Association Canadienne des Policiers virus Removal Guide

Threat Level:
9/10
Rate this Article:
Comments (0)
Article Views: 4459
Category: Malware

If you think that the Canadian Police have no business investigating your online activity, you will be shocked to find a truly intimidating notification sent by the Association Canadienne des Policiers virus. All information presented to you through this alert is bogus; however, the professionally developed interface and intimidating credentials attached to the warning have already helped schemers fool thousands of Windows users. You should not allow cyber crooks fool you too, and if you apply Association Canadienne des Policiers virus removal tips presented in the report, soon enough you will be able to run your PC ordinarily.

The virus that misleadingly uses the CPA ACP logo has been discovered to travel through the security backdoors exposed by ransom Trojans, and it can be spread into Windows systems using drive-by download protocols. Once Association Canadienne des Policiers virus is activated within your computer, you will notice extremely irritating system functionality disturbances. In the worst case scenario, your system will be locked and all of your administrative privileges will be removed. This is caused to make you desperate for a quick fix. If you pay attention to the seemingly intimidating alert, you might start thinking that you will restore your system only after you pay a 100 dollar fine. Here is what you will be forced to believe in:

Your computer is locked! […]
1. Your computer has been used to view banned Web sites
2. Your computer has been used to view Web sites containing child pornography.
3. Your computer has been used to illegal information, software.
4. Your computer has been used for storing / viewing pirated content. […]
According to “Information Security and Control Act 2012”, you are required to pay a fine of 100 Canadian dollars.

The presented Information Security and Control Act 2012 does not enable governmental agencies and Police departments to lock down systems and demand fine payments made through Ukash or Paysafecard. These systems are completely legitimate but do not require identification, which is why they would never be linked to any law enforcement departments. What is more, these money transfer systems have been used by schemers who have developed the infamous Cuerpo Nacional de Policía virus, Polizei österreich Virus, Dutch Police Virus and a number of other so-called Ukash viruses.

It is clear that you need to delete Association Canadienne des Policiers virus; however, if you think you will be able to succeed with manual removal, we remind you that the infection could be running alongside other PC infections. Do not risk the integrity of your operating Windows system and implement automatic removal tools to delete the virus. Here is how you can do it:

  1. Restart the PC.
  2. After the BIOS screen (information about Windows) goes way, immediately start tapping F8 for Boot Options menu to appear.
  3. Using arrow keys select Safe Mode with Networking.
  4. Launch a browser and type http://www.411-spyware.com/download-sph into the address box at the top of the home page.
  5. Follow the given instructions to download and install SpyHunter which will remove Association Canadienne des Policiers virus right away.

Instructions for Windows XP users:

  1. Restart the PC and wait for the BIOS screen to disappear.
  2. Promptly start hitting the F8 button on the keyboard.
  3. Using arrow keys on the keyboard select Safe Mode with Networking. Hit Enter.
  4. When “Desktop” alert shows up, click Yes and Windows Advanced Options Menu will be presented on your screen.
  5. Click on the Start menu.
  6. Launch RUN and enter “msconfig”.
  7. Click OK.
  8. When System Configuration Utility appears, click on the Startup tab.
  9. Hit the Disable All button and click Apply.
  10. Download SpyHunter.
  11. Restart the computer.
  12. Install the automatic virus removal and system protection application.
Download Remover for Association Canadienne des Policiers virus *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Association Canadienne des Policiers virus technical info for manual removal:

Files Modified/Created on the system:

# File Name File Size (Bytes) File Hash
1rvcbcyks.exe103424 bytesMD5: e63bdd7e5eb894ca59900f155ad62158
287b2cb3916261d5c807bf44262755cb0.exe349184 bytesMD5: f8717683a44fcfef00aed80e8332547b
3msdtmsrd.exe224256 bytesMD5: acf3959bb985b616f9b221ae15d252eb
4xmlfilter.exe115200 bytesMD5: 0ecf7e220a38e4fd86a5d67e8ce7c88a
5puozlkmyj.dll356352 bytesMD5: a36b0b1c2a6c4ad06418ab137b62ee6c
6Updating.exe1517520 bytesMD5: e5d532e96f42229d89993da562fbb5b4
7idiokbbrv.exe98448 bytesMD5: 3cd07724cf408fc515a711042d4a0524
850E1.exe340992 bytesMD5: 0e337ac9e0242482503a3c31559ed661
9najeoxtt.exe105984 bytesMD5: d0761e37cdef392ee249e24c84f0a66c
10WinSyncMetastore.exe83456 bytesMD5: b7614742cc2adf0264a038267d35a78a
11Other.res70656 bytesMD5: 2122654109b372638bca24f780ea1921
12%AppData%
13dtkmujvo.exe87040 bytesMD5: b8d2f2fb25bc89994c96079e6079a3ec
14cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe462336 bytesMD5: 0e3308e36ca702faf42e929a9d0b5c47
15questscan.dll1019904 bytesMD5: 0965f3611e919838ad794fcf11db43cf
16bzsbkotiu.exe233472 bytesMD5: 35180a38939fe1b4368d804ae25e5a57
17hwj3ba6j.dss176640 bytesMD5: 54f1a99f7cb18ed47756bb22e1681766
18ex3b.dll1792000 bytesMD5: 992d5e68d52b908e744f0ea1db1deb89
19Piranha.exe449161 bytesMD5: eb0f419c0a98b065271effae67c4920f
20Task Scheduler.exe122368 bytesMD5: b923b9094635464cb81a245716d2d932
21crack.exe306176 bytesMD5: ab5af9b01941bff73068abf9c7def3bd
22rool0_pk.exe134144 bytesMD5: a363c25160f5bb09bdaee0e03d85278c
23Nbt.exe643072 bytesMD5: 90f72d0a2cc6956c07c46b47f6a3d40e
24xctqakcqbeo.dll256000 bytesMD5: bc5906995084024aeab23bdccd0d689f
25msavfit.exe158208 bytesMD5: 9f5e6c75851b2ee4b10e3e3b783d10b7
26msn.exe675840 bytesMD5: a403f9d53ad6a07073c9236842dd865e
273511172082012Build.exe297984 bytesMD5: 835c431d44e546ac46f899466acff0e1
28csrsss.exe83928 bytesMD5: c41898f24d84a4ada9fe9b71e94ccd64
29%CommonProgramFiles%
30msshell.exe18432 bytesMD5: 0e9e0b2092e1c643f103d93f4a04b82a
31brenasa.exe45056 bytesMD5: a626c9a877af7d078e67be021a5baf28
32wahneaqa.exe102912 bytesMD5: dfd58427f8741b480eae4d9535a1e5f3
33pmstcdjwz.exe97344 bytesMD5: dc30b025294d0ed58a16141e64942ff7
34TimeDateMUICallback.exe87552 bytesMD5: 2d108d8f3d914658f74768a8eb120dde
35secproc_isv.exe108544 bytesMD5: 25595c5104cafc7c667c73d1e2c74447
36obvwo.exe129024 bytesMD5: e5893ac27c4ee6817f380e3607a3664c
37administration.exe5242880 bytesMD5: f3e4e59a27b1ed11ebf0330b02b408f7
38ACEIEAddOn.dll204800 bytesMD5: f42778c8d316a0e2f45844f8051242ff
39jsdhlexdqkllnbcxgai.bfg143360 bytesMD5: 180f37b1ff8268ac2b95beee6989aba2
40wlsidten.exe111616 bytesMD5: 1f2052c6529cd8a76a20ce858f080e68
41SyncHostps.exe94208 bytesMD5: 286f4c7e06c1c467e58426b916985567
42DLL321.dll191712 bytesMD5: bd6c2627b0f2e007d371f71edc0762a4
43taskhost.exe.exe15872 bytesMD5: 8cdc3a6a50af07cbdc4a1193e45f8721
44zqmkrehUkpoKfsafsaZg.exe33012 bytesMD5: 461caa595d898e273656853c337d81c4
45mplayer2.exe403456 bytesMD5: a01f673216f9a83cb352028319809f2f
46NTServiceManager.exe666624 bytesMD5: 8e931cb28a92d7ee1a7f146b7f6c4664
47%TEMP%
48OmaSG21e.exe107520 bytesMD5: 27baf21f123fe80b8e0bf2a3d0a9c91e
49iner.exe674816 bytesMD5: 6b485eb86c32deca15b26e47e66a94e7
50videotwisterSA.exe746496 bytesMD5: a72b74832ff54293504f3c1b441db398
51%APPDATA%\system
52UpgradeHelper.exe289792 bytesMD5: 70f2dfab3a93558fec4dbc2d4b9d8a31
53bvhylsviw.exe98560 bytesMD5: 4b1c6c2aabc0314f7558151834b63717
54ctfmon.exe9216 bytesMD5: d6d5126353edcb1f91aa210c3742de01
55comeo.exe3581440 bytesMD5: 17b063d029da62b8afc715880c0ae047
56ieudator.dll55808 bytesMD5: bfe953f0f96438290914369a7797cf84
57setex.exe38759 bytesMD5: 01da942199a8e606a09889a23f7d27b5
582084473.dll92672 bytesMD5: 4b53eef2de438858d7cc1360feb3c6c2
59install_0_msi.exe118272 bytesMD5: 68f337adbfbdaad81faa7ea3ec22da0b
60sqlncli.exe75264 bytesMD5: 1b8b3b51d8b52bed7a7bc0b05bdafbcb
61C87C.exe79360 bytesMD5: efe25f747cdc17ebebc22604c4cdd209
6296dddda4.dll3303936 bytesMD5: 522cb91f694f6866568b91b7a11f5802
63n.46592 bytesMD5: 61a29236fee6568908a9bc629b8ada22
64Q3d38543.exe33280 bytesMD5: 67f05820f38cf6ce319d92b55bae0956
65xlqbteeb.exe64512 bytesMD5: 5f2861537c90cd2d3ec9620e67b91de7
6600qbipeq.exe108032 bytesMD5: b46bec93ed0cbf470b7a4e5421c30655
67systemcpl.exe100352 bytesMD5: de7c781205d31f58a04d5acd13ff977d
68uenovfiu.exe100864 bytesMD5: 47ebbd7f529d71b8eac53b7ca0f7eeaa
69魔法桌面第三方主题破解补丁V1.1.exe188416 bytesMD5: 5252ca014813b18c517ff44951628329
70dqnbdq7.dss175616 bytesMD5: 6514a485b26fcca011121f42f188d3b2
71yaiiwockc.dll483328 bytesMD5: 9460de1c3485d5f3cc9f5fa1d4a09708
72skype.dat65024 bytesMD5: 13985f6b7ca5c771b28dbf42aef80984
73{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe293424 bytesMD5: bd5b67eac856f4fafa612067b6a8ccfd
74%WINDIR%\Temp
75svchost.exe417792 bytesMD5: 805c3831ce41e9f7123398409d6b5c40
76ssntvs.exe103415 bytesMD5: 863c2d694dc3cf82711420aa089e16e4
77%APPDATA%\updates
78m2PythonLoader.exe135680 bytesMD5: d8dab211e0db20f00118f25ad64be90c
79p1.exe95244 bytesMD5: 5494478b81b9617fe10bbe5d12adb22d
80%WINDIR%\system32
81UpdatePriv.exe65536 bytesMD5: a29c0d8665033ec58739bebd1693727e
82oygqyunapnp.exe78336 bytesMD5: acdd61209ba5a132915c565f669b0d81
83ubvhynpxh.exe223744 bytesMD5: 3679444e7921794b3754ffb8ca80916b
84audipbrd.exe347648 bytesMD5: 6ea827e7f4d182b0cb538cb5048bbdb2
85msnmsgrr.exe1427968 bytesMD5: 49300637db06b13f0bc0ee3b742e6399
86scvhost.exe231936 bytesMD5: 2dc8b92985e96aabc9ab0937f1018ff7
87%APPDATA%\Task Scheduler
88securitywindrv.exe34816 bytesMD5: 0da8705f12382804c87d20ee58a4674c
89ifgxpers.exe331648 bytesMD5: 4765da2ba43a0ce9206d29c4c7aa76b6
90DA0B.exe61440 bytesMD5: 15279561b4232d0600f4cede0d7de174
91acuvzomo.exe61440 bytesMD5: 64d6b4385310293e6ca81631c1652d59
9200b5d693.exe282112 bytesMD5: 4dd835b5b72613c8f7fa71aed486b6c7
93xaZYOVJW.exe133632 bytesMD5: 4382872727fc8c0996fa315c599ecdf0
94JfCqQ5JC.exe270336 bytesMD5: 023829e50c93205ac81dd27009762620
95wjthvwjb.dss221184 bytesMD5: 9f2da2fd4fe9713d74acf0eb8fad8dc3
96gcrwcoak.exe108544 bytesMD5: 095507587859038b638fe1c0d6c0c74c
97wlsidten.dll155648 bytesMD5: 26ca88d3fc9175797365a8553eb6948d
98b34btbztdb0vavaw.exe149504 bytesMD5: 6d5b32abb27fc4bc837a77c21a66813b
99wgsdgsdgdsgsd.exe144896 bytesMD5: 3a8e4b69add412fd66d11c7ace416421
100VaultSysUi.exe62464 bytesMD5: e6922b3d1e2a74fa8620c4e004224a71
101%ALLUSERSPROFILE%
102WINDED6.exe126464 bytesMD5: 77c854a9e5b39829d2ffc15767106ad9
103%ALLUSERSPROFILE%\Application Data
104%SystemDrive%\????????????
105%LOCALAPPDATA%\Temp
106dyjdl.exe194560 bytesMD5: 5b94a572fd15f5416c4a88d02f406189
107MusicCollector.exe6901936 bytesMD5: 42d5f1c904eae88de63cabeaa6a4bf50
108wpbt0.dll225280 bytesMD5: 3dfd93b751a0f9168739a7e668d14023
109%LOCALAPPDATA%\lollipop
110aPr0hY9.exe45558 bytesMD5: 100b8f04f2bff5c49052173dc231eea1
111pYunY8m4VL3qLc.exe286822 bytesMD5: 3415bcb9153afa1e0c1400b2f7fa1335
112Firewallservice.exe423424 bytesMD5: 8f4305c63693259f648f33c59370978c
113bf8h8d02hf.exe315904 bytesMD5: 1cbe49c0ebbeefbbe9f1c1fda9eebbe6
114%UserProfile%

Files in the following directories were modified:

  • %APPDATA%
  • %WINDIR%
  • %ALLUSERSPROFILE%
  • %SystemDrive%
  • %LOCALAPPDATA%

Memory Processes Created:

# Process Name Process Filename Main module size
1rvcbcyks.exervcbcyks.exe103424 bytes
287b2cb3916261d5c807bf44262755cb0.exe87b2cb3916261d5c807bf44262755cb0.exe349184 bytes
3msdtmsrd.exemsdtmsrd.exe224256 bytes
4xmlfilter.exexmlfilter.exe115200 bytes
5Updating.exeUpdating.exe1517520 bytes
6idiokbbrv.exeidiokbbrv.exe98448 bytes
750E1.exe50E1.exe340992 bytes
8najeoxtt.exenajeoxtt.exe105984 bytes
9WinSyncMetastore.exeWinSyncMetastore.exe83456 bytes
10dtkmujvo.exedtkmujvo.exe87040 bytes
11cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.execf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe462336 bytes
12bzsbkotiu.exebzsbkotiu.exe233472 bytes
13Piranha.exePiranha.exe449161 bytes
14Task Scheduler.exeTask Scheduler.exe122368 bytes
15crack.execrack.exe306176 bytes
16rool0_pk.exerool0_pk.exe134144 bytes
17Nbt.exeNbt.exe643072 bytes
18msavfit.exemsavfit.exe158208 bytes
19msn.exemsn.exe675840 bytes
203511172082012Build.exe3511172082012Build.exe297984 bytes
21csrsss.execsrsss.exe83928 bytes
22msshell.exemsshell.exe18432 bytes
23brenasa.exebrenasa.exe45056 bytes
24wahneaqa.exewahneaqa.exe102912 bytes
25pmstcdjwz.exepmstcdjwz.exe97344 bytes
26TimeDateMUICallback.exeTimeDateMUICallback.exe87552 bytes
27secproc_isv.exesecproc_isv.exe108544 bytes
28obvwo.exeobvwo.exe129024 bytes
29administration.exeadministration.exe5242880 bytes
30wlsidten.exewlsidten.exe111616 bytes
31SyncHostps.exeSyncHostps.exe94208 bytes
32taskhost.exe.exetaskhost.exe.exe15872 bytes
33zqmkrehUkpoKfsafsaZg.exezqmkrehUkpoKfsafsaZg.exe33012 bytes
34mplayer2.exemplayer2.exe403456 bytes
35NTServiceManager.exeNTServiceManager.exe666624 bytes
36OmaSG21e.exeOmaSG21e.exe107520 bytes
37iner.exeiner.exe674816 bytes
38videotwisterSA.exevideotwisterSA.exe746496 bytes
39UpgradeHelper.exeUpgradeHelper.exe289792 bytes
40bvhylsviw.exebvhylsviw.exe98560 bytes
41ctfmon.exectfmon.exe9216 bytes
42comeo.execomeo.exe3581440 bytes
43setex.exesetex.exe38759 bytes
44install_0_msi.exeinstall_0_msi.exe118272 bytes
45sqlncli.exesqlncli.exe75264 bytes
46C87C.exeC87C.exe79360 bytes
47Q3d38543.exeQ3d38543.exe33280 bytes
48xlqbteeb.exexlqbteeb.exe64512 bytes
4900qbipeq.exe00qbipeq.exe108032 bytes
50systemcpl.exesystemcpl.exe100352 bytes
51uenovfiu.exeuenovfiu.exe100864 bytes
52魔法桌面第三方主题破解补丁V1.1.exe魔法桌面第三方主题破解补丁V1.1.exe188416 bytes
53{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe{097444e7-2d87-ba3c-2efe-9f54812d824a}.exe293424 bytes
54svchost.exesvchost.exe417792 bytes
55ssntvs.exessntvs.exe103415 bytes
56m2PythonLoader.exem2PythonLoader.exe135680 bytes
57p1.exep1.exe95244 bytes
58UpdatePriv.exeUpdatePriv.exe65536 bytes
59oygqyunapnp.exeoygqyunapnp.exe78336 bytes
60ubvhynpxh.exeubvhynpxh.exe223744 bytes
61audipbrd.exeaudipbrd.exe347648 bytes
62msnmsgrr.exemsnmsgrr.exe1427968 bytes
63scvhost.exescvhost.exe231936 bytes
64securitywindrv.exesecuritywindrv.exe34816 bytes
65ifgxpers.exeifgxpers.exe331648 bytes
66DA0B.exeDA0B.exe61440 bytes
67acuvzomo.exeacuvzomo.exe61440 bytes
6800b5d693.exe00b5d693.exe282112 bytes
69xaZYOVJW.exexaZYOVJW.exe133632 bytes
70JfCqQ5JC.exeJfCqQ5JC.exe270336 bytes
71gcrwcoak.exegcrwcoak.exe108544 bytes
72b34btbztdb0vavaw.exeb34btbztdb0vavaw.exe149504 bytes
73wgsdgsdgdsgsd.exewgsdgsdgdsgsd.exe144896 bytes
74VaultSysUi.exeVaultSysUi.exe62464 bytes
75WINDED6.exeWINDED6.exe126464 bytes
76dyjdl.exedyjdl.exe194560 bytes
77MusicCollector.exeMusicCollector.exe6901936 bytes
78aPr0hY9.exeaPr0hY9.exe45558 bytes
79pYunY8m4VL3qLc.exepYunY8m4VL3qLc.exe286822 bytes
80Firewallservice.exeFirewallservice.exe423424 bytes
81bf8h8d02hf.exebf8h8d02hf.exe315904 bytes

Reply

Your email address will not be published.

Name
Website
Comment

Enter the numbers in the box to the right *