exe"

Share this information with other people: