How West Yorkshire Police Virus works?

West Yorkshire Police virus is a ransomware that aims at computers from Great Britain. It uses local police name to perform its criminal activities. After this virus attacks your computer, you will see it at once. When having West Yorkshire Police Virus, a computer user sees only one message on her PC‘s screen. It is not possible to do anything else since the system is blocked. The warning states that your computer is locked due to illegal activities with it. You are accused of using and distributing prohibited content, visited pornographic or other illegal sites. You are charged a fine for these criminal activities. Text of the message is similar to this:

Warning!
Please wait, your data is being verified!
If you enter correct code and pay the fine, you will regain access to your computer.
If you enter a wrong code, this message will reappear.
If you enter a wrong code three times, your hard drive will be completely wiped, your computer will be damaged and unusable.
Your IP-address will be stored in our databases. (If you go with your IP address back to pornographic web pages) and your case will be transferred to special task force for further investigation!
Estimated verification time 4 hours.
Your computer was used for illegal purposes. Your Windows license number has been identified.

I hope you browsed the Internet to find out more about the warning before you paid the fine. The message you see on your PC is fake, you are not charged by any police institutions. Do not pay the fine since it will not solve your problem, only further fund development of similar scam. You should remove West Yorkshire virus at once. If you already paid the fine, contact your credit card company as soon as possible and try to dispute the charges.

FunMoods hijacker

FunMoods is a toolbar that is installed to a browser together with other programs. Usually it goes with certain video grabber software, PDF creators or programs that are distributed for free. After the program is installed FunMoods toolbar replaces default search provider to his own. It states that the change was made to display entertaining animation. The true reason is not as innocent as the declared one. After a search is performed the user gets results of both: unpaid and paid pages. It is almost impossible to distinguish which results are given only because the owner paid for the advertisement and not because it matched the search criteria.

The above given are good enough reasons for some people to wish to remove FunMoods from their browser. Yet a simple uninstal procedure will not help here. To get rid of this hijacker you will have to do three simple steps:

  • Uninstall the toolbar;
  • Reset your search provider
  • Change your home page.

It is also advisable to scan your computer with a reputable antispyware program, like Spybot S&D or  Spyhunter. It will also help you to protect your computer from hijackers like FunMoods in the future. Full removal instructions for Funmoods are available on 2-viruses.com and on youtube.

FBI virus – a hoax trying to trick you

The Federal Bureau Investigation has locked your computer because of the Copyright and Related Rights Law violation? Don‘t rush to spend your money paying the fine. This is not a true alert. It is FBI virus that got inside your computer through security vulnerabilities. This malware blocks user’s computer stating that there was illegally used or distributed copyrighted content, viewed or distributed prohibited pornographic content, etc. It also informs that the following computer is infected by a rogue and the only way to fix the problem is to pay a 100$ fine through MoneyPak.

Continue reading

Windows Maintenance Guard rogue removal tools

Windows Maintenance Guard is a scareware that is enrobed in the garments of some legitimate security tool. Whereas this is nothing but the next outrageous forgery prepared by hackers to be launched into the world wide web for the specific purpose of ripping users off. Regretfully, there have been some who in despair decided to fulfill the malicious instructions of the crooks. They wasted their money without actually receiving anything good in response. So, we hope that this will never be the case with you. Remove this junkware application from your computer and ignore whatever it tells you.

Continue reading

Windows Antivirus Rampart uninstall instructions

The best way to remove Windows Antivirus Rampart is to do it automatically by referring to the aid of some powerful antimalware tool. Of course, there’s a chance of deleting this junkware manually, but there are very many files and registry entries of this rogue, thus making the uninstall procedures of the malware quite time-consuming. The first step to removal of Windows Antivirus Rampart rogue is to understand that this is a fake antivirus program requiring immediate elimination.

Continue reading

Windows Ultimate Security Patch. How to uninstall

Windows Ultimate Security Patch is a program that is not meant to render security for your system. So, do not let the malware trick you into performing its misleading instructions. Like many other similar rogues of FakeVimes virus family, this one is brought into your PC without warning or your permission.

Continue reading

Windows Defence Counsel – another Fake Vimes

Windows Defence Counsel rogue seems to be a fresh version of Fake Vimes rogue antivirus. The rogue follows a close pattern to change its names each couple of days and is quite aggressive. Never believe pages that claim being able detect parasites by scanning your PC without any consent. The most of such pages distribute rogue software like Windows Defence Counsel seems to be.

Continue reading

System message – Write Fault Error

System message – Write Fault Error is the notification that can be received by some PC users nowadays. There are chances that this message could be the true one being originated by Windows operating system and implying certain real problems with your computer. In this case it means that something is really wrong with your file system and that certain actions should be undertaken on your part in order to have these issues and errors eliminated (repaired). However, if you receive this message nowadays there are more chances that this one is originated by viruses and fake system defragmenters like Data Recovery and Smart HDD (the latest known malwares of such type). The message actually says the following:

System message – Write Fault Error
A Write command during the test has failed to complete. This may be due to a media or read/write error. The system generates an exception error when using a reference to an invalid system memory address.

Continue reading

System Error. Hard disk failure detected

System Error. Hard disk failure detected message most probably means that your computer is infected with fake hard drive defragmenter (virus). We used the phrase “most probably” because this is the exact title of the fake security warning that tends to appear just before fake HDD virus first comes up in front of user’s desktop. Generally, there is no any other real problem which would be entitled likewise. So, this is obviously the scary technique of rogue developers in order to persuade users that allegedly something is really going wrong with the computer. The truth of the matter, however, that “System Error. Hard disk failure detected” notice has no any decent grounds for appearance. It should be mentioned that quite often the malware developers don’t even have good English writing skills to write the interface of their fake security programs. Well, this is the exact case with fake HDD hoax (whatever name it has). In order to have the virus causing “System Error. Hard disk failure detected” message to appear please carefully follow the removal guide provided in the link below.

Continue reading

Stay away from Data Recovery virus

Data Recovery is fresh version of fake defragmenters that resurfaced with new skin. This program should be removed at once because it won’t do anything good but scare you about various pc problems. The Data Recovery defragmenter installs from attachments in spam messages and comes with other parasites. It will hide your files and folders, stop programs from running and mess up your PC.
Each time you boot your PC you will see tons of S.M.A.R.T. Data Recovery popups. If you click on one of these, your PC will start a “scan” which will show forged messages about hardware problems that should be fixed. The scan is imitation only. Data Recovery cannot detect ANYTHING for real. Everything it shows is a bunch of lies and you should delete it from your PC.
You might wonder why your antivirus has not detected this scam. Data Recovery installs with specific parasite that blocks execution of legitimate removal programs thus it is quite difficult to remove it with antivirus installed on PC. In most cases you will need another anti-malware program or remove it manually.
For the full removal instructions visit the Data recovery virus removal guide on 2-viruses.com


Fake information presented by Data recovery malware:

  • Hard drive rotational speed decreased by 20%
  • Drive C initializing error
  • Disk drive C:\ is unreadable
  • System files are damaged. System is unstable.
  • GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system failure
  • The problem may cause errors while loading your operation system
  • RAM memory speed decreased significantly and may cause a system failure
  • Hard drive does not correspond to system requests
  • Damaged hard drive clusters detected. Private data is at risk. Restore is required
  • C:\System32\drivers is damaged. This problem may cause a system failure
  • Hard drive rotational speed exceeds system limits and may cause a system failure
  • Boot sector of the hard drive is damaged
  • Hard drive space less than technical limits
  • RAM Memory temperature is 83

The following fake error messages normally popup in the right-bottom part of user’s desktop. No doubt, they all should also be disregarded by you.

  • Critical Error!
    HDD clusters are partly damaged. Segment load failure
  • Critical Error!
    Windows OS can’t detect a free hard disk space. HDD error
  • Critical Error!
    Damaged hard drive clusters detected. Private data is at risk.
  • Critical Error!
    Hard Drive not found. Missing hard drive.
  • Critical Error!
    RAM memory usage is critically high. RAM memory failure.
  • Critical Error!
    Windows can’t find hard disk space. Hard drive error
  • Critical Error!
    Windows was unable to save all the data for the file \System32\496A8312. The data has been lost. This error may be caused by a failure of your computer hardware.
  • Critical Error!
    A critical error has occurred while indexing data stored on hard drive. System restart required.
  • System Restore
    The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
  • Activation Reminder

    Data Recovery Activation
    Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features.

  • Low Disk Space
    You are running very low disk space on Local Disk (C:).
  • Windows – No Disk
    Exception Processing Message 0x0000013

Data Recovery system amendments:

Data Recovery files added:

  • %CommonAppData%\[random].exe
  • %AppData%\Microsoft\Internet Explorer\Quick Launch\Data recovery.lnk
  • %Desktop%\Data recovery.lnk
  • %StartMenu%\Programs\Data recovery\
  • %StartMenu%\Programs\Data recovery\Data recovery.lnk
  • %StartMenu%\Programs\Data recovery\Uninstall Data recovery.lnk
  • %Temp%\smtmp\
  • %Temp%\smtmp\1
  • %Temp%\smtmp\1
  • %Temp%\smtmp\2
  • %Temp%\smtmp\3
  • %Temp%\smtmp\4

Data Recovery registry entries added:

  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ‘0’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ‘0’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ‘1’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ‘1’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ‘1’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ‘1’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ‘1’
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ‘0’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ‘0’