Association Canadienne des Policiers virus Removal Guide

Threat Level:
9/10
Rate this Article:
Comments (0)
Article Views: 2800
Category: Malware

If you think that the Canadian Police have no business investigating your online activity, you will be shocked to find a truly intimidating notification sent by the Association Canadienne des Policiers virus. All information presented to you through this alert is bogus; however, the professionally developed interface and intimidating credentials attached to the warning have already helped schemers fool thousands of Windows users. You should not allow cyber crooks fool you too, and if you apply Association Canadienne des Policiers virus removal tips presented in the report, soon enough you will be able to run your PC ordinarily.

The virus that misleadingly uses the CPA ACP logo has been discovered to travel through the security backdoors exposed by ransom Trojans, and it can be spread into Windows systems using drive-by download protocols. Once Association Canadienne des Policiers virus is activated within your computer, you will notice extremely irritating system functionality disturbances. In the worst case scenario, your system will be locked and all of your administrative privileges will be removed. This is caused to make you desperate for a quick fix. If you pay attention to the seemingly intimidating alert, you might start thinking that you will restore your system only after you pay a 100 dollar fine. Here is what you will be forced to believe in:

Your computer is locked! […]
1. Your computer has been used to view banned Web sites
2. Your computer has been used to view Web sites containing child pornography.
3. Your computer has been used to illegal information, software.
4. Your computer has been used for storing / viewing pirated content. […]
According to “Information Security and Control Act 2012”, you are required to pay a fine of 100 Canadian dollars.

The presented Information Security and Control Act 2012 does not enable governmental agencies and Police departments to lock down systems and demand fine payments made through Ukash or Paysafecard. These systems are completely legitimate but do not require identification, which is why they would never be linked to any law enforcement departments. What is more, these money transfer systems have been used by schemers who have developed the infamous Cuerpo Nacional de Policía virus, Polizei österreich Virus, Dutch Police Virus and a number of other so-called Ukash viruses.

It is clear that you need to delete Association Canadienne des Policiers virus; however, if you think you will be able to succeed with manual removal, we remind you that the infection could be running alongside other PC infections. Do not risk the integrity of your operating Windows system and implement automatic removal tools to delete the virus. Here is how you can do it:

  1. Restart the PC.
  2. After the BIOS screen (information about Windows) goes way, immediately start tapping F8 for Boot Options menu to appear.
  3. Using arrow keys select Safe Mode with Networking.
  4. Launch a browser and type http://www.411-spyware.com/download-sph into the address box at the top of the home page.
  5. Follow the given instructions to download and install SpyHunter which will remove Association Canadienne des Policiers virus right away.

Instructions for Windows XP users:

  1. Restart the PC and wait for the BIOS screen to disappear.
  2. Promptly start hitting the F8 button on the keyboard.
  3. Using arrow keys on the keyboard select Safe Mode with Networking. Hit Enter.
  4. When “Desktop” alert shows up, click Yes and Windows Advanced Options Menu will be presented on your screen.
  5. Click on the Start menu.
  6. Launch RUN and enter “msconfig”.
  7. Click OK.
  8. When System Configuration Utility appears, click on the Startup tab.
  9. Hit the Disable All button and click Apply.
  10. Download SpyHunter.
  11. Restart the computer.
  12. Install the automatic virus removal and system protection application.
Download Remover for Association Canadienne des Policiers virus *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Association Canadienne des Policiers virus technical info for manual removal:

Files Modified/Created on the system:

# File Name File Size (Bytes) File Hash
1rool0_pk.exe134144 bytesMD5: a363c25160f5bb09bdaee0e03d85278c
2zqmkrehUkpoKfsafsaZg.exe33012 bytesMD5: 461caa595d898e273656853c337d81c4
3UpgradeHelper.exe289792 bytesMD5: 70f2dfab3a93558fec4dbc2d4b9d8a31
4MWSBAR.DLL376901 bytesMD5: 8d23a39be47954dc43fcbb0114ce2a55
5oygqyunapnp.exe78336 bytesMD5: acdd61209ba5a132915c565f669b0d81
687b2cb3916261d5c807bf44262755cb0.exe349184 bytesMD5: f8717683a44fcfef00aed80e8332547b
7jsdhlexdqkllnbcxgai.bfg143360 bytesMD5: 180f37b1ff8268ac2b95beee6989aba2
8bvhylsviw.exe98560 bytesMD5: 4b1c6c2aabc0314f7558151834b63717
93511172082012Build.exe297984 bytesMD5: 835c431d44e546ac46f899466acff0e1
10%WINDIR%\system32
11DA0B.exe61440 bytesMD5: 15279561b4232d0600f4cede0d7de174
12ex3b.dll1792000 bytesMD5: 992d5e68d52b908e744f0ea1db1deb89
13wahneaqa.exe102912 bytesMD5: dfd58427f8741b480eae4d9535a1e5f3
14msdtmsrd.exe224256 bytesMD5: acf3959bb985b616f9b221ae15d252eb
15%APPDATA%\Task Scheduler
16crack.exe306176 bytesMD5: ab5af9b01941bff73068abf9c7def3bd
17JfCqQ5JC.exe270336 bytesMD5: 023829e50c93205ac81dd27009762620
18%WINDIR%\Temp
19xmlfilter.exe115200 bytesMD5: 0ecf7e220a38e4fd86a5d67e8ce7c88a
20ieudator.dll55808 bytesMD5: bfe953f0f96438290914369a7797cf84
21puozlkmyj.dll356352 bytesMD5: a36b0b1c2a6c4ad06418ab137b62ee6c
2200b5d693.exe282112 bytesMD5: 4dd835b5b72613c8f7fa71aed486b6c7
2350E1.exe340992 bytesMD5: 0e337ac9e0242482503a3c31559ed661
24ifgxpers.exe331648 bytesMD5: 4765da2ba43a0ce9206d29c4c7aa76b6
25%APPDATA%\updates
26TimeDateMUICallback.exe87552 bytesMD5: 2d108d8f3d914658f74768a8eb120dde
27jucheck.dll212992 bytesMD5: afd39fda07129ea22b7963b77c58ff53
28%ALLUSERSPROFILE%\Application Data
29xaZYOVJW.exe133632 bytesMD5: 4382872727fc8c0996fa315c599ecdf0
30flashplayer.dll186456 bytesMD5: c92c7c8c57363a2996d0ceb731cef6ba
31%LOCALAPPDATA%\lollipop
32cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe462336 bytesMD5: 0e3308e36ca702faf42e929a9d0b5c47
33acuvzomo.exe61440 bytesMD5: 64d6b4385310293e6ca81631c1652d59
34Nbt.exe643072 bytesMD5: 90f72d0a2cc6956c07c46b47f6a3d40e
35NTServiceManager.exe666624 bytesMD5: 8e931cb28a92d7ee1a7f146b7f6c4664
36questscan.dll1019904 bytesMD5: 0965f3611e919838ad794fcf11db43cf
37yaiiwockc.dll483328 bytesMD5: 9460de1c3485d5f3cc9f5fa1d4a09708
38b34btbztdb0vavaw.exe149504 bytesMD5: 6d5b32abb27fc4bc837a77c21a66813b
39mplayer2.exe403456 bytesMD5: a01f673216f9a83cb352028319809f2f
40%ALLUSERSPROFILE%
41setex.exe38759 bytesMD5: 01da942199a8e606a09889a23f7d27b5
42p1.exe95244 bytesMD5: 5494478b81b9617fe10bbe5d12adb22d
43skype.dat65024 bytesMD5: 13985f6b7ca5c771b28dbf42aef80984
44pYunY8m4VL3qLc.exe286822 bytesMD5: 3415bcb9153afa1e0c1400b2f7fa1335
45secproc_isv.exe108544 bytesMD5: 25595c5104cafc7c667c73d1e2c74447
46gcrwcoak.exe108544 bytesMD5: 095507587859038b638fe1c0d6c0c74c
47DLL321.dll191712 bytesMD5: bd6c2627b0f2e007d371f71edc0762a4
48Updating.exe1517520 bytesMD5: e5d532e96f42229d89993da562fbb5b4
49UpdatePriv.exe65536 bytesMD5: a29c0d8665033ec58739bebd1693727e
50WINDED6.exe126464 bytesMD5: 77c854a9e5b39829d2ffc15767106ad9
51ACEIEAddOn.dll204800 bytesMD5: f42778c8d316a0e2f45844f8051242ff
52%CommonProgramFiles%
53msnmsgrr.exe1427968 bytesMD5: 49300637db06b13f0bc0ee3b742e6399
54%LOCALAPPDATA%\Temp
55ubvhynpxh.exe223744 bytesMD5: 3679444e7921794b3754ffb8ca80916b
56rvcbcyks.exe103424 bytesMD5: e63bdd7e5eb894ca59900f155ad62158
57wjthvwjb.dss221184 bytesMD5: 9f2da2fd4fe9713d74acf0eb8fad8dc3
58comeo.exe3581440 bytesMD5: 17b063d029da62b8afc715880c0ae047
59%APPDATA%\system
60brenasa.exe45056 bytesMD5: a626c9a877af7d078e67be021a5baf28
61Firewallservice.exe423424 bytesMD5: 8f4305c63693259f648f33c59370978c
62Piranha.exe449161 bytesMD5: eb0f419c0a98b065271effae67c4920f
63n.46592 bytesMD5: 61a29236fee6568908a9bc629b8ada22
64najeoxtt.exe105984 bytesMD5: d0761e37cdef392ee249e24c84f0a66c
65xlqbteeb.exe64512 bytesMD5: 5f2861537c90cd2d3ec9620e67b91de7
66obvwo.exe129024 bytesMD5: e5893ac27c4ee6817f380e3607a3664c
67%TEMP%
68administration.exe5242880 bytesMD5: f3e4e59a27b1ed11ebf0330b02b408f7
69%SystemDrive%\????????????
70OmaSG21e.exe107520 bytesMD5: 27baf21f123fe80b8e0bf2a3d0a9c91e
7100qbipeq.exe108032 bytesMD5: b46bec93ed0cbf470b7a4e5421c30655
72%AppData%
73hwj3ba6j.dss176640 bytesMD5: 54f1a99f7cb18ed47756bb22e1681766
74uenovfiu.exe100864 bytesMD5: 47ebbd7f529d71b8eac53b7ca0f7eeaa
75videotwisterSA.exe746496 bytesMD5: a72b74832ff54293504f3c1b441db398
76scvhost.exe231936 bytesMD5: 2dc8b92985e96aabc9ab0937f1018ff7
77Task Scheduler.exe122368 bytesMD5: b923b9094635464cb81a245716d2d932
78WinSyncMetastore.exe83456 bytesMD5: b7614742cc2adf0264a038267d35a78a
79Q3d38543.exe33280 bytesMD5: 67f05820f38cf6ce319d92b55bae0956
80opera.dll192232 bytesMD5: 02f0e5b598be8c2ceabb17a965e6e67c
81Other.res70656 bytesMD5: 2122654109b372638bca24f780ea1921
82sqlncli.exe75264 bytesMD5: 1b8b3b51d8b52bed7a7bc0b05bdafbcb
83VaultSysUi.exe62464 bytesMD5: e6922b3d1e2a74fa8620c4e004224a71
84C87C.exe79360 bytesMD5: efe25f747cdc17ebebc22604c4cdd209
85ctfmon.exe9216 bytesMD5: d6d5126353edcb1f91aa210c3742de01
86msqjrothu.pif35800 bytesMD5: 414a57fdd1a951035df9c09614ee8623
87idiokbbrv.exe98448 bytesMD5: 3cd07724cf408fc515a711042d4a0524
88dqnbdq7.dss175616 bytesMD5: 6514a485b26fcca011121f42f188d3b2
892084473.dll92672 bytesMD5: 4b53eef2de438858d7cc1360feb3c6c2
90taskhost.exe.exe15872 bytesMD5: 8cdc3a6a50af07cbdc4a1193e45f8721
91SyncHostps.exe94208 bytesMD5: 286f4c7e06c1c467e58426b916985567
92%UserProfile%
93dyjdl.exe194560 bytesMD5: 5b94a572fd15f5416c4a88d02f406189
94systemcpl.exe100352 bytesMD5: de7c781205d31f58a04d5acd13ff977d
95MusicCollector.exe6901936 bytesMD5: 42d5f1c904eae88de63cabeaa6a4bf50
96msshell.exe18432 bytesMD5: 0e9e0b2092e1c643f103d93f4a04b82a
9796dddda4.dll3303936 bytesMD5: 522cb91f694f6866568b91b7a11f5802
98m2PythonLoader.exe135680 bytesMD5: d8dab211e0db20f00118f25ad64be90c
99wlsidten.exe111616 bytesMD5: 1f2052c6529cd8a76a20ce858f080e68
100install_0_msi.exe118272 bytesMD5: 68f337adbfbdaad81faa7ea3ec22da0b
101svchost.exe417792 bytesMD5: 805c3831ce41e9f7123398409d6b5c40
102iner.exe674816 bytesMD5: 6b485eb86c32deca15b26e47e66a94e7
103pmstcdjwz.exe97344 bytesMD5: dc30b025294d0ed58a16141e64942ff7
104csrsss.exe83928 bytesMD5: c41898f24d84a4ada9fe9b71e94ccd64
105wgsdgsdgdsgsd.exe144896 bytesMD5: 3a8e4b69add412fd66d11c7ace416421
106wpbt0.dll225280 bytesMD5: 3dfd93b751a0f9168739a7e668d14023
107wlsidten.dll155648 bytesMD5: 26ca88d3fc9175797365a8553eb6948d
108msn.exe675840 bytesMD5: a403f9d53ad6a07073c9236842dd865e
109魔法桌面第三方主题破解补丁V1.1.exe188416 bytesMD5: 5252ca014813b18c517ff44951628329
110securitywindrv.exe34816 bytesMD5: 0da8705f12382804c87d20ee58a4674c
111bzsbkotiu.exe233472 bytesMD5: 35180a38939fe1b4368d804ae25e5a57
112aPr0hY9.exe45558 bytesMD5: 100b8f04f2bff5c49052173dc231eea1
113dtkmujvo.exe87040 bytesMD5: b8d2f2fb25bc89994c96079e6079a3ec
114ssntvs.exe103415 bytesMD5: 863c2d694dc3cf82711420aa089e16e4

Files in the following directories were modified:

  • %WINDIR%
  • %APPDATA%
  • %ALLUSERSPROFILE%
  • %LOCALAPPDATA%
  • %SystemDrive%

Memory Processes Created:

# Process Name Process Filename Main module size
1rool0_pk.exerool0_pk.exe134144 bytes
2zqmkrehUkpoKfsafsaZg.exezqmkrehUkpoKfsafsaZg.exe33012 bytes
3UpgradeHelper.exeUpgradeHelper.exe289792 bytes
4oygqyunapnp.exeoygqyunapnp.exe78336 bytes
587b2cb3916261d5c807bf44262755cb0.exe87b2cb3916261d5c807bf44262755cb0.exe349184 bytes
6bvhylsviw.exebvhylsviw.exe98560 bytes
73511172082012Build.exe3511172082012Build.exe297984 bytes
8DA0B.exeDA0B.exe61440 bytes
9wahneaqa.exewahneaqa.exe102912 bytes
10msdtmsrd.exemsdtmsrd.exe224256 bytes
11crack.execrack.exe306176 bytes
12JfCqQ5JC.exeJfCqQ5JC.exe270336 bytes
13xmlfilter.exexmlfilter.exe115200 bytes
1400b5d693.exe00b5d693.exe282112 bytes
1550E1.exe50E1.exe340992 bytes
16ifgxpers.exeifgxpers.exe331648 bytes
17TimeDateMUICallback.exeTimeDateMUICallback.exe87552 bytes
18xaZYOVJW.exexaZYOVJW.exe133632 bytes
19cf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.execf6640a77ed4926a4c6be661ab93def9d13408753dd07e8d02836996a2f247b6.exe462336 bytes
20acuvzomo.exeacuvzomo.exe61440 bytes
21Nbt.exeNbt.exe643072 bytes
22NTServiceManager.exeNTServiceManager.exe666624 bytes
23b34btbztdb0vavaw.exeb34btbztdb0vavaw.exe149504 bytes
24mplayer2.exemplayer2.exe403456 bytes
25setex.exesetex.exe38759 bytes
26p1.exep1.exe95244 bytes
27pYunY8m4VL3qLc.exepYunY8m4VL3qLc.exe286822 bytes
28secproc_isv.exesecproc_isv.exe108544 bytes
29gcrwcoak.exegcrwcoak.exe108544 bytes
30Updating.exeUpdating.exe1517520 bytes
31UpdatePriv.exeUpdatePriv.exe65536 bytes
32WINDED6.exeWINDED6.exe126464 bytes
33msnmsgrr.exemsnmsgrr.exe1427968 bytes
34ubvhynpxh.exeubvhynpxh.exe223744 bytes
35rvcbcyks.exervcbcyks.exe103424 bytes
36comeo.execomeo.exe3581440 bytes
37brenasa.exebrenasa.exe45056 bytes
38Firewallservice.exeFirewallservice.exe423424 bytes
39Piranha.exePiranha.exe449161 bytes
40najeoxtt.exenajeoxtt.exe105984 bytes
41xlqbteeb.exexlqbteeb.exe64512 bytes
42obvwo.exeobvwo.exe129024 bytes
43administration.exeadministration.exe5242880 bytes
44OmaSG21e.exeOmaSG21e.exe107520 bytes
4500qbipeq.exe00qbipeq.exe108032 bytes
46uenovfiu.exeuenovfiu.exe100864 bytes
47videotwisterSA.exevideotwisterSA.exe746496 bytes
48scvhost.exescvhost.exe231936 bytes
49Task Scheduler.exeTask Scheduler.exe122368 bytes
50WinSyncMetastore.exeWinSyncMetastore.exe83456 bytes
51Q3d38543.exeQ3d38543.exe33280 bytes
52sqlncli.exesqlncli.exe75264 bytes
53VaultSysUi.exeVaultSysUi.exe62464 bytes
54C87C.exeC87C.exe79360 bytes
55ctfmon.exectfmon.exe9216 bytes
56idiokbbrv.exeidiokbbrv.exe98448 bytes
57taskhost.exe.exetaskhost.exe.exe15872 bytes
58SyncHostps.exeSyncHostps.exe94208 bytes
59dyjdl.exedyjdl.exe194560 bytes
60systemcpl.exesystemcpl.exe100352 bytes
61MusicCollector.exeMusicCollector.exe6901936 bytes
62msshell.exemsshell.exe18432 bytes
63m2PythonLoader.exem2PythonLoader.exe135680 bytes
64wlsidten.exewlsidten.exe111616 bytes
65install_0_msi.exeinstall_0_msi.exe118272 bytes
66svchost.exesvchost.exe417792 bytes
67iner.exeiner.exe674816 bytes
68pmstcdjwz.exepmstcdjwz.exe97344 bytes
69csrsss.execsrsss.exe83928 bytes
70wgsdgsdgdsgsd.exewgsdgsdgdsgsd.exe144896 bytes
71msn.exemsn.exe675840 bytes
72魔法桌面第三方主题破解补丁V1.1.exe魔法桌面第三方主题破解补丁V1.1.exe188416 bytes
73securitywindrv.exesecuritywindrv.exe34816 bytes
74bzsbkotiu.exebzsbkotiu.exe233472 bytes
75aPr0hY9.exeaPr0hY9.exe45558 bytes
76dtkmujvo.exedtkmujvo.exe87040 bytes
77ssntvs.exessntvs.exe103415 bytes

Reply

Your email address will not be published.

Name
Website
Comment

Enter the numbers in the box to the right *