Remove BUNDESPOLIZEI virus (Removal Instructions)

Photo of author

Written by: Stelian

Published on:

The BUNDESPOLIZEI Ukash Ransom alert is a computer virus (Trojan Ransomware) that has locked your machine, and posing as an official notice from a law enforcement agency, claims that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.
In reality, the BUNDESPOLIZEI notification is a scam, and this alert is only used to scare you into paying for a 100 Euro non-existing fine via PaySafeCard or Ukash.
If you’ve got a BUNDESPOLIZEI virus , you’ll be seeing this screens :
BUNDESPOLIZEI alert

BUNDESPOLIZEI ransom

BUNDESPOLIZEI. Es ist die ungesetzliche Tätigkeit enthüllt
The bogus BUNDESPOLIZEI notification will dispay the following message:

Achtung!!!
Ein Vorgang illegaler Aktivitäten wurde erkannt.
Das Betriebssystem wurde im Zusammenhang mit Versto?en gegen die Gesetze der Bundesrepublik Deutschland gesperrt! Es wurde folgender Verto? festegestellt: Ihre IP Adresse lautet “87.244.147.69″ mit dieser IP wurden Seiten mit pornografischen Inhalten .Kinderpornographie, Sodomie und Gewalt gegen Kinder aufgerufen Auf Ihrem Computer wurden ebenfalls Videodateien mit pornografischen Inhalten. Elementen von Gewalt und Kinderpornografie festgestellt! Es wurden auch Emails in Form von Spam,mit terroristischen Hintergründen, verschickt. Diese Sperre des Computers dient dazu, Ihre illegalen
Aktivitäten zu unterbinden.
Um die Sperre des Computers aufzuheben, sind Sie dazu verflichtet eine Strafe von 100 Euro zu zahlen.Sie haben zwei Möglichkeiten die Zahlung von 100 Euro zu leisten.
1) Die Zahlung per Ukash begleichen:
Dazu geben Sie bitte den erworbenen Code in das Zahlungsfeld ein und drücken Sie anschliessend auf OK (haben Sie mehrere Codes,so geben Sie Diese einfach nacheinander ein und drücken Sie
anschliessend auf OK)
Sollte das System Fehler melden,so müssen Sie den Code per Email (info@stopkriminal.net)
versenden.
2) Die Zahlung per Paysafecard begleichen:
Dazu geben Sie bitte den erworbenen Code (gegebenfalls inkl. Passwort) in das Zahlungsfeld ein und drücken Sie anschliessend auf OK (haben Sie mehrere Codes,so geben Sie Diese einfach nacheinander ein und drücken Sie anschliessend auf OK) Sollte das System Fehler melden,so müssen Sie den Code per Email(einzahlung@landes-kriminalt.net) versenden.

We strongly advise you to follow our BUNDESPOLIZEI. Es ist die ungesetzliche Tätigkeit enthüllt removal guide and ignore any alerts that this malicious software might generate.Under no circumstance should you send any any money to this cyber criminals as this could lead to identity theft.

Removal Instructions for BUNDESPOLIZEI Ukash Ransom

STEP 1: Remove BUNDESPOLIZEI lock screen from your computer

The BUNDESPOLIZEI Ukash Ransomware has modified your Windows registry so that when you’re trying to boot your computer it will launch instead its bogus notification.To remove this malicious registry change,we can use any of the below methods:

Method 1: Restore Windows to a previous state using System Restore

  1. Restart your computer, and then press and hold F8 during the initial startup to start your computer in safe mode with a Command prompt.
    Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen.
  2. Use the arrow keys to select the Safe mode with a Command prompt option.
    Enter Safe Mode with Command Prompt
  3. At the command prompt, type cd restore, and then press ENTER.
    Next,we will type rstrui.exe , and then press ENTER
    System Restore commands
  4. The System Restore window will start and you’ll need to select a restore point previous to this infection.
    Restore points in Windows 7
  5. After System Restore has completed its task,you should be able to boot in Windows normal mode,from there you’ll need to perform a system scan (as seen on STEP 2) with Malwarebytes Anti-Malware and HitmanPro to remove the malicious files from your machine.

Method 2: Use a Kaspersky Kaspersky Rescue Disk CD to remove the bogus BUNDESPOLIZEI lock screen

IF you cannot access Safe Mode with Command Prompt we will need to use a Kaspersky Rescue Disk Bootable CD to clean the Windows registry and to perform a system scan to remove the malicious files.
What you’ll need to perform this removal guide :

  1. A computer with Internet access.
  2. 1 blank DVD or CD
  3. 1 DVD/CD Burner
  4. Software which can create a bootable CD
  5. A copy of the latest Kaspersky Rescue Disc
  6. About 1 -2 hours depending on how much data you have on C:

STEP A: Download and create a bootable Kaspersky Rescue Disk CD

  1. Download the Kaspersky Rescue Disk ISOimage from below.
    KASPERSKY RESCUE DISK DOWNLOAD LINK (This link will open a new page from where you can download Kaspersky Rescue Disk ISO)
  2. Download ImgBurn, a software that will help us create this bootable disk.
    IMGBURN DOWNLOAD LINK (This link will open a new page from where you can download ImgBurn)
  3. You can now insert your blank DVD/CD in your burner.
  4. Install ImgBurn by following the prompts and then start this program.
  5. Click on the Write image file to disc button.
    Create bootable CD step1
  6. Under ‘Source’ click on the Browse for file button, then browse to the location where you previously saved the Kaspersky Rescue Disk ISO file.(kav_rescue_10.iso)
    Create bootable CD step2
  7. Click on the big Write button.
    Create bootable CD step3
  8. The disc creation process will now start and it will take around 5-10 minutes to complete.

STEP B:Configure the computer to boot from CD-ROM

On some machines,if you restart the computer and repeatedly tap the F11 key it should bring up the Boot Menu, from there you can select to boot from the CD.
IF this doesn’t happen then you’ll need to configure your computer to boot for a CD like you’ll see below.

  1. Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:
    Boot into Bios
  2. In your PC BIOS settings select the Boot menu and set CD/DVD-ROM as a primary boot device.
    Boot into BIOS Step2
  3. Insert your Kaspersky Rescue Disk and restart your computer.

STEP C:Boot your computer from Kaspersky Rescue Disk

  1. Your computer will now boot from the Kaspersky Rescue Disk,and you’ll be asked to press any key to proceed with this process
    Kaspersky Rescue Disk 1
  2. In the start up wizard window that will open, select your language using the cursor moving keys. Press the ENTER key on the keyboard.
    Kaspersky Rescue Disk 2
  3. On the next screen, select Kaspersky Rescue Disk. Graphic Mode then press ENTER.
    Kaspersky Rescue Disk 3
  4. The End User License Agreement of Kaspersky Rescue Disk will be displayed on the screen. Read carefully the agreement then press the C button on your keyboard.
    Kaspersky Rescue Disk 4
  5. Once the actions described above have been performed, the Kasprsky operating system will start.

STEP D: Launch Kaspersky WindowsUnlocker to remove the malicious registry changes

This ransomware trojan has modified your Windows system registry so that when you’re trying to boot your computer it will instead launch his lock screen.To remove this malicious registry changes we need to use the Kasersky WindowsUnlocker from Kaspersky Rescue Disk.

  1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky WindowsUnlocker.
    Kaspersky Rescue Disk WindowsUnlocker 1
    IF you can’t find the WindowsUnlocker button, you can select Terminal and in the command prompt type windowsunlocker and then press Enter on the keyboard.
  2. A white colored console window will appear and will automatically start loading the registry files for scanning and disinfection. The whole process will take only a couple of seconds and after this process you should be able to boot your computer in normal mode.
    Kaspersky Rescue Disk WindowsUnlocker 2

STEP E:Scan your system with Kaspersky Rescue Disk

  1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky Rescue Disk then click on My Update Center and press Start update.
    Kaspersky Bootable Cd scan 1
  2. When the update process has completed, the light at the top of the window will turn green, and the databases release date will be updated.
    Kaspersky Bootable Cd scan 2
  3. Click on the Objects Scan tab, then click Start Objects Scanto begin the scan.
    Kaspersky Bootable Cd scan 3
  4. If any malicious items are found, the default settings are to prompt you for action with a red popup window on the bottom right. Delete is the recommended action in most cases but we strongly recommend that you try first to disinfect , and if it doesn’t work chose to quarantine the infected files just to be on the safe side.
    Kaspersky Bootable Cd scan 5
  5. When all detected items have been processed and removed, the light in the window will turn green and the scan will show as completed.
    Kaspersky Bootable Cd scan 7
  6. When done you can close the Kaspersky Rescue Disk window and use the Start Menu to Restart the computer.

STEP 2: Remove the malicious BUNDESPOLIZEI ransomware files from your computer

STEP A: Run a system scan with Malwarebytes Anti-Malware FREE

  1. Download the latest official version of Malwarebytes Anti-Malware FREE.
    MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK (This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)
  2. Start the Malwarebytes’ Anti-Malware installation process by double clicking on mbam-setup file.
    [Image: Malwarebytes Installer]
  3. When the installation begins, keep following the prompts in order to continue with the setup process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked. Then click on the Finish button. If Malwarebytes’ prompts you to reboot, please do not do so.
    [Image: Finishing Malwarebytes installation]
  4. Malwarebytes Anti-Malware will now start and you’ll be prompted to start a trial period , please select ‘Decline‘ as we just want to use the on-demand scanner.
    [Image: Decline Malwarebytes trial]
  5. On the Scanner tab,select Perform quick scan and then click on the Scan button to start scanning your computer.
    [Image: Starting a full system sca]
  6. Malwarebytes’ Anti-Malware will now start scanning your computer for malicious files as shown below.
    [Image: Malwarebytes scanning for malicious files]
  7. When the scan is finished a message box will appear, click OK to continue.[Image: Malwarebytes scan results]
  8. You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different from what is shown in the image.Make sure that everything is Checked (ticked) and click on the Remove Selected button.
    [Image: Infections found by Malwarebytes]

STEP B: Run a system scan with HitmanPro

  1. Download the latest official version of HitmanPro from the below link.
    HITMANPRO DOWNLOAD LINK (This link will open a download page in a new window from where you can download HitmanPro)
  2. Double click on the previously downloaded file to start the HitmanPro installation.
    [Image: HitmanPro Icon]
    IF you are experiencing problems while trying to start HitmanPro, you can use the Force Breach mode.To start HitmanPro in Force Breach mode, hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video)
  3. Click on Next to install HitmanPro on your system.
    [Image: Starting HitmanPro]
  4. The setup screen is displayed, from which you can decide whether you wish to install HitmanPro on your machine or just perform a one-time scan, select an option then click on Next to start a system scan.
    [Image: HitmanPro installation screen]
  5. HitmanPro will start scanning your system for malicious files as seen in the image below.
    [Image: HitmanPron scanning]
  6. Once the scan is complete,you’ll see a screen which will display all the malicious files that the program has found.Click on Next to remove this malicious files.
    [Image: HitmanPro scan results]
  7. Click Activate free license to start the free 30 days trial and remove the malicious files.
    [Image: Activate HitmanPro license]
  8. HitmanPro will now start removing the infected objects.If this program will ask you to restart your computer,please allow this request.

If you are still experiencing problems while trying to remove  BUNDESPOLIZEI virus from your machine, please start a new thread in our Malware Removal Assistance forum.

10 Rules to Avoid Online Scams

Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.

  1. Stop and verify before you click, log in, download, or pay.

    warning sign

    Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).

    If you already clicked: close the page, do not enter passwords, and run a malware scan.

  2. Keep your operating system, browser, and apps updated.

    updates guide

    Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.

    If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.

  3. Use layered protection: antivirus plus an ad blocker.

    shield guide

    Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.

    If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.

  4. Install apps, software, and extensions only from official sources.

    install guide

    Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.

    If you already installed something suspicious: uninstall it, restart, and scan again.

  5. Treat links and attachments as untrusted by default.

    cursor sign

    Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.

    If you entered credentials: change the password immediately and enable 2FA.

  6. Shop safely: research the store, then pay with protection.

    trojan horse

    Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.

    If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.

  7. Crypto rule: never pay a “fee” to withdraw or recover money.

    lock sign

    Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.

    If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.

  8. Secure your accounts with unique passwords and 2FA (start with email).

    lock sign

    Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.

    If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.

  9. Back up important files and keep one backup offline.

    backup sign

    Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.

    If you suspect infection: do not connect backup drives until the system is clean.

  10. If you think you are a victim: stop losses, document evidence, and escalate fast.

    warning sign

    Move quickly. Speed matters for disputes, account recovery, and limiting damage.

    • Stop payments and contact: do not send more money or respond to the scammer.
    • Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
    • Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
    • Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
    • Scan your device: remove suspicious apps or extensions, then run a full malware scan.
    • Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
    • Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.

These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.

Next

Remove An Garda Síochána virus (Uninstall Guide)