Guide to Remove Latvijas Policijasis

Latvijas Policijasis an aggressively designed infection, which will lock your computer down and then will claim that that's because of watching copyrighted content and spreading malicious files. Additionally, the virus asks for a ransom of 100 euro or 50 LVL to unblock the machine and forget these crimes. However, it never does what it promises.. The greatest danger of getting infected with this ransomware threat is for those PC users who live in Latvia. However, there are many other variants of this virus, such as FBI virus or Metropolitan Police virus, that are spread in other world's countries. Please, do NOT think that police has started blocking computers down in order to make their owners pay the fines! You have to remove Latvijas Policijasis from the system without any delay.


Guide to Manually Remove Latvijas Policijas (Latvian Police)

Since this virus keeps locking your computer every time you launch the computer, so you have to remove it in the Safe Mode with Networking. Please take the steps below to manually remove this nasty threat.

1. Reboot your computer into the Safe Mode with Networking.

Reboot your compromised computer and press the key F8 couple times while it starts loading. Select the “Safe Mode with Networking” option as you see the Windows Advanced Options Menu screen. Press Enter to proceed.


2. Stop processes related to the virus in Windows Task Manger.

Press the keys CTRL+ALT+DEL or CTRL+SHIFT+ESC together to open the Windows Task Manager. Select the tab of “Processes”, search for and stop the malicious processes related to the virus.

3. Locate and delete the registry entries injected by Latvijas Policijas (Latvian Police).

Open the Registry Editor (Go to Start > Run > type “regedit” > press Enter, locate the malicious registry entries listed below and then delete all of them from your computer.


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “[random].exe”
HKEY_CURRENT-USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe

4. Search for and delete the files associated with the virus.

Open the C drive and locate the files in the following and delete them all.

%Windows%\system32\[random].exe
%Documents and Settings%\[UserName]\Desktop\[random].lnk
%Documents and Settings%\[UserName]\Application Data\[random].exe

5. Reboot your computer into the normal mode to complete the changes.