1 of 2
Danger level 9
Type: Malware
Common infection symptoms:
  • Blocks internet connection
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Slow Computer

Gendarmerie Nationale Virus

Once your operating Windows system gets blocked with an intimidating Gendarmerie Nationale virus notification, you will not be able to access the Desktop, use keyboard shortcuts to launch Task Manager or control your system in a normal way. This is so that you would not be able to remove Gendarmerie Nationale virus from your PC and would have nothing else to do but focus on the fictitious notification. This bogus and misleading warning will inform you that the national French police have carried out an investigation within your computer, which allows accusing you of viewing child pornography videos or sending spam messages linked to terrorism. If you wish to see the full warning, please see it below in the original French language.

Activite illicite demelee!
Ce blocage de l’ordinateur sert a la prevention de vos actes illegaux. Le systeme d’exploitation a ete bloque a cause de la derogation de lois de la Republique Francaise!
On a releve l’infraction a la loi: de votre IP addresse qui correspond a [your IP] on a realise la requete sur le site qui contient la pornographie, la pornographie d’enfant, la sodomie et des actes de violence envers les enfants. Egalement on a recupere un video avec les elements de violence et la pornographie d’enfants. De meme on a retrouve l’envoi cu curriel electronique sous forme de spam avec les dessous terrorists.
Pour lever le blocage de l’ordinateur vous devez payer le recouvrement de 100 euros.
Il y a deux possibilites d’effectuer le paiement:
1) Abolition de dettes a l’aides du systeme de paiement Ukash […]
2) Paiement a l’aide de Paysafecard […]

It is possible that you will be introduced with a slightly different text, since the authentic name of the National Police has also been used by such Ukash viruses as Office Central de Lutte contre la Criminalité Virus or Sacem Police Nationale Virus. This is because the faction of recent ransomware applications is very vast and could target you accordingly to your geographical location, which means that even if you do not live in France, a similar infection could corrupt on your screen soon enough. And once this happens, intimidating accusations and seemingly authentic looking police credentials will make you think that maybe there is a reason behind the lock-down or that you need to pay a fine of 100 Euros for you to regain control over the PC. This, of course, is not something you need to do, and Gendarmerie Nationale virus removal is what you should aim for. To have the infection deleted manually might be too complicated for some Windows users; however, both professionals and inexperienced users will have no trouble using automatic removal tools. The following directions will help you to unlock your PC and install legal security software easily and quickly.

1. Reboot your system in Safe Mode with Networking.
2. Launch your preferred browser and download an automated malware remover to have Gendarmerie Nationale virus eliminated automatically.
3. Launch the System Configuration Utility and disable Startup programs.
4. Once you restart your system, your computer should be unlocked, and you should be able to install the automatic removal tool you have previously downloaded.

UPDATE

PCthreat.com malware researchers report that a new version of the malicious Gendarmerie Nationale Ransomware has emerged recently. This infection has a new interface, but it still uses the credentials of the Gendarmerie to lure in its victims into paying a “fine.” At the moment, the fictitious fine is €200, and users are requested to pay it within 3 days using Ukash or Paysafecard. We have tested this new version of the ransomware in our internal lab, and we have created a guide that will help you eliminate it regardless of which Windows version you run. Note that you can still use automated malware detection and removal software to delete Gendarmerie Nationale Ransomware, as stated in the guide above. If you want to eliminate the current version of this infection manually, use the instructions below. Note that we welcome all questions regarding the removal process in the comments section.

Gendarmerie Nationale Ransomware Removal Step I

Windows XP:

  1. Restart the computer and wait for the BIOS screen to load.
  2. Immediately start tapping F8 until the Windows advanced options menu appears.
  3. Using arrow keys select Safe Mode with Networking and then tap Enter.
  4. Click YES when the Windows is running in safe mode warning appears.

Windows Vista or Windows 7:

  1. Restart the computer and wait for the BIOS screen to load.
  2. Immediately start tapping F8 until the Advanced boot option menu appears.
  3. Select Safe Mode with Networking using arrow keys on the keyboard and tap Enter.

Windows 8 or Windows 8.1:

  1. Click the Power Options button (in Metro UI) on the top-right corner.
  2. Simultaneously tap the Shift key and select Restart.
  3. Open the Troubleshoot menu and move to Advanced options.
  4. Select Startup Settings, click Restart, and wait for the restart to happen.
  5. When the Startup Settings menu reappears, choose F5 for Safe Mode with Networking.

Windows 10:

  1. Move to the left of the Taskbar and click the Windows logo.
  2. Select Power and then click Restart while pressing down the Shift key.
  3. Repeat steps 3-5 using the instructions for Windows 8/Windows 8.1.

Gendarmerie Nationale Ransomware Removal Step II

  1. Launch RUN using Win+R keys (tap them simultaneously).
  2. Enter regedit.exe into the dialog box and click OK. The Registry Editor utility will appear.
  3. In the pane on the left click HKEY_LOCAL_MACHINE.
  4. Move down to SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\.
  5. Identify the value that represents the ransomware (the value data should point to the %AppData% directory).
  6. Right-click this value and select Delete.
  7. Launch Explorer using Win+E keys (tap them simultaneously as well).
  8. Enter %AppData% into the bar at the top.
  9. Right-click and Delete the malicious file (in our case, it was named under.exe, and “Moth Lamb Tate” was mentioned in the file description).
  10. Restart the PC in normal mode and immediately run a full-system scan to see if no leftovers remain.
Download Spyware Removal Tool to Remove* Gendarmerie Nationale Virus
  • Quick & tested solution for Gendarmerie Nationale Virus removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Gendarmerie Nationale Virus

Files associated with Gendarmerie Nationale Virus infection:

MusicCollector.exe
Firewallservice.exe
secproc_isv.exe
UpdatePriv.exe
wgsdgsdgdsgsd.exe
mplayer2.exe
ctfmon.exe
msshell.exe
install_0_msi.exe
Task Scheduler.exe
questscan.dll
wjthvwjb.dss
svchost.exe
%WINDIR%\Temp
%UserProfile%
C87C.exe
Q3d38543.exe
aPr0hY9.exe
najeoxtt.exe
brenasa.exe
%ALLUSERSPROFILE%
00b5d693.exe
ssntvs.exe
96dddda4.dll
dtkmujvo.exe
DLL321.dll
systemcpl.exe
oygqyunapnp.exe
WinSyncMetastore.exe
uenovfiu.exe
50E1.exe
Updating.exe
sqlncli.exe
bf8h8d02hf.exe
ex3b.dll
Nbt.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
Piranha.exe
xmlfilter.exe
dqnbdq7.dss
%SystemDrive%\????????????
魔法桌面第三方主题破解补丁V1.1.exe
%CommonProgramFiles%
videotwisterSA.exe
msn.exe
NTServiceManager.exe
%APPDATA%\updates
obvwo.exe
%APPDATA%\Task Scheduler
ACEIEAddOn.dll
rool0_pk.exe
msnmsgrr.exe
bzsbkotiu.exe
%ALLUSERSPROFILE%\Application Data
JfCqQ5JC.exe
iner.exe
ieudator.dll
msavfit.exe
%TEMP%
n.
DA0B.exe
WINDED6.exe
securitywindrv.exe
zqmkrehUkpoKfsafsaZg.exe
msdtmsrd.exe
3511172082012Build.exe
yaiiwockc.dll
%LOCALAPPDATA%\lollipop
m2PythonLoader.exe
wahneaqa.exe
87b2cb3916261d5c807bf44262755cb0.exe
wlsidten.exe
gcrwcoak.exe
rvcbcyks.exe
setex.exe
UpgradeHelper.exe
bvhylsviw.exe
%AppData%
pmstcdjwz.exe
ifgxpers.exe
pYunY8m4VL3qLc.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
taskhost.exe.exe
csrsss.exe
dyjdl.exe
xlqbteeb.exe
jsdhlexdqkllnbcxgai.bfg
%WINDIR%\system32
xaZYOVJW.exe
wlsidten.dll
administration.exe
TimeDateMUICallback.exe
p1.exe
hwj3ba6j.dss
%APPDATA%\system
SyncHostps.exe
wpbt0.dll
b34btbztdb0vavaw.exe
acuvzomo.exe
puozlkmyj.dll
ubvhynpxh.exe
2084473.dll
Other.res
VaultSysUi.exe
audipbrd.exe
00qbipeq.exe
skype.dat
OmaSG21e.exe
idiokbbrv.exe
scvhost.exe
%LOCALAPPDATA%\Temp
comeo.exe
crack.exe
xctqakcqbeo.dll

Gendarmerie Nationale Virus DLL's to remove:

yaiiwockc.dll
puozlkmyj.dll
2084473.dll
ACEIEAddOn.dll
96dddda4.dll
wlsidten.dll
ex3b.dll
xctqakcqbeo.dll
wpbt0.dll
ieudator.dll
questscan.dll
DLL321.dll

Gendarmerie Nationale Virus processes to kill:

00qbipeq.exe
UpgradeHelper.exe
scvhost.exe
dyjdl.exe
brenasa.exe
xaZYOVJW.exe
setex.exe
xmlfilter.exe
securitywindrv.exe
administration.exe
msnmsgrr.exe
pYunY8m4VL3qLc.exe
najeoxtt.exe
DA0B.exe
Piranha.exe
OmaSG21e.exe
idiokbbrv.exe
00b5d693.exe
comeo.exe
87b2cb3916261d5c807bf44262755cb0.exe
audipbrd.exe
pmstcdjwz.exe
csrsss.exe
SyncHostps.exe
wahneaqa.exe
bvhylsviw.exe
TimeDateMUICallback.exe
魔法桌面第三方主题破解补丁V1.1.exe
WinSyncMetastore.exe
C87C.exe
msavfit.exe
bf8h8d02hf.exe
Nbt.exe
Q3d38543.exe
wlsidten.exe
mplayer2.exe
obvwo.exe
ssntvs.exe
NTServiceManager.exe
acuvzomo.exe
ctfmon.exe
50E1.exe
rool0_pk.exe
WINDED6.exe
msshell.exe
Task Scheduler.exe
ubvhynpxh.exe
install_0_msi.exe
ifgxpers.exe
b34btbztdb0vavaw.exe
VaultSysUi.exe
MusicCollector.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
zqmkrehUkpoKfsafsaZg.exe
UpdatePriv.exe
sqlncli.exe
gcrwcoak.exe
crack.exe
JfCqQ5JC.exe
3511172082012Build.exe
aPr0hY9.exe
iner.exe
taskhost.exe.exe
secproc_isv.exe
systemcpl.exe
msdtmsrd.exe
p1.exe
wgsdgsdgdsgsd.exe
oygqyunapnp.exe
uenovfiu.exe
msn.exe
Updating.exe
Firewallservice.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
videotwisterSA.exe
rvcbcyks.exe
svchost.exe
xlqbteeb.exe
bzsbkotiu.exe
m2PythonLoader.exe
dtkmujvo.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.