“La policia ESPAÑOLA” scam warning. How to delete it

The alert you might see in front of your screen known as “La policia ESPAÑOLA” is the trick of cyber crooks which they use in order to scare users into donating some funds with them. The way it works is as follows – suddenly after the user turns on his/her computer and it boots the user would see this picture, this warning instead of the common desktop with the icons. Moreover, the user would not even be able to do anything at his/her computer. The user cannot run any program or to get rid of this fake alert. What the user is suggested by this virus is to go ahead and insert the special code into the respective field and then to have this warning removed. The trick and the scary thing of it is that the alert states that such user has been tracked as the one engaged in extremely unrighteous activities of illegal content. Well, to tell you the truth, such alert is a totally bogus one. You should not ever trust it but rather remove it as soon as you can. Below please find the guidelines how to do accomplish the removal task for this virus.

“La policia ESPANOLA” important removal milestones:

1. Restart your system into "Safe Mode with Command Prompt". While the PC is booting press the "F8 key" continuously, which should present the "Windows Advanced Options Menu" as presented in the image below. Apply the arrow keys in order to move to "Safe Mode with Command Prompt" and hit Enter key of your keyboard. Login as the same user you were previously logged in under the normal Windows mode.

2. Once Windows boots successfully, the Windows command prompt would appear as described at the screenshot below. At the command prompt, type-in the word "explorer", and press Enter. Windows Explorer should open. Please do not yet close it. You can minimize it for a while.

3. Afterwards open the Registry editor by applying the same Windows command prompt. Type-in the word "regedit" and hit Enter button of your keyboard. The Registry Editor should open.


You know how it normally looks like, don't you? Well, here is the screenshot of it:


4. Find the following registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ In the right-side panel select the registry entry named Shell. Right click on this registry key and select "Modify" option. Its default value should be "Explorer.exe". However, Metropolitan Police virus did its job, and so after you click "Modify" you would see totally different value of this registry entry.

5. Copy the location of the modified value of the above-mentioned registry entry to the piece of paper or memorize its location. It shows where exactly the main executable of Metropolitan Police virus is located.
6. Modify the value of the registry entry back to "explorer.exe" and save the settings of the Registry Editor.
7. Go to the location indicated in the value of modified registry entry. Remove the malicous file. Use the file location you copied into the piece of paper or otherwise noted in step in previous step. In our case, "Metropolitan Police" virus file was located and running from the Desktop. There was a file called "contacts.exe", but it may have different (random) name.
8. Get back to "Normal Mode". In order to reboot your PC, when at the command prompt, type-in the following phrase "shutdown /r /t 0" (without the quotation marks) and hit Enter button.
9. The virus should be gone. However, in order to clean your PC from other possible virus threats and malware remnants, make sure to download and run GridinSoft Trojan Killer downloadable through the button below.

Associated virus files to be removed:

[random].exe

Associated virus registry entries to be removed:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[random].exe"