Popular Virus Removal Tool

Tuesday, April 9, 2013

RCMP (Royal Canadian Mounted Police Ukash Virus): How to Unlock Screen from Ukash Scam?

Different RCMP Ukash Virus

Royal Canadian Mounted Police Ukash Virus has different interface. Should you be that unlucky to be locked down by RCMP virus, you may see several warn pages as shown below:

How would that be possible? In such case, all the above 3 pages are actually one virus? The answer is YES. The trick is attributed to the nature of Trojan-supportive. A Trojan manages to open up a backdoor to receive further command to finish vicious commits. To get more people into believing the warn page saying they have breached laws on sending/containing copyrighted content or visiting prohibited content and thus make them pay the stipulated ransom immediately, the hacker behind Royal Canadian police virus has programmed it to have different pages yet with filched interface from office in an attempt to confuse victims as not to identify which interface is the authentic one. What you should keep in mind is that no office or authority will ever bill the ransom in such way, no matter how real it looks like, all you should do is to get rid of RCMP before it:

  1. Disables any forms of safe mode and displays white/blue/fake warning screen instead; Disables system repair and system restore; 
  2. Disables all functionality and the BIOs is the only hope; 
  3. Make F8 key numb to produce no response; 
  4. Shuts down immediately when you finally get into the desktop. 

Residual Damages It is worthy of notice that your computer can be a mess even after you have removed RCMP lock down virus finally because the backdoor can be exploited by aggressive virus like browser malware and fake anti-spyware. People also get a sluggish PC performance after the removal since junks are piling up in the system that attacked by royal police virus. If you don’t want being entangled by extra problems, you’d better hurry up to unlock your computer from RCMP scam once detected before the backdoor built by ukash virus being further exploited.

How to Remove Royal Canadian Mounted Police Ukash Easily?

Plan A: Remove Royal Canadian Mounted Police Ukash Manually

SITUATION 1: able to enter into safe mode with networking

Step1:Reboot your computer and log into Safe Mode with Networking.
As the computer is booting but before Windows launches, tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to highlight "Safe Mode with Networking" option and press Enter key.


Step2: Launch msconfig. and disable startup items rundll32 

 Click "start" —> put msconfig. in "search box" —> press Enter —> disable rundll32



Step3: Reboot your system one more time and enter into Safe Mode with Networking.

Step4: Run regedit. Search for Winlogon.

Click "start" —> put regedit in "search box" —> press Enter —> press and hold Ctrl+F to search for Winlogon

Step5:There will be a key labeled Shell in the right pane. It should reference Explorer.exe or be blank. If not, right click it and replace it with explorer.exe.

Note: if you cannot load explorer.exe, and cannot see Windows Task Manager or desktop, follow the steps below:

1. start explorer.exe

a) Press "Alt+Ctrl+Del".
b) Click "Task manager"
c) Click "New Task".


 d) Type "explorer.exe" and press "Ok"

Now explorer.exe will load and you can see your Desktop and all your files .

Step6: Save changes, reboot to safe mode with networking.
Step7: Run msconfig and disable all unnecessary startup entries.

a) Related files and folders

  • %Documents and Settings%\All Users\Application Data\[random]
  • %Documents and Settings%\All Users\Application Data\[random].exe
  • %Documents and Settings%\All Users\Application Data\[random].dll
  • %Documents and Settings%\[User Name]\Desktop\Canadian Mounted Police Ukash.lnk
  • %Documents and Settings%\[User Name]\Start Menu\Programs\Canadian Mounted Police Ukash

b) Associated registry entries

  • HKEY_CLASSES_ROOT\CLSID\[random numbers]
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[SET OF RANDOM CHARACTERS].exe"
  • HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ MSConfig \startupfolder\[random names]
  • HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ MSConfig \ startupreg\[random names]

Good for you: Wanna make the removal of Royal Canadian Mounted Police Ukash easier? Dare to try something new? Spyhunter can not only remove Royal Canadian Mounted Police Ukash completely for you but also protect your computer from additional malware like trojan, spyware and ransomware. Download and install Spyunter right away!

Plan B: Remove Royal Canadian Mounted Police Ukash    automatically (with SpyHunter)

Step A. Download removal tool SpyHunter

1) Click here or the icon below to download Free SpyHunter automatically.

2) Follow the instructions to install SpyHunter
  spyhunter run

spyhunter setup

spyhunter setup

Step B. Run SpyHunter to block Royal Canadian Mounted Police Ukash

Run SpyHunter and click "Malware Scan" button to scan your computer, after detect this unwanted program, clean up relevant files and entries completely.

 spyhunter3 scan

Step C. Restart your computer to take effect.


Are you thinking about making the Royal Canadian Mounted Police Ukash removal 1 stone 2 birds happen? There is actually one antivirus program can help you. Download and install Spyhunter to remove Royal Canadian Mounted Police Ukash and protect your computer in the futher!