Click on screenshot to zoom
Danger level 9
Type: Malware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Normal system programs crash immediatelly
  • Slow internet connection
  • System crashes
  • Slow Computer

Abu Dhabi Police GHQ virus

Abu Dhabi Police GHQ virus is a ransomware infection which addresses computer users who speak Arabic. It is known to be spread by Urausy Trojan which is a dangerous threat that is able to stop various processes, create and download new dangerous files. Abu Dhabi Police GHQ virus locks the system down and instead of your desktop, you see a bogus warning whenever the system loads.  The aim of the infection is to make you pay a ransom which is either 100 U.S. dollars, 100 Euros or 500 Dirhams. Unlike in other versions of the Trojan, the money has to be transferred via CashU which is a legal prepaid online payment method widely used in the Middle East and North Africa.

However, if you do not want to lose your money, remove the virus from the system. The heading in the warning suggests that you are dealing with Abu Dhabi Police which, in fact, has nothing to do with the situation you have just encountered. Moreover, pay no attention to the logos on the left side of the warning implying that you have been identified as a criminal by Interpol.

If you were to look at other instances of the Trojan, such as POLITIE Belgique Police Federale Virus and some others, you would see that those fictitious warnings contains the credentials of various legal institutions. All of them deal with crime or cyber crime, so if the user of the infected computer knows something about the institution or looks for information about it, he or she starts to think that the case is real.

We ensure you that there is no need to worry about this warning as it is a scam. Its creators are probably a group of hackers, so if you are not willing to boost their profit, remove the infection right now.

In order to get rid of the warning, you should install an anti-spyware program which is powerful enough to terminate the threat. We recommend that you install SpyHunter as this tool has been already used to terminate other variants of the Trojan and distinct computer infections, too. Below you will find instructions which will help you install the program properly so that it is not blocked by the threat.

Policía Nacional de Uruguay Virus Removal

Windows XP

  1. Reboot the computer.
  2. Once the BIOS startup screen showing the information on your hardware loads, tap the F8 key.
  3. Use the arrow keys to select Safe Mode with Networking.
  4. Press Enter.
  5. Click Yes.
  6. Go to the Start menu and launch Run.
  7. Type msconfig in the Open box and press OK.
  8. On the Startup tab, click Disable All and then click Apply.
  9. Download SpyHunter.
  10. Reboot the computer.
  11. Run the installer of the application and run a scan afterwards.

Windows Vista and Windows 7

  1. Restart the computer.
  2. Tap the F8 key as soon as the BIOS screen loads.
  3. Highlight Safe Mode with Networking using the arrow keys and press Enter.
  4. Open a browser.
  5. Go to http://www.pchreat.com/download-sph to download the spyware removal tool.
  6. Install the program and remove the virus.

Windows 8

  1. Press the Windows key.
  2. Click Internet Explorer.
  3. Type http://www.pcthreat.com/download-sph and press Enter.
  4. Download and install the program and scan the PC afterwards.
Download Spyware Removal Tool to Remove* Abu Dhabi Police GHQ virus
  • Quick & tested solution for Abu Dhabi Police GHQ virus removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Abu Dhabi Police GHQ virus

Files associated with Abu Dhabi Police GHQ virus infection:

%ALLUSERSPROFILE%\Application Data
wlsidten.dll
sqlncli.exe
bzsbkotiu.exe
rool0_pk.exe
puozlkmyj.dll
crack.exe
ubvhynpxh.exe
WINDED6.exe
xmlfilter.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
Piranha.exe
securitywindrv.exe
pmstcdjwz.exe
SyncHostps.exe
msnmsgrr.exe
administration.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
dyjdl.exe
%AppData%
2084473.dll
NTServiceManager.exe
C87C.exe
DA0B.exe
oygqyunapnp.exe
setex.exe
ifgxpers.exe
ssntvs.exe
Firewallservice.exe
systemcpl.exe
gcrwcoak.exe
ctfmon.exe
%LOCALAPPDATA%\Temp
yaiiwockc.dll
skype.dat
96dddda4.dll
wpbt0.dll
魔法桌面第三方主题破解补丁V1.1.exe
bvhylsviw.exe
aPr0hY9.exe
rvcbcyks.exe
%LOCALAPPDATA%\lollipop
%SystemDrive%\????????????
audipbrd.exe
obvwo.exe
zqmkrehUkpoKfsafsaZg.exe
JfCqQ5JC.exe
ieudator.dll
uenovfiu.exe
wjthvwjb.dss
87b2cb3916261d5c807bf44262755cb0.exe
Nbt.exe
dtkmujvo.exe
UpdatePriv.exe
msavfit.exe
TimeDateMUICallback.exe
scvhost.exe
ACEIEAddOn.dll
%APPDATA%\updates
VaultSysUi.exe
Updating.exe
UpgradeHelper.exe
msdtmsrd.exe
csrsss.exe
b34btbztdb0vavaw.exe
idiokbbrv.exe
taskhost.exe.exe
wgsdgsdgdsgsd.exe
%WINDIR%\system32
00b5d693.exe
n.
Q3d38543.exe
acuvzomo.exe
comeo.exe
wlsidten.exe
videotwisterSA.exe
%CommonProgramFiles%
install_0_msi.exe
iner.exe
p1.exe
msn.exe
najeoxtt.exe
3511172082012Build.exe
00qbipeq.exe
50E1.exe
Task Scheduler.exe
%APPDATA%\system
MusicCollector.exe
xlqbteeb.exe
%WINDIR%\Temp
pYunY8m4VL3qLc.exe
Other.res
DLL321.dll
WinSyncMetastore.exe
xctqakcqbeo.dll
ex3b.dll
questscan.dll
hwj3ba6j.dss
%UserProfile%
wahneaqa.exe
brenasa.exe
%ALLUSERSPROFILE%
jsdhlexdqkllnbcxgai.bfg
secproc_isv.exe
msshell.exe
xaZYOVJW.exe
%TEMP%
OmaSG21e.exe
dqnbdq7.dss
mplayer2.exe
svchost.exe
bf8h8d02hf.exe
%APPDATA%\Task Scheduler
m2PythonLoader.exe

Abu Dhabi Police GHQ virus DLL's to remove:

wpbt0.dll
puozlkmyj.dll
ACEIEAddOn.dll
DLL321.dll
questscan.dll
96dddda4.dll
2084473.dll
xctqakcqbeo.dll
wlsidten.dll
yaiiwockc.dll
ex3b.dll
ieudator.dll

Abu Dhabi Police GHQ virus processes to kill:

taskhost.exe.exe
Task Scheduler.exe
dtkmujvo.exe
bvhylsviw.exe
najeoxtt.exe
csrsss.exe
zqmkrehUkpoKfsafsaZg.exe
setex.exe
Nbt.exe
msnmsgrr.exe
audipbrd.exe
WINDED6.exe
VaultSysUi.exe
dyjdl.exe
Updating.exe
b34btbztdb0vavaw.exe
mplayer2.exe
{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe
obvwo.exe
msshell.exe
C87C.exe
scvhost.exe
3511172082012Build.exe
videotwisterSA.exe
rool0_pk.exe
ifgxpers.exe
bzsbkotiu.exe
50E1.exe
DA0B.exe
pmstcdjwz.exe
pYunY8m4VL3qLc.exe
msn.exe
xaZYOVJW.exe
87b2cb3916261d5c807bf44262755cb0.exe
systemcpl.exe
sqlncli.exe
comeo.exe
idiokbbrv.exe
install_0_msi.exe
魔法桌面第三方主题破解补丁V1.1.exe
wlsidten.exe
Firewallservice.exe
00qbipeq.exe
crack.exe
rvcbcyks.exe
msdtmsrd.exe
brenasa.exe
wgsdgsdgdsgsd.exe
bf8h8d02hf.exe
msavfit.exe
WinSyncMetastore.exe
wahneaqa.exe
NTServiceManager.exe
aPr0hY9.exe
UpdatePriv.exe
Piranha.exe
svchost.exe
securitywindrv.exe
p1.exe
MusicCollector.exe
TimeDateMUICallback.exe
cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe
OmaSG21e.exe
xlqbteeb.exe
m2PythonLoader.exe
gcrwcoak.exe
JfCqQ5JC.exe
UpgradeHelper.exe
ssntvs.exe
administration.exe
oygqyunapnp.exe
acuvzomo.exe
ctfmon.exe
secproc_isv.exe
iner.exe
ubvhynpxh.exe
SyncHostps.exe
Q3d38543.exe
uenovfiu.exe
xmlfilter.exe
00b5d693.exe
Disclaimer

Comments

  1. costar Apr 23, 2013

    When I startup windows in safe mode it restarts automatically as soon as desktop screen pops,,I think format is the only option,,I reported this issue to ad police and they are aware of it already,,I bet many users have added to that hackers profit

  2. Pcthreat Apr 24, 2013

    You should try SAFE MODE with command prompt.
    After windows loads up, and shows a black window, type explorer.exe

  3. sad Oct 5, 2013

    Even safe mode with command prompt not working

  4. Vivek Oct 14, 2013

    ANSWER

    1 Just boot with any HBCD
    2.go to that user profile and open AppData folder-->local folder and delete one folder or rename 2 file.
    3.Folder like "3cghj256312" something like this.

    and restart and will get cmd promt and type explorer
    4.In Registry Editor Look for the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell-->der it will be cmd.exe change to explorer.exe dats all..

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.