1 of 2
Danger level 9
Type: Malware
Common infection symptoms:
  • Blocks internet connection
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Slow Computer

Gendarmerie Nationale Virus

Once your operating Windows system gets blocked with an intimidating Gendarmerie Nationale virus notification, you will not be able to access the Desktop, use keyboard shortcuts to launch Task Manager or control your system in a normal way. This is so that you would not be able to remove Gendarmerie Nationale virus from your PC and would have nothing else to do but focus on the fictitious notification. This bogus and misleading warning will inform you that the national French police have carried out an investigation within your computer, which allows accusing you of viewing child pornography videos or sending spam messages linked to terrorism. If you wish to see the full warning, please see it below in the original French language.

Activite illicite demelee!
Ce blocage de l’ordinateur sert a la prevention de vos actes illegaux. Le systeme d’exploitation a ete bloque a cause de la derogation de lois de la Republique Francaise!
On a releve l’infraction a la loi: de votre IP addresse qui correspond a [your IP] on a realise la requete sur le site qui contient la pornographie, la pornographie d’enfant, la sodomie et des actes de violence envers les enfants. Egalement on a recupere un video avec les elements de violence et la pornographie d’enfants. De meme on a retrouve l’envoi cu curriel electronique sous forme de spam avec les dessous terrorists.
Pour lever le blocage de l’ordinateur vous devez payer le recouvrement de 100 euros.
Il y a deux possibilites d’effectuer le paiement:
1) Abolition de dettes a l’aides du systeme de paiement Ukash […]
2) Paiement a l’aide de Paysafecard […]

It is possible that you will be introduced with a slightly different text, since the authentic name of the National Police has also been used by such Ukash viruses as Office Central de Lutte contre la Criminalité Virus or Sacem Police Nationale Virus. This is because the faction of recent ransomware applications is very vast and could target you accordingly to your geographical location, which means that even if you do not live in France, a similar infection could corrupt on your screen soon enough. And once this happens, intimidating accusations and seemingly authentic looking police credentials will make you think that maybe there is a reason behind the lock-down or that you need to pay a fine of 100 Euros for you to regain control over the PC. This, of course, is not something you need to do, and Gendarmerie Nationale virus removal is what you should aim for. To have the infection deleted manually might be too complicated for some Windows users; however, both professionals and inexperienced users will have no trouble using automatic removal tools. The following directions will help you to unlock your PC and install legal security software easily and quickly.

1. Reboot your system in Safe Mode with Networking.
2. Launch your preferred browser and download an automated malware remover to have Gendarmerie Nationale virus eliminated automatically.
3. Launch the System Configuration Utility and disable Startup programs.
4. Once you restart your system, your computer should be unlocked, and you should be able to install the automatic removal tool you have previously downloaded.

UPDATE

PCthreat.com malware researchers report that a new version of the malicious Gendarmerie Nationale Ransomware has emerged recently. This infection has a new interface, but it still uses the credentials of the Gendarmerie to lure in its victims into paying a “fine.” At the moment, the fictitious fine is €200, and users are requested to pay it within 3 days using Ukash or Paysafecard. We have tested this new version of the ransomware in our internal lab, and we have created a guide that will help you eliminate it regardless of which Windows version you run. Note that you can still use automated malware detection and removal software to delete Gendarmerie Nationale Ransomware, as stated in the guide above. If you want to eliminate the current version of this infection manually, use the instructions below. Note that we welcome all questions regarding the removal process in the comments section.

Gendarmerie Nationale Ransomware Removal Step I

Windows XP:

  1. Restart the computer and wait for the BIOS screen to load.
  2. Immediately start tapping F8 until the Windows advanced options menu appears.
  3. Using arrow keys select Safe Mode with Networking and then tap Enter.
  4. Click YES when the Windows is running in safe mode warning appears.

Windows Vista or Windows 7:

  1. Restart the computer and wait for the BIOS screen to load.
  2. Immediately start tapping F8 until the Advanced boot option menu appears.
  3. Select Safe Mode with Networking using arrow keys on the keyboard and tap Enter.

Windows 8 or Windows 8.1:

  1. Click the Power Options button (in Metro UI) on the top-right corner.
  2. Simultaneously tap the Shift key and select Restart.
  3. Open the Troubleshoot menu and move to Advanced options.
  4. Select Startup Settings, click Restart, and wait for the restart to happen.
  5. When the Startup Settings menu reappears, choose F5 for Safe Mode with Networking.

Windows 10:

  1. Move to the left of the Taskbar and click the Windows logo.
  2. Select Power and then click Restart while pressing down the Shift key.
  3. Repeat steps 3-5 using the instructions for Windows 8/Windows 8.1.

Gendarmerie Nationale Ransomware Removal Step II

  1. Launch RUN using Win+R keys (tap them simultaneously).
  2. Enter regedit.exe into the dialog box and click OK. The Registry Editor utility will appear.
  3. In the pane on the left click HKEY_LOCAL_MACHINE.
  4. Move down to SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\.
  5. Identify the value that represents the ransomware (the value data should point to the %AppData% directory).
  6. Right-click this value and select Delete.
  7. Launch Explorer using Win+E keys (tap them simultaneously as well).
  8. Enter %AppData% into the bar at the top.
  9. Right-click and Delete the malicious file (in our case, it was named under.exe, and “Moth Lamb Tate” was mentioned in the file description).
  10. Restart the PC in normal mode and immediately run a full-system scan to see if no leftovers remain.
Download Spyware Removal Tool to Remove* Gendarmerie Nationale Virus
  • Quick & tested solution for Gendarmerie Nationale Virus removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Gendarmerie Nationale Virus

Files associated with Gendarmerie Nationale Virus infection:

xaZYOVJW.exe
uenovfiu.exe
videotwisterSA.exe
brenasa.exe
2084473.dll
%APPDATA%\updates
DLL321.dll
idiokbbrv.exe
OmaSG21e.exe
Updating.exe
wlsidten.dll
pYunY8m4VL3qLc.exe
NTServiceManager.exe
wjthvwjb.dss
najeoxtt.exe
mplayer2.exe
Other.res
dqnbdq7.dss
aPr0hY9.exe
WINDED6.exe
msavfit.exe
csrsss.exe
xmlfilter.exe
skype.dat
3511172082012Build.exe
%UserProfile%
install_0_msi.exe
50E1.exe
dyjdl.exe
%APPDATA%\Task Scheduler
crack.exe
jsdhlexdqkllnbcxgai.bfg
p1.exe
%ALLUSERSPROFILE%\Application Data
C87C.exe
MusicCollector.exe
UpgradeHelper.exe
%WINDIR%\system32
rvcbcyks.exe
bzsbkotiu.exe
xctqakcqbeo.dll
msnmsgrr.exe
rool0_pk.exe
DA0B.exe
wpbt0.dll
gcrwcoak.exe
comeo.exe
%CommonProgramFiles%
%SystemDrive%\????????????
00qbipeq.exe
pmstcdjwz.exe
oygqyunapnp.exe
%LOCALAPPDATA%\Temp
msshell.exe
%TEMP%
wlsidten.exe
Firewallservice.exe
scvhost.exe
msdtmsrd.exe
魔法桌面第三方主题破解补丁V1.1.exe
87b2cb3916261d5c807bf44262755cb0.exe
wgsdgsdgdsgsd.exe
wahneaqa.exe
ieudator.dll
iner.exe
%AppData%
Piranha.exe
msn.exe
%APPDATA%\system
m2PythonLoader.exe
VaultSysUi.exe
setex.exe
obvwo.exe
JfCqQ5JC.exe
hwj3ba6j.dss
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
bf8h8d02hf.exe
SyncHostps.exe
00b5d693.exe
Task Scheduler.exe
%LOCALAPPDATA%\lollipop
UpdatePriv.exe
acuvzomo.exe
%WINDIR%\Temp
systemcpl.exe
yaiiwockc.dll
Q3d38543.exe
b34btbztdb0vavaw.exe
sqlncli.exe
TimeDateMUICallback.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
puozlkmyj.dll
ex3b.dll
ifgxpers.exe
taskhost.exe.exe
Nbt.exe
96dddda4.dll
WinSyncMetastore.exe
audipbrd.exe
dtkmujvo.exe
administration.exe
ctfmon.exe
questscan.dll
ubvhynpxh.exe
securitywindrv.exe
ssntvs.exe
svchost.exe
secproc_isv.exe
n.
xlqbteeb.exe
%ALLUSERSPROFILE%
zqmkrehUkpoKfsafsaZg.exe
ACEIEAddOn.dll
bvhylsviw.exe

Gendarmerie Nationale Virus DLL's to remove:

2084473.dll
xctqakcqbeo.dll
wpbt0.dll
ex3b.dll
puozlkmyj.dll
DLL321.dll
wlsidten.dll
ieudator.dll
ACEIEAddOn.dll
96dddda4.dll
yaiiwockc.dll
questscan.dll

Gendarmerie Nationale Virus processes to kill:

bf8h8d02hf.exe
Piranha.exe
idiokbbrv.exe
00qbipeq.exe
3511172082012Build.exe
msnmsgrr.exe
WINDED6.exe
Task Scheduler.exe
WinSyncMetastore.exe
wlsidten.exe
secproc_isv.exe
rvcbcyks.exe
securitywindrv.exe
p1.exe
systemcpl.exe
acuvzomo.exe
wahneaqa.exe
aPr0hY9.exe
obvwo.exe
SyncHostps.exe
Updating.exe
bvhylsviw.exe
pYunY8m4VL3qLc.exe
msdtmsrd.exe
C87C.exe
魔法桌面第三方主题破解补丁V1.1.exe
TimeDateMUICallback.exe
gcrwcoak.exe
UpdatePriv.exe
administration.exe
msshell.exe
Nbt.exe
zqmkrehUkpoKfsafsaZg.exe
crack.exe
iner.exe
MusicCollector.exe
bzsbkotiu.exe
UpgradeHelper.exe
00b5d693.exe
csrsss.exe
Q3d38543.exe
m2PythonLoader.exe
oygqyunapnp.exe
taskhost.exe.exe
ssntvs.exe
uenovfiu.exe
brenasa.exe
b34btbztdb0vavaw.exe
87b2cb3916261d5c807bf44262755cb0.exe
dyjdl.exe
xmlfilter.exe
videotwisterSA.exe
sqlncli.exe
VaultSysUi.exe
install_0_msi.exe
setex.exe
mplayer2.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
wgsdgsdgdsgsd.exe
comeo.exe
dtkmujvo.exe
ctfmon.exe
najeoxtt.exe
JfCqQ5JC.exe
Firewallservice.exe
xlqbteeb.exe
ifgxpers.exe
msn.exe
DA0B.exe
scvhost.exe
ubvhynpxh.exe
NTServiceManager.exe
OmaSG21e.exe
audipbrd.exe
svchost.exe
xaZYOVJW.exe
pmstcdjwz.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
msavfit.exe
rool0_pk.exe
50E1.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.