Police Nationale Francaise - France (Ransom Trojan) - 05.14.2012 - Analysis and Removal

 __________________________________________________________________________________

Easy way to defeat:

If on XP:
Press F8 upon boot to get to the Windows Advanced Options Menu
From the list, choose "Directory Services Restore Mode"


You should now be in a Windows Safe Mode with Networking capabilities. __________________________________________________________________________________

Download and install Malwarebytes from here.
Run a Quick Scan.
Ransom message should no longer appear.

Additional information:
This ransom does not extract additional files. It simply runs from itself hijacking this key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Creates a bad value here like "vasja" which paths to the one bad ransom file.
 __________________________________________________________________________________