Type: Trojan

The Trojan is associated with a variety of ransomware that manifests itself as a message from 'La Policia ESPAÑOLA', or the Spanish Police. This malware threat is related to similar ransomeware scams involving the Metropolitan Police or the "Bundespolizei". The Trojan is the underlying cause of these annoying messages. These messages usually involve blocking the infected computer completely, until the victim pays the fake police's "fine." ESG malware analysts recommend ignoring anything that is contained in the message displayed by the Trojan. There are ways of removing the message from the fake police and its associated Trojan, without any need of spending the 100 Euros in the demanded fine. Using an anti-malware program to remove the Trojan will usually get rid of the fake Spanish Police ransomware.

How the Trojan Scam Works

The scam usually involves displaying a highly realistic-looking message that claims that the infected computer has been involved in illegal activities. This message is all the more convincing, because of its use of the Spanish Police crest and because it displays easily-obtainable information, like the infected computer's IP address and operating system. The criminals behind this scam will usually demand the payment of a 100 Euro fine through UKash. If the problem stopped at a simple annoying message, this scam would be a non-issue. However, also has the ability to block your access to your computer system completely. Below, ESG security researchers have listed a few ways in which the Trojan can block your computer system:

  1. has the ability to prevent you from accessing your desktop, start menu or any application on your computer.
  2. blocks access to the Task Manager, preventing you from simply using the control, alt, delete combination of keys to shut down the message from the Fake Spanish Police.
  3. also blocks access to the Internet or to any security programs that may be present on the infected computer.

The message that results from the Trojan also threatens to erase all files on the infected computer within 24 hours, unless the fine is payed. ESG malware analysts recommend ignoring this warning. The Trojan has no way of deleting your files. To bypass the Trojan's complete hold over your computer system, ESG malware analysts recommend starting up your computer system in Safe Mode or from a different source (like a CD or an external drive.)

Technical Information

Registry Details creates the following registry entry or registry entries:
Registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell =

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.