Helping people with computers... one answer at a time.

A computer locked by cyber cops means a virus is on your machine. In this case it's ransomware and specific steps need to be taken to free the computer.

Why was my computer locked by cyber cops when I did not do anything illegal? To unlock, I'm asked for a fine of $100. How do I know that it's not a scam?

In this excerpt from Answercast #94 I look at a case where ransomware is calling itself a "Cyber Cop" and asking for money to unlock.

Computer locked by cyber cops

Well, it is a scam. There are no cyber cops and there are no people watching what you're doing and suddenly locking up your computer because they think you did something illegal.

It's a malware scam

Those people don't exist. Those are scammers; those are hackers. The entire thing has to do with getting money out of your pocket and into theirs.

What you have is a malware infection. It's nothing more, nothing less than a virus of some sort. That is then taking over your computer and presenting this misleading mail.

Removing ransomware

Unfortunately, removing it can be somewhat difficult.

My suggestion is that you run a program such as Windows Defender Offline to scan your computer for malware before it actually boots. In other words, what you do is end up booting from the DVD or the CD that's created by the Windows Defender offline installation process.

When you boot from that, you're no longer running any software from your actual PC. You're running the software that's on that CD. That, then, may give you the opportunity to go in and clean any malware that's on that machine.

Removing Cyber cops

I have heard, in at least one report, that Windows Defender Offline was able to correct this particular case of what we've come to refer to as "ransomware."

So, that's my recommendation. Treat this as a very aggressive malware infection. Use offline recovery tools to see if you can't get it cleaned up.

(Transcript lightly edited for readability.)

Article C6314 - February 17, 2013 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

9 Comments
Billy Bob
February 18, 2013 2:56 PM

I nominate this for the funniest article on the site. Cyber cops demanding a fine? I am actually laughing out loud.

Carrie
February 19, 2013 8:28 AM

Few months ago I had the ransomware virus, all of a sudden a page comes up saying the FBI has locked your computer, and you have to pay a fine to unlock it (note: in my research on this, I learned they don't fix it if you pay, just steal your credit/debit informaion) Good I had another computer I could look things up on. I used many different virus scans, but first of all, couldn't get into the infected computer because the locked page would come up each time I started. In my looking this up, I noticed somewhere it said "disconnect from the internet" (I think this might be good to do anyway, if we suspect we have a virus). This was a key step, it couldn't send the command to the websit that was putting up the page and locking it. It didn't get rid of it, but I could then use the computer to run scans. Not sure just what worked, I ran a lot of them, but it was finally gone. Also, various places said the manual way of getting rid of it, what files to look for, etc. I'm not an expert, but not a beginner either, and it took me 2 days to get it out. I'm thinking if it's not a hassle, reinstalling Windows might be a solution. But, wanted to pass on the info about disconnecting from the internet first.

Harold
February 19, 2013 9:33 AM

I repaired 3 of my friends PC,s. restart in fail safe mode,(have a USB key with malwarebytes on it or another ) it will detect the scareware ,and remove it.then you restart normally and you,ll be running fine.it worked 3 times for me so good luck....

john
February 19, 2013 11:13 AM

I CAN'T OPEN MY EMAIL A MESSAGE COME UP THAT STYATES THE NO PROGRAN ASSOCIATED WITH IT CREATE AM ASSOCIATION IN THE CONTROLL PANEL HOW DO I DO THIS I WOULD NOT EVEN KNOW WHERE TO START

Dane
February 19, 2013 11:30 AM

My machine was afflicted with the same or a similar scam. But in my case, removing the installed malware was relatively easy. Just boot into safe mode (by pressing F8 when the Windows Logo appears during booting up). Then use System Restore which is found under Start/All Programs/Accessories/System Tools/System Restore. If you try this, be aware that this could take a very long time to run, but just let the process chug along and with a little luck your problem will be solved.

If the system does seem to be restored and in working order, a virus scan would also be appropriate. Still, system backups are very important, but this solution may save some folks a lot of time and trouble. Cheers!

Al Taylor
February 19, 2013 12:20 PM

Just yesterday I tried to remove "Cybercops" for a neighbor by using Wndows Defender Offline (bran new - fully updated) and it couldn't find it or fix it.

I finally removed it by doing a system restore and scanning with Malwarebytes.

Mark J
February 19, 2013 3:02 PM

@John
The problem you are talking about sounds like it might be what's discussed in this article.
This file does not have a program associated with it - what does this mean and what do I do?

Terry Hollett
February 19, 2013 3:31 PM

I've dealt with these problems a few times over the years: http://hitanykey.webs.com/removefake.htm#Fix .EXE Association

Phil Southall
February 21, 2013 3:50 AM

I had this problem and could not use the menu to shut down my laptop, in the end i did control alt delete to shut down then rebooted in safe mode and did a system restore and then a virus scan with security essentials and avast. No more problems after that.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.