Folder AVG Forums » Other topics » Virus Removal, Tools for Removing » Computer Locked By West Yorkshire Police Virus
July 7, 2012 20:28 Computer Locked By West Yorkshire Police Virus #211800
Reply with Quote | Quick Reply | Top
Furry John

Avatar

Novice
Join Date: 7.7.2012
Posts: 3
Hi,
I have used AVG for some 10 years now and always found it reliable but I now have a laptop locked by this virus and as all the help is for Windows XP and I am using Windows 7 64bit I am stuck. Has anyone on the Forum any experience of this virus and how it got through AVG

Furry John
July 8, 2012 01:02 Re: Computer Locked By West Yorkshire Police Virus #211805
Reply with Quote | Quick Reply | Top
Marat66

Avatar

Novice
Join Date: 8.7.2012
Posts: 1
Hi,
Just like you, I've been on AVG for possibly 10 years or so. And I was infected and have just recovered from that irritating thing, spent two hours googling and fiddling with PC! But the solution was not that difficult at the end.

What to do:
- Restart your PC
- As soon as it start booting keep pressing F8 repeatedly (e.g. every second) until you see a list of booting options. If you did not catch it, restart again ...
- Select "Safe mode with networking"
- Once loaded in Safe mode you need to find the offending file, in MY case it was "verclsid.exe". You may have another one, but the sure way to check is ...
- Open Windows Explorer on your C: drive and do search for *.exe
- Once finished searching, sort them out by date (latest on the top)
- At the time of your incident you will see a file was created (~ 07-July 8pm or so) ... it is about 50k in size. - That's the offender. In my case it was "verclsid.exe" stored in the '/AppData/...Something.../Windows/3945/' folder
- Delete that file
- Open Registry editor (regedit)
- Search (Ctrl+F) for this file in the registry, but (important!) ...
- the one I had, was masking under the existing and valid "verclsid.exe" located in the Windows/System32 and Windows/SysWOW64. You may have the same or other file. So be careful you will need to delete entry in the registry for "bad" file, and not for "good/system" one!
- I deleted this whole thing, where the "bad" key ("AppName"="verclsid.exe") was sitting in:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}

There were another registry entries for the "good" ones related to the Windows System (C:\WINDOWS\SysWOW64\verclsid.exe, and Windows\System32\verclsid.exe) - Don't touch those.

Hope this helps!
July 8, 2012 14:00 Re: Computer Locked By West Yorkshire Police Virus #211828
Reply with Quote | Quick Reply | Top
Furry John

Avatar

Novice
Join Date: 7.7.2012
Posts: 3
Hi, Marat

Many thanks for your help, help it certainly did, my Virus file was called SysHostps.exe, it was 50.5K and had only one entry in the Registry. Finding and deleting the file as you said and then deleting the registry entry '/AppData/......../Windows/3720/..... allowed a clean boot of the laptop with seemingly no after effects. Again, many thanks,

Best Regards,

Furry
July 18, 2012 12:22 Re: Computer Locked By West Yorkshire Police Virus #212731
Reply with Quote | Quick Reply | Top
Seah0uses

Avatar

Novice
Join Date: 18.7.2012
Posts: 1
Hi Marat,

Your advice worked for me as well.
Many thanks.

I had spent hours trying other methods, and watching You Tube videos, none of which worked.

My file was called shellstyle.exe.
It was also 50.5k ,and the time stamp was within minutes of my PC locking.
It was hidden in c:\users\"myname"\appdata\local\microsoft\windows\3683
And in the registry HKEY_LOCAL_MACHINE\software\microsoft\windows\current version\run

There was another file in the 3683 folder named a1935a4b which I deleted as well.
Have no idea what that was. :laughing:

Thanks again.
July 20, 2012 22:49 Re: Computer Locked By West Yorkshire Police Virus #212991
Reply with Quote | Quick Reply | Top
tp1958

Avatar

Novice
Join Date: 20.7.2012
Posts: 1
Hi - i found a .exe file called police virus loaded today - deleted it but forgot the name - where should I look in the registry or will the malware scanners correct this?
July 20, 2012 23:48 Re: Computer Locked By West Yorkshire Police Virus #212995
Reply with Quote | Quick Reply | Top
irinakara

Avatar

Novice
Join Date: 20.7.2012
Posts: 1
Fantastic! Thank you, Marat, for a detailed explanation.

That was very successful in my case too! -))

Regards,
I.
July 21, 2012 00:23 Re: Computer Locked By West Yorkshire Police Virus #212997
Reply with Quote | Quick Reply | Top
BrianM12

Avatar

Novice
Join Date: 18.7.2012
Posts: 78
Methods..

Hi,

Here's an easier method: http://www.selectrealsecurity.com/remove-ransomware/
November 8, 2012 10:25 Disapproved post #220052
agvozd

Avatar

Novice
Join Date: 17.11.2011
Posts: 13
The post has been evaluated as inappropriate and therefore it was disapproved.
May 29, 2013 10:41 Disapproved post #229632
dj079

Avatar

Novice
Join Date: 29.5.2013
Posts: 1
The post has been evaluated as inappropriate and therefore it was disapproved.