1 of 2
Danger level 9
Type: Malware
Common infection symptoms:
  • Blocks internet connection
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Slow Computer

Gendarmerie Nationale Virus

Once your operating Windows system gets blocked with an intimidating Gendarmerie Nationale virus notification, you will not be able to access the Desktop, use keyboard shortcuts to launch Task Manager or control your system in a normal way. This is so that you would not be able to remove Gendarmerie Nationale virus from your PC and would have nothing else to do but focus on the fictitious notification. This bogus and misleading warning will inform you that the national French police have carried out an investigation within your computer, which allows accusing you of viewing child pornography videos or sending spam messages linked to terrorism. If you wish to see the full warning, please see it below in the original French language.

Activite illicite demelee!
Ce blocage de l’ordinateur sert a la prevention de vos actes illegaux. Le systeme d’exploitation a ete bloque a cause de la derogation de lois de la Republique Francaise!
On a releve l’infraction a la loi: de votre IP addresse qui correspond a [your IP] on a realise la requete sur le site qui contient la pornographie, la pornographie d’enfant, la sodomie et des actes de violence envers les enfants. Egalement on a recupere un video avec les elements de violence et la pornographie d’enfants. De meme on a retrouve l’envoi cu curriel electronique sous forme de spam avec les dessous terrorists.
Pour lever le blocage de l’ordinateur vous devez payer le recouvrement de 100 euros.
Il y a deux possibilites d’effectuer le paiement:
1) Abolition de dettes a l’aides du systeme de paiement Ukash […]
2) Paiement a l’aide de Paysafecard […]

It is possible that you will be introduced with a slightly different text, since the authentic name of the National Police has also been used by such Ukash viruses as Office Central de Lutte contre la Criminalité Virus or Sacem Police Nationale Virus. This is because the faction of recent ransomware applications is very vast and could target you accordingly to your geographical location, which means that even if you do not live in France, a similar infection could corrupt on your screen soon enough. And once this happens, intimidating accusations and seemingly authentic looking police credentials will make you think that maybe there is a reason behind the lock-down or that you need to pay a fine of 100 Euros for you to regain control over the PC. This, of course, is not something you need to do, and Gendarmerie Nationale virus removal is what you should aim for. To have the infection deleted manually might be too complicated for some Windows users; however, both professionals and inexperienced users will have no trouble using automatic removal tools. The following directions will help you to unlock your PC and install legal security software easily and quickly.

1. Reboot your system in Safe Mode with Networking.
2. Launch your preferred browser and download an automated malware remover to have Gendarmerie Nationale virus eliminated automatically.
3. Launch the System Configuration Utility and disable Startup programs.
4. Once you restart your system, your computer should be unlocked, and you should be able to install the automatic removal tool you have previously downloaded.

UPDATE

PCthreat.com malware researchers report that a new version of the malicious Gendarmerie Nationale Ransomware has emerged recently. This infection has a new interface, but it still uses the credentials of the Gendarmerie to lure in its victims into paying a “fine.” At the moment, the fictitious fine is €200, and users are requested to pay it within 3 days using Ukash or Paysafecard. We have tested this new version of the ransomware in our internal lab, and we have created a guide that will help you eliminate it regardless of which Windows version you run. Note that you can still use automated malware detection and removal software to delete Gendarmerie Nationale Ransomware, as stated in the guide above. If you want to eliminate the current version of this infection manually, use the instructions below. Note that we welcome all questions regarding the removal process in the comments section.

Gendarmerie Nationale Ransomware Removal Step I

Windows XP:

  1. Restart the computer and wait for the BIOS screen to load.
  2. Immediately start tapping F8 until the Windows advanced options menu appears.
  3. Using arrow keys select Safe Mode with Networking and then tap Enter.
  4. Click YES when the Windows is running in safe mode warning appears.

Windows Vista or Windows 7:

  1. Restart the computer and wait for the BIOS screen to load.
  2. Immediately start tapping F8 until the Advanced boot option menu appears.
  3. Select Safe Mode with Networking using arrow keys on the keyboard and tap Enter.

Windows 8 or Windows 8.1:

  1. Click the Power Options button (in Metro UI) on the top-right corner.
  2. Simultaneously tap the Shift key and select Restart.
  3. Open the Troubleshoot menu and move to Advanced options.
  4. Select Startup Settings, click Restart, and wait for the restart to happen.
  5. When the Startup Settings menu reappears, choose F5 for Safe Mode with Networking.

Windows 10:

  1. Move to the left of the Taskbar and click the Windows logo.
  2. Select Power and then click Restart while pressing down the Shift key.
  3. Repeat steps 3-5 using the instructions for Windows 8/Windows 8.1.

Gendarmerie Nationale Ransomware Removal Step II

  1. Launch RUN using Win+R keys (tap them simultaneously).
  2. Enter regedit.exe into the dialog box and click OK. The Registry Editor utility will appear.
  3. In the pane on the left click HKEY_LOCAL_MACHINE.
  4. Move down to SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\.
  5. Identify the value that represents the ransomware (the value data should point to the %AppData% directory).
  6. Right-click this value and select Delete.
  7. Launch Explorer using Win+E keys (tap them simultaneously as well).
  8. Enter %AppData% into the bar at the top.
  9. Right-click and Delete the malicious file (in our case, it was named under.exe, and “Moth Lamb Tate” was mentioned in the file description).
  10. Restart the PC in normal mode and immediately run a full-system scan to see if no leftovers remain.
Download Spyware Removal Tool to Remove* Gendarmerie Nationale Virus
  • Quick & tested solution for Gendarmerie Nationale Virus removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Gendarmerie Nationale Virus

Files associated with Gendarmerie Nationale Virus infection:

%APPDATA%\system
uenovfiu.exe
m2PythonLoader.exe
acuvzomo.exe
VaultSysUi.exe
Other.res
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
%LOCALAPPDATA%\Temp
ubvhynpxh.exe
jsdhlexdqkllnbcxgai.bfg
TimeDateMUICallback.exe
brenasa.exe
aPr0hY9.exe
puozlkmyj.dll
%WINDIR%\Temp
wlsidten.dll
00qbipeq.exe
msnmsgrr.exe
UpdatePriv.exe
xmlfilter.exe
wpbt0.dll
msshell.exe
oygqyunapnp.exe
87b2cb3916261d5c807bf44262755cb0.exe
ifgxpers.exe
taskhost.exe.exe
Piranha.exe
WINDED6.exe
Nbt.exe
JfCqQ5JC.exe
setex.exe
rool0_pk.exe
iner.exe
questscan.dll
pmstcdjwz.exe
svchost.exe
gcrwcoak.exe
2084473.dll
dtkmujvo.exe
Q3d38543.exe
Updating.exe
skype.dat
WinSyncMetastore.exe
msdtmsrd.exe
%CommonProgramFiles%
%UserProfile%
msavfit.exe
00b5d693.exe
bzsbkotiu.exe
%WINDIR%\system32
bf8h8d02hf.exe
scvhost.exe
%TEMP%
NTServiceManager.exe
crack.exe
bvhylsviw.exe
%APPDATA%\Task Scheduler
DLL321.dll
comeo.exe
SyncHostps.exe
DA0B.exe
wlsidten.exe
%LOCALAPPDATA%\lollipop
%APPDATA%\updates
install_0_msi.exe
C87C.exe
xlqbteeb.exe
%ALLUSERSPROFILE%
idiokbbrv.exe
rvcbcyks.exe
wahneaqa.exe
xctqakcqbeo.dll
securitywindrv.exe
yaiiwockc.dll
p1.exe
ieudator.dll
obvwo.exe
MusicCollector.exe
50E1.exe
%ALLUSERSPROFILE%\Application Data
OmaSG21e.exe
csrsss.exe
wgsdgsdgdsgsd.exe
96dddda4.dll
videotwisterSA.exe
zqmkrehUkpoKfsafsaZg.exe
audipbrd.exe
administration.exe
mplayer2.exe
%AppData%
msn.exe
systemcpl.exe
UpgradeHelper.exe
dqnbdq7.dss
hwj3ba6j.dss
najeoxtt.exe
secproc_isv.exe
魔法桌面第三方主题破解补丁V1.1.exe
3511172082012Build.exe
Task Scheduler.exe
Firewallservice.exe
pYunY8m4VL3qLc.exe
ssntvs.exe
wjthvwjb.dss
ACEIEAddOn.dll
sqlncli.exe
b34btbztdb0vavaw.exe
dyjdl.exe
ex3b.dll
%SystemDrive%\????????????
n.
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
xaZYOVJW.exe
ctfmon.exe

Gendarmerie Nationale Virus DLL's to remove:

DLL321.dll
questscan.dll
ieudator.dll
2084473.dll
wpbt0.dll
ex3b.dll
wlsidten.dll
yaiiwockc.dll
ACEIEAddOn.dll
puozlkmyj.dll
96dddda4.dll
xctqakcqbeo.dll

Gendarmerie Nationale Virus processes to kill:

{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
taskhost.exe.exe
msdtmsrd.exe
魔法桌面第三方主题破解补丁V1.1.exe
zqmkrehUkpoKfsafsaZg.exe
WINDED6.exe
VaultSysUi.exe
wlsidten.exe
install_0_msi.exe
scvhost.exe
TimeDateMUICallback.exe
secproc_isv.exe
JfCqQ5JC.exe
sqlncli.exe
csrsss.exe
uenovfiu.exe
ssntvs.exe
setex.exe
NTServiceManager.exe
wahneaqa.exe
msnmsgrr.exe
dyjdl.exe
gcrwcoak.exe
ubvhynpxh.exe
pmstcdjwz.exe
ifgxpers.exe
bzsbkotiu.exe
xaZYOVJW.exe
rvcbcyks.exe
administration.exe
rool0_pk.exe
Task Scheduler.exe
bvhylsviw.exe
systemcpl.exe
comeo.exe
OmaSG21e.exe
brenasa.exe
mplayer2.exe
idiokbbrv.exe
3511172082012Build.exe
aPr0hY9.exe
87b2cb3916261d5c807bf44262755cb0.exe
obvwo.exe
b34btbztdb0vavaw.exe
SyncHostps.exe
Piranha.exe
UpdatePriv.exe
oygqyunapnp.exe
svchost.exe
00b5d693.exe
ctfmon.exe
Updating.exe
UpgradeHelper.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
msavfit.exe
wgsdgsdgdsgsd.exe
bf8h8d02hf.exe
Firewallservice.exe
xmlfilter.exe
audipbrd.exe
msshell.exe
acuvzomo.exe
msn.exe
Q3d38543.exe
pYunY8m4VL3qLc.exe
m2PythonLoader.exe
iner.exe
50E1.exe
C87C.exe
MusicCollector.exe
p1.exe
videotwisterSA.exe
securitywindrv.exe
00qbipeq.exe
Nbt.exe
najeoxtt.exe
crack.exe
DA0B.exe
xlqbteeb.exe
dtkmujvo.exe
WinSyncMetastore.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.