Got the Police Pro Virus? Here's How to Fix It

NOTE: This may not be the appropriate forums for this topic. However this website is a huge wealth of information and comes up on quite a majority of google topics. Especially those topics with people requesting help. If I post this here I believe I'll be able to help many people. Anyways...

So today I stepped into a pile of @#%@ called the Police Pro Virus. Its a virus that can auto install on your computer without consent VIA random websites. The virus disables you from opening any Exe's. Whenever you to open an EXE you get an error window pop that says "Debug error [97]". This virus when first initialized prompts you to purchase the police pro software to fix your system. If you purchase the software your system does not get fixed and you are out $53.

After I got this virus I realized my laptop was screwed. Luckily I was able to get onto my girlfriend's laptop and started looking for solutions. Unfortunately most solutions suggest using an antiSpyware or antivirus program to remove the virus. All of these solutions are recommended by people who have obviously never encountered the virus as it DISABLES you from running ANY EXE. So that's unfortunately not an option.

I did however find a list of files associated with the virus. This gave me some ideas. But before I tried those ideas I had to of course try the obvious, system restore.

I was just having a horrible day. Due to a lot of revamping my computer with uninstalls and updates today, my last system restore point saved on my computer was about an hour before the virus kicked in. That was not early enough, after restoring to that point I found out that the virus was still present. Time to try out those ideas I came up with.

I got on a blog and started typing away on this laptop as I fiddled with my infected one. Here is what I came up with....

...

(This is a blog I typed so its typed in an interesting point of view, but you should be able to follow it...)

Anyways for those of you in the same boat as me, I'm going to try this idea more manual approach that just kind of came to me.

Earlier I mentioned finding the files associated with this virus. If you keep reading on, I'll list them for you. I'm doing an advanced search for each of these files on my system. With the advanced search make sure you have the box checked to include hidden and system files. I've found most of them and I'm deleting them. Some of them don't allow you to delete them because they are in use, but I can effectively disable them by renaming them with a nonexistent file extension.

To do this you need to make sure you can see the file extensions on the files on your computer. You can do this in under Control Panel > Folder options (just search 'folder options' in the search bar once you open control panel). The nice thing about this, is you don't have to open any exe's with this approach. That's the virus' main weapon. We can hopefully fight it with this approach...moving on though...

So an example of what I'm doing is searching for a file like WindowsPolice.exe and changing it to WindowsPolice.asdfjasiodfj. This way whatever program is executing this file on startup won't recognize the file and the virus will fail to initialize.

After you have done this for every file I've listed below, restart your machine and then do the search over again, but this time delete the files. They won't be running and you'll be able to delete them instead of getting the error message that doesn't allow you to delete them. I hope this helps.

Here are all the files I had to delete or change extension names for:

Window Police Pro Shortcut (deleted)
Windows Police Pro.exe (extension changed)
dddesot.dll (deleted)
desote.exe (extension changed)
svchasts.exe (extension changed)
msvcm80.dll (there A LOT of these I didn't touch them)
Windows Police Pro Folders (deleted after reboot)


BTW I'm typing this as I'm doing it... rebooting my computer for the first time now to see if it worked! (I'm on a second laptop of mine typing this out)

Ok so the virus still started up on reboot but not all the files have been deleted yet. Upon my second round of searching all these files again I'm successfully able to delete all the files that I changed the extension for. I'm deleting those files. NOTE I did not change any of the extensions on the msvcm80.dll files or delete any. I'm not 100% sure they are associated with the virus.

AWESOME-NESS! After deleting those files I am now able to run exe's! I haven't rebooted yet. I'm going to to download a program called STOPzilla (recommended by VirusRemovalGuru.com for this virus). Once I install and run that program the virus will be off my computer. IF ANYONE FOLLOWS THESE DIRECTION YOU WILL BE ABLE TO BEAT THIS VIRUS! Feel free to send me questions at [email protected] Cookies milk will be widely excepted ^_^

Malwarebytes actually does a much better job that STOPzilla. You can read up on it or download it here:
http://download.cnet.com/Malwarebytes-Anti-Malware/3640-8022_4-11091568.html?tag=uo;uo

P.S. When you run Stopzilla or any other antimalware program or antivirus to get rid of the rest of the scraps of this virus you need to Right-Click the exe and click "run as adminastrator"

It's 5am and I'm low on sleep. Blogging right now is probably not my strong-suit.

/Discuss

 

Too late to reply, so I'll link you to my thread, as I think it contains relevant information for getting the .exe's going as well: http://forum.notebookreview.com/showthread.php?t=413909