1 of 2
Danger level 9
Type: Malware
Common infection symptoms:
  • Blocks internet connection
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Slow Computer

Gendarmerie Nationale Virus

Once your operating Windows system gets blocked with an intimidating Gendarmerie Nationale virus notification, you will not be able to access the Desktop, use keyboard shortcuts to launch Task Manager or control your system in a normal way. This is so that you would not be able to remove Gendarmerie Nationale virus from your PC and would have nothing else to do but focus on the fictitious notification. This bogus and misleading warning will inform you that the national French police have carried out an investigation within your computer, which allows accusing you of viewing child pornography videos or sending spam messages linked to terrorism. If you wish to see the full warning, please see it below in the original French language.

Activite illicite demelee!
Ce blocage de l’ordinateur sert a la prevention de vos actes illegaux. Le systeme d’exploitation a ete bloque a cause de la derogation de lois de la Republique Francaise!
On a releve l’infraction a la loi: de votre IP addresse qui correspond a [your IP] on a realise la requete sur le site qui contient la pornographie, la pornographie d’enfant, la sodomie et des actes de violence envers les enfants. Egalement on a recupere un video avec les elements de violence et la pornographie d’enfants. De meme on a retrouve l’envoi cu curriel electronique sous forme de spam avec les dessous terrorists.
Pour lever le blocage de l’ordinateur vous devez payer le recouvrement de 100 euros.
Il y a deux possibilites d’effectuer le paiement:
1) Abolition de dettes a l’aides du systeme de paiement Ukash […]
2) Paiement a l’aide de Paysafecard […]

It is possible that you will be introduced with a slightly different text, since the authentic name of the National Police has also been used by such Ukash viruses as Office Central de Lutte contre la Criminalité Virus or Sacem Police Nationale Virus. This is because the faction of recent ransomware applications is very vast and could target you accordingly to your geographical location, which means that even if you do not live in France, a similar infection could corrupt on your screen soon enough. And once this happens, intimidating accusations and seemingly authentic looking police credentials will make you think that maybe there is a reason behind the lock-down or that you need to pay a fine of 100 Euros for you to regain control over the PC. This, of course, is not something you need to do, and Gendarmerie Nationale virus removal is what you should aim for. To have the infection deleted manually might be too complicated for some Windows users; however, both professionals and inexperienced users will have no trouble using automatic removal tools. The following directions will help you to unlock your PC and install legal security software easily and quickly.

1. Reboot your system in Safe Mode with Networking.
2. Launch your preferred browser and download an automated malware remover to have Gendarmerie Nationale virus eliminated automatically.
3. Launch the System Configuration Utility and disable Startup programs.
4. Once you restart your system, your computer should be unlocked, and you should be able to install the automatic removal tool you have previously downloaded.

UPDATE

PCthreat.com malware researchers report that a new version of the malicious Gendarmerie Nationale Ransomware has emerged recently. This infection has a new interface, but it still uses the credentials of the Gendarmerie to lure in its victims into paying a “fine.” At the moment, the fictitious fine is €200, and users are requested to pay it within 3 days using Ukash or Paysafecard. We have tested this new version of the ransomware in our internal lab, and we have created a guide that will help you eliminate it regardless of which Windows version you run. Note that you can still use automated malware detection and removal software to delete Gendarmerie Nationale Ransomware, as stated in the guide above. If you want to eliminate the current version of this infection manually, use the instructions below. Note that we welcome all questions regarding the removal process in the comments section.

Gendarmerie Nationale Ransomware Removal Step I

Windows XP:

  1. Restart the computer and wait for the BIOS screen to load.
  2. Immediately start tapping F8 until the Windows advanced options menu appears.
  3. Using arrow keys select Safe Mode with Networking and then tap Enter.
  4. Click YES when the Windows is running in safe mode warning appears.

Windows Vista or Windows 7:

  1. Restart the computer and wait for the BIOS screen to load.
  2. Immediately start tapping F8 until the Advanced boot option menu appears.
  3. Select Safe Mode with Networking using arrow keys on the keyboard and tap Enter.

Windows 8 or Windows 8.1:

  1. Click the Power Options button (in Metro UI) on the top-right corner.
  2. Simultaneously tap the Shift key and select Restart.
  3. Open the Troubleshoot menu and move to Advanced options.
  4. Select Startup Settings, click Restart, and wait for the restart to happen.
  5. When the Startup Settings menu reappears, choose F5 for Safe Mode with Networking.

Windows 10:

  1. Move to the left of the Taskbar and click the Windows logo.
  2. Select Power and then click Restart while pressing down the Shift key.
  3. Repeat steps 3-5 using the instructions for Windows 8/Windows 8.1.

Gendarmerie Nationale Ransomware Removal Step II

  1. Launch RUN using Win+R keys (tap them simultaneously).
  2. Enter regedit.exe into the dialog box and click OK. The Registry Editor utility will appear.
  3. In the pane on the left click HKEY_LOCAL_MACHINE.
  4. Move down to SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\.
  5. Identify the value that represents the ransomware (the value data should point to the %AppData% directory).
  6. Right-click this value and select Delete.
  7. Launch Explorer using Win+E keys (tap them simultaneously as well).
  8. Enter %AppData% into the bar at the top.
  9. Right-click and Delete the malicious file (in our case, it was named under.exe, and “Moth Lamb Tate” was mentioned in the file description).
  10. Restart the PC in normal mode and immediately run a full-system scan to see if no leftovers remain.
Download Spyware Removal Tool to Remove* Gendarmerie Nationale Virus
  • Quick & tested solution for Gendarmerie Nationale Virus removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Gendarmerie Nationale Virus

Files associated with Gendarmerie Nationale Virus infection:

brenasa.exe
p1.exe
ctfmon.exe
87b2cb3916261d5c807bf44262755cb0.exe
b34btbztdb0vavaw.exe
uenovfiu.exe
UpdatePriv.exe
NTServiceManager.exe
Other.res
wpbt0.dll
xlqbteeb.exe
ex3b.dll
msn.exe
%ALLUSERSPROFILE%
ACEIEAddOn.dll
questscan.dll
%CommonProgramFiles%
%TEMP%
audipbrd.exe
zqmkrehUkpoKfsafsaZg.exe
mplayer2.exe
50E1.exe
iner.exe
UpgradeHelper.exe
00b5d693.exe
xmlfilter.exe
comeo.exe
csrsss.exe
yaiiwockc.dll
Updating.exe
ssntvs.exe
wgsdgsdgdsgsd.exe
skype.dat
msdtmsrd.exe
bzsbkotiu.exe
pmstcdjwz.exe
msshell.exe
jsdhlexdqkllnbcxgai.bfg
Nbt.exe
m2PythonLoader.exe
96dddda4.dll
WinSyncMetastore.exe
JfCqQ5JC.exe
%APPDATA%\Task Scheduler
secproc_isv.exe
%SystemDrive%\????????????
%APPDATA%\updates
msavfit.exe
00qbipeq.exe
WINDED6.exe
rool0_pk.exe
DA0B.exe
Firewallservice.exe
obvwo.exe
bvhylsviw.exe
scvhost.exe
administration.exe
C87C.exe
wjthvwjb.dss
%UserProfile%
OmaSG21e.exe
dqnbdq7.dss
msnmsgrr.exe
%AppData%
Q3d38543.exe
3511172082012Build.exe
%APPDATA%\system
aPr0hY9.exe
2084473.dll
%LOCALAPPDATA%\Temp
sqlncli.exe
TimeDateMUICallback.exe
crack.exe
dyjdl.exe
wlsidten.exe
n.
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
puozlkmyj.dll
%WINDIR%\Temp
wlsidten.dll
dtkmujvo.exe
%WINDIR%\system32
rvcbcyks.exe
install_0_msi.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
oygqyunapnp.exe
wahneaqa.exe
ieudator.dll
Task Scheduler.exe
xaZYOVJW.exe
xctqakcqbeo.dll
gcrwcoak.exe
systemcpl.exe
VaultSysUi.exe
hwj3ba6j.dss
ifgxpers.exe
%LOCALAPPDATA%\lollipop
SyncHostps.exe
taskhost.exe.exe
setex.exe
securitywindrv.exe
idiokbbrv.exe
Piranha.exe
bf8h8d02hf.exe
videotwisterSA.exe
ubvhynpxh.exe
%ALLUSERSPROFILE%\Application Data
MusicCollector.exe
魔法桌面第三方主题破解补丁V1.1.exe
svchost.exe
najeoxtt.exe
acuvzomo.exe
pYunY8m4VL3qLc.exe
DLL321.dll

Gendarmerie Nationale Virus DLL's to remove:

puozlkmyj.dll
ACEIEAddOn.dll
2084473.dll
96dddda4.dll
DLL321.dll
ieudator.dll
wpbt0.dll
wlsidten.dll
ex3b.dll
yaiiwockc.dll
questscan.dll
xctqakcqbeo.dll

Gendarmerie Nationale Virus processes to kill:

ubvhynpxh.exe
魔法桌面第三方主题破解补丁V1.1.exe
p1.exe
Q3d38543.exe
idiokbbrv.exe
JfCqQ5JC.exe
audipbrd.exe
iner.exe
msavfit.exe
rvcbcyks.exe
oygqyunapnp.exe
najeoxtt.exe
TimeDateMUICallback.exe
taskhost.exe.exe
50E1.exe
Nbt.exe
msn.exe
3511172082012Build.exe
C87C.exe
msshell.exe
administration.exe
wgsdgsdgdsgsd.exe
setex.exe
00b5d693.exe
bvhylsviw.exe
WinSyncMetastore.exe
msnmsgrr.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
pmstcdjwz.exe
xaZYOVJW.exe
sqlncli.exe
Firewallservice.exe
ssntvs.exe
rool0_pk.exe
Task Scheduler.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
00qbipeq.exe
gcrwcoak.exe
videotwisterSA.exe
87b2cb3916261d5c807bf44262755cb0.exe
Updating.exe
DA0B.exe
systemcpl.exe
wlsidten.exe
zqmkrehUkpoKfsafsaZg.exe
m2PythonLoader.exe
Piranha.exe
ifgxpers.exe
b34btbztdb0vavaw.exe
NTServiceManager.exe
secproc_isv.exe
xmlfilter.exe
OmaSG21e.exe
bf8h8d02hf.exe
UpdatePriv.exe
comeo.exe
pYunY8m4VL3qLc.exe
obvwo.exe
acuvzomo.exe
install_0_msi.exe
crack.exe
MusicCollector.exe
wahneaqa.exe
scvhost.exe
SyncHostps.exe
msdtmsrd.exe
WINDED6.exe
uenovfiu.exe
svchost.exe
mplayer2.exe
brenasa.exe
dtkmujvo.exe
aPr0hY9.exe
UpgradeHelper.exe
ctfmon.exe
securitywindrv.exe
csrsss.exe
VaultSysUi.exe
xlqbteeb.exe
dyjdl.exe
bzsbkotiu.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.