Politia Romana is a ransomware “marketed” by cyber criminals in Romania. This program is spread with Trojans coming from infected and malicious websites. It might infect your PC when you use a link in the strange email message coming from unknown website just to find out that cyber criminals are blaming you in a crime while claiming to represent Romanian police. You also might get this infection agter you download a free program from unsecure website. When Politia Romana virus infects your computer, it is configured to run on every Windows startup. Then it locks your computer and exposes a message with false allegations in a crime committed by you online. It might be either use or distribution of prohibited content or child pornography. The ransom is presented as a fine you owe to the government for your “criminal offence”. Few users know that government agencies do not use Ukash or Paysafe card for collecting fines, but this untrasable means of the money transfer suit criminals very well and let them walk free. They push you hard by scaring you with more serious legal actions unless you pay 100 Euro quickly. Some people get scared and pay this ransom to getting out of imaginary trouble and for unlocking their computers. Though, criminals won’t bother with unlocking PCs, and victims are left with a need to somehow remove Politia Romana virus.
Politia Romana Removal Guide
What is Politia Romana?
Politia Romana is a classic ransomware scam designed first to scare and then to extort money. This scam is spread in South-East of Europe, and it is easy to get this computer infection by random browsing. When Politia Romana infects the system, it blocks user’s access to the desktop, and then, it asks for a ransom scaring ones who hesitates to pay quickly. Please, do not expect to remove the image below off your screen by paying 100 Euro to cyber criminals. It is just a money waste and helping them to threaten the World. You need to remove this ransomware, and you can do it manually or for the portion of the sum criminals ask to pay you for nothing.
If your computer is not infected, then be careful while browsing on the Internet or opening your email. Ransomware like Politia Romana virius is spread with Trojans and your computer might get easily infected if you like to visit suspicious websites or to download copyrighted software for free. Set your antivirus right and use it to scan downloaded files and email before opening. It will minimize a chance of getting your system infected with Politia Romana virus and other ransomware.
Politia Romana Removal Tool
Politia Romana virus is difficult to remove because a normal access to computer is completely locked and the Internet is hijacked. This program blocks Windows Safe Mode, and the only exception is a Safe Mode with Command prompt your system protects more strictly. You need to start your system in this mode for performing the removal process. Average computer users might find it difficult since working with Registry Editor is very uncomfortable experience for people without background in computer science, especially if they know how dangerous errors made in the system registry are. They might make your system completely inoperable. Removal tools are a better choice for people without experience in malware removal or system administration.
Politia Romana Removal Tool and the True Sword antispyware scanner programs are a low-cost solution pack offered by Security Stronghold. These two programs help to remove Politia Romana virus, spyware, and other malicious programs. True Sword antispyware comes with a year-long free license, and both of these tools are provided with online support and money back guaranty.
Remove Politia Romana virus manually
You can try to remove Politia Romana virus with your System Restore utility. When it is set properly, it saves your important system settings any time when the system is changed. You need to access Windows System Restore with your system started in a Safe Mode with Command prompt. Then, choose the restore point set right before your system was infected and run restore. It is the easiest way that might help you. Though, you need to be aware of viruses that might infect your system restore files and test your system them your antivirus right after the Politia Romana virus is removed.
If the System Restore cannot be started or it do not have saved restore points, then try to remove Politia Romana virus with following procedures:
1. You need to check and repair proxy settings for your browser to prevent
redirecting your computer to malicious websites. They might be used to reinstall malware that you remove. There is no sign of using this way to protect Politia Romana virus from the removal, but spyware programs installed along onto your computer might use this way to keep your computer under control.
2. When you are done with fixing proxy settings, start your computer in a Safe Mode with a Command Prompt and log in as an administrator. Open Startup folder and remove suspicious files.
For this you need to click Start, select All Programs and find Startup folder. Look at the files located there and remove any suspicious program that you cannot identify. Politia Romana virus uses random names consist of characters and numbers. If it is named as a well-known windows file, then you need to check its location. Malicious programs usually have different extension names, and they are found in a different location as compared to real system files. After you remove Politia Romana virus from the startup list, try to restart your computer in normal mode and see if editing program startup list helped to stop the Politia Romana virus.
3. If changing Startup list doesn’t help, than check and fix registry keys that are used by malicious programs for the automatic start. To remove this keys:
Click Start and type regedit in the search field below. Then press Enter. (On windows XP you need to click Run in the menu and type regedit.exe in the input field of the Run utility.
Press OK button, or Enter key, when done.)
In Registry Editor Look for the keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run [some path to randomly named Politia Romana executable file]
Note: Write this path and file name down. It will help you to find and remove Politia Romana virus main executable file later.
Expand the key:
Look for Shell subkey in the right pane. It should be set to “Explorer”. If there is some other file or some additional string placed after “Explorer”, then remove any extras and leave only “Explorer” as a subkey value.
IMPORTANT: Before you make changes to your system registry, make a backup file for the key that you are going to change or remove. You can do this by opening File menu in the Registry Editor and clicking Export. Then follow instructions on the screen. If something goes wrong, you can restore the registry key by double clicking saved file. If no problems are found, then you can discard backup files later.
Kill Politia Romana malicious processes
Note: The file is located in either %AppData% or %Temp% directory in the current user profile.
Remove Politia Romana virus entries from system registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run [path to random]\[random chars].exe
Delete Politia Romana file and folders:
%UserName%\%Application Data%\[random chars folder name]\[random chars].exe
%UserName%\%Temp%\[random chars folder name]\[random chars].exe
Complete Politia Romana removal
Politia Romana might come with other viruses. After you remove Politia Romana virus, you need to update your antivirus software and run a deep system scan for virus traces. You can use some free and fresh antivirus scanner from trusted vendors for being sure that the removal is complete.
Find more about computer system protection against malicious programs.