Strathclyde Police Ukash Virus

Strathclyde Police Ukash Virus Description

ScreenshotThe Strathclyde Police Ukash Virus is a typical form of the ransomware malware scam. These kinds of scams are designed to lock your Windows operating system, preventing your access to your own desktop. Then they will only return control once you pay a certain amount. The Strathclyde Police Ukash Virus is one of the many versions of the Metropolitan Police Alert, a kind of WinLocker that is designed to target computer users in the European Union and the United Kingdom.

Strathclyde Police Ukash virus shows the following message:


Your operational system is locked as a result of Great Britain law violation!
The following violations were revealed: your IP address was detected on illegal pornographic sites including child pornography, zoophilia and violent scenes with children! Pornographic video with elements of violence and child pornography were revealed on your PC!
Illegal SPAM of terrorist orientation is also mailed from your PC. This lockout is intended to eliminate possible distribution of the above materials from your PC in the Internet.

If your computer system is displaying a malicious message from the Strathclyde Police that is not allowing you to use your computer normally, you have become infected with this malware threat. ESG security researchers strongly recommend that you ignore all claims in the Strathclyde Police Ukash Virus' message and that you instead start up your computer in Safe Mode to regain access to your desktop. Once you have done this, the Strathclyde Police Ukash Virus can be removed with a reliable anti-malware application that is fully up to date.

Understanding the Strathclyde Police Ukash Virus Scam

As was mentioned before, 2011 was a year in which multiple versions of the Strathclyde Police Ukash Virus were released. There are versions of the Strathclyde Police Ukash Virus in Italian, French, Spanish, Dutch and German, as well as other European languages. They are designed to target the population of specific countries in the European Union by claiming to come from that particular country's main police agency. According to ESG security researchers most iterations of the Strathclyde Police Ukash Virus have the following characteristics in common:

  1. All versions of the Strathclyde Police Ukash Virus will display the official logos of different police agencies in order to attempt to look authentic.
  2. All versions of the Strathclyde Police Ukash Virus will claim that your computer has been involved in illegal activities such as child pornography – never mind that it does not make sense that a one hundred Euro fine would be able to take care of charges as serious as these!
  3. All versions of the Strathclyde Police Ukash Virus demand that you pay a fine that is usually one hundred or fifty of the targeted country's currency. This payment must be done using the UKASH money transfer service.
  4. The code of the various versions of the Strathclyde Police Ukash Virus indicates that this malware infection is Ukrainian in origin, although law enforcement has not been able to apprehend the criminals behind this malware infection as of the writing of this article.

Technical Information

Registry Details

Strathclyde Police Ukash Virus creates the following registry entry or registry entries:
CurrentVersion\Winlogon\"Shell" =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe "Debugger"

One Comment

  • cell:

    Hi, I just discovered your blog via yahoo. Your post is truly pertinent to my life right now, and I'm really delighted I found your website.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.