1 of 2
Danger level 9
Type: Malware
Common infection symptoms:
  • Blocks internet connection
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Slow Computer

Gendarmerie Nationale Virus

Once your operating Windows system gets blocked with an intimidating Gendarmerie Nationale virus notification, you will not be able to access the Desktop, use keyboard shortcuts to launch Task Manager or control your system in a normal way. This is so that you would not be able to remove Gendarmerie Nationale virus from your PC and would have nothing else to do but focus on the fictitious notification. This bogus and misleading warning will inform you that the national French police have carried out an investigation within your computer, which allows accusing you of viewing child pornography videos or sending spam messages linked to terrorism. If you wish to see the full warning, please see it below in the original French language.

Activite illicite demelee!
Ce blocage de l’ordinateur sert a la prevention de vos actes illegaux. Le systeme d’exploitation a ete bloque a cause de la derogation de lois de la Republique Francaise!
On a releve l’infraction a la loi: de votre IP addresse qui correspond a [your IP] on a realise la requete sur le site qui contient la pornographie, la pornographie d’enfant, la sodomie et des actes de violence envers les enfants. Egalement on a recupere un video avec les elements de violence et la pornographie d’enfants. De meme on a retrouve l’envoi cu curriel electronique sous forme de spam avec les dessous terrorists.
Pour lever le blocage de l’ordinateur vous devez payer le recouvrement de 100 euros.
Il y a deux possibilites d’effectuer le paiement:
1) Abolition de dettes a l’aides du systeme de paiement Ukash […]
2) Paiement a l’aide de Paysafecard […]

It is possible that you will be introduced with a slightly different text, since the authentic name of the National Police has also been used by such Ukash viruses as Office Central de Lutte contre la Criminalité Virus or Sacem Police Nationale Virus. This is because the faction of recent ransomware applications is very vast and could target you accordingly to your geographical location, which means that even if you do not live in France, a similar infection could corrupt on your screen soon enough. And once this happens, intimidating accusations and seemingly authentic looking police credentials will make you think that maybe there is a reason behind the lock-down or that you need to pay a fine of 100 Euros for you to regain control over the PC. This, of course, is not something you need to do, and Gendarmerie Nationale virus removal is what you should aim for. To have the infection deleted manually might be too complicated for some Windows users; however, both professionals and inexperienced users will have no trouble using automatic removal tools. The following directions will help you to unlock your PC and install legal security software easily and quickly.

1. Reboot your system in Safe Mode with Networking.
2. Launch your preferred browser and download an automated malware remover to have Gendarmerie Nationale virus eliminated automatically.
3. Launch the System Configuration Utility and disable Startup programs.
4. Once you restart your system, your computer should be unlocked, and you should be able to install the automatic removal tool you have previously downloaded.

UPDATE

PCthreat.com malware researchers report that a new version of the malicious Gendarmerie Nationale Ransomware has emerged recently. This infection has a new interface, but it still uses the credentials of the Gendarmerie to lure in its victims into paying a “fine.” At the moment, the fictitious fine is €200, and users are requested to pay it within 3 days using Ukash or Paysafecard. We have tested this new version of the ransomware in our internal lab, and we have created a guide that will help you eliminate it regardless of which Windows version you run. Note that you can still use automated malware detection and removal software to delete Gendarmerie Nationale Ransomware, as stated in the guide above. If you want to eliminate the current version of this infection manually, use the instructions below. Note that we welcome all questions regarding the removal process in the comments section.

Gendarmerie Nationale Ransomware Removal Step I

Windows XP:

  1. Restart the computer and wait for the BIOS screen to load.
  2. Immediately start tapping F8 until the Windows advanced options menu appears.
  3. Using arrow keys select Safe Mode with Networking and then tap Enter.
  4. Click YES when the Windows is running in safe mode warning appears.

Windows Vista or Windows 7:

  1. Restart the computer and wait for the BIOS screen to load.
  2. Immediately start tapping F8 until the Advanced boot option menu appears.
  3. Select Safe Mode with Networking using arrow keys on the keyboard and tap Enter.

Windows 8 or Windows 8.1:

  1. Click the Power Options button (in Metro UI) on the top-right corner.
  2. Simultaneously tap the Shift key and select Restart.
  3. Open the Troubleshoot menu and move to Advanced options.
  4. Select Startup Settings, click Restart, and wait for the restart to happen.
  5. When the Startup Settings menu reappears, choose F5 for Safe Mode with Networking.

Windows 10:

  1. Move to the left of the Taskbar and click the Windows logo.
  2. Select Power and then click Restart while pressing down the Shift key.
  3. Repeat steps 3-5 using the instructions for Windows 8/Windows 8.1.

Gendarmerie Nationale Ransomware Removal Step II

  1. Launch RUN using Win+R keys (tap them simultaneously).
  2. Enter regedit.exe into the dialog box and click OK. The Registry Editor utility will appear.
  3. In the pane on the left click HKEY_LOCAL_MACHINE.
  4. Move down to SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\.
  5. Identify the value that represents the ransomware (the value data should point to the %AppData% directory).
  6. Right-click this value and select Delete.
  7. Launch Explorer using Win+E keys (tap them simultaneously as well).
  8. Enter %AppData% into the bar at the top.
  9. Right-click and Delete the malicious file (in our case, it was named under.exe, and “Moth Lamb Tate” was mentioned in the file description).
  10. Restart the PC in normal mode and immediately run a full-system scan to see if no leftovers remain.
Download Spyware Removal Tool to Remove* Gendarmerie Nationale Virus
  • Quick & tested solution for Gendarmerie Nationale Virus removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Gendarmerie Nationale Virus

Files associated with Gendarmerie Nationale Virus infection:

ieudator.dll
DLL321.dll
ex3b.dll
xlqbteeb.exe
%ALLUSERSPROFILE%\Application Data
systemcpl.exe
00b5d693.exe
rool0_pk.exe
Piranha.exe
%LOCALAPPDATA%\lollipop
Updating.exe
ctfmon.exe
2084473.dll
Task Scheduler.exe
aPr0hY9.exe
msnmsgrr.exe
securitywindrv.exe
dyjdl.exe
NTServiceManager.exe
wpbt0.dll
comeo.exe
%APPDATA%\system
DA0B.exe
xaZYOVJW.exe
dqnbdq7.dss
questscan.dll
%CommonProgramFiles%
wahneaqa.exe
scvhost.exe
m2PythonLoader.exe
%AppData%
yaiiwockc.dll
%WINDIR%\Temp
OmaSG21e.exe
gcrwcoak.exe
b34btbztdb0vavaw.exe
hwj3ba6j.dss
%APPDATA%\updates
videotwisterSA.exe
xmlfilter.exe
pmstcdjwz.exe
rvcbcyks.exe
ACEIEAddOn.dll
%TEMP%
obvwo.exe
wgsdgsdgdsgsd.exe
bzsbkotiu.exe
%UserProfile%
mplayer2.exe
crack.exe
setex.exe
pYunY8m4VL3qLc.exe
msn.exe
ifgxpers.exe
TimeDateMUICallback.exe
svchost.exe
bf8h8d02hf.exe
uenovfiu.exe
idiokbbrv.exe
Nbt.exe
ubvhynpxh.exe
brenasa.exe
administration.exe
acuvzomo.exe
C87C.exe
魔法桌面第三方主题破解补丁V1.1.exe
p1.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
00qbipeq.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
xctqakcqbeo.dll
jsdhlexdqkllnbcxgai.bfg
JfCqQ5JC.exe
UpgradeHelper.exe
msshell.exe
SyncHostps.exe
skype.dat
wlsidten.dll
msdtmsrd.exe
najeoxtt.exe
WINDED6.exe
bvhylsviw.exe
MusicCollector.exe
%ALLUSERSPROFILE%
Firewallservice.exe
taskhost.exe.exe
3511172082012Build.exe
secproc_isv.exe
wlsidten.exe
n.
audipbrd.exe
Other.res
WinSyncMetastore.exe
wjthvwjb.dss
87b2cb3916261d5c807bf44262755cb0.exe
puozlkmyj.dll
sqlncli.exe
iner.exe
dtkmujvo.exe
Q3d38543.exe
96dddda4.dll
msavfit.exe
%SystemDrive%\????????????
%LOCALAPPDATA%\Temp
%WINDIR%\system32
csrsss.exe
VaultSysUi.exe
install_0_msi.exe
%APPDATA%\Task Scheduler
50E1.exe
UpdatePriv.exe
ssntvs.exe
zqmkrehUkpoKfsafsaZg.exe
oygqyunapnp.exe

Gendarmerie Nationale Virus DLL's to remove:

wpbt0.dll
2084473.dll
96dddda4.dll
DLL321.dll
wlsidten.dll
ACEIEAddOn.dll
ex3b.dll
xctqakcqbeo.dll
ieudator.dll
puozlkmyj.dll
yaiiwockc.dll
questscan.dll

Gendarmerie Nationale Virus processes to kill:

sqlncli.exe
VaultSysUi.exe
SyncHostps.exe
rvcbcyks.exe
aPr0hY9.exe
b34btbztdb0vavaw.exe
crack.exe
ubvhynpxh.exe
ifgxpers.exe
mplayer2.exe
UpgradeHelper.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
zqmkrehUkpoKfsafsaZg.exe
gcrwcoak.exe
brenasa.exe
install_0_msi.exe
OmaSG21e.exe
Task Scheduler.exe
JfCqQ5JC.exe
m2PythonLoader.exe
50E1.exe
Q3d38543.exe
00b5d693.exe
pmstcdjwz.exe
Nbt.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
bf8h8d02hf.exe
ctfmon.exe
iner.exe
wgsdgsdgdsgsd.exe
xaZYOVJW.exe
DA0B.exe
msnmsgrr.exe
wahneaqa.exe
comeo.exe
scvhost.exe
C87C.exe
p1.exe
msn.exe
TimeDateMUICallback.exe
3511172082012Build.exe
pYunY8m4VL3qLc.exe
Piranha.exe
UpdatePriv.exe
msavfit.exe
WINDED6.exe
acuvzomo.exe
dyjdl.exe
wlsidten.exe
NTServiceManager.exe
systemcpl.exe
xmlfilter.exe
魔法桌面第三方主题破解补丁V1.1.exe
Updating.exe
obvwo.exe
audipbrd.exe
csrsss.exe
videotwisterSA.exe
najeoxtt.exe
oygqyunapnp.exe
00qbipeq.exe
securitywindrv.exe
taskhost.exe.exe
MusicCollector.exe
administration.exe
bzsbkotiu.exe
WinSyncMetastore.exe
secproc_isv.exe
uenovfiu.exe
rool0_pk.exe
bvhylsviw.exe
Firewallservice.exe
idiokbbrv.exe
xlqbteeb.exe
dtkmujvo.exe
setex.exe
ssntvs.exe
msdtmsrd.exe
87b2cb3916261d5c807bf44262755cb0.exe
svchost.exe
msshell.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.