What Was Happening
A customer in Wandsworth brought in an Acer Aspire 5349 that had become completely unusable after a fake Metropolitan Police warning filled the screen and demanded payment. The message claimed the user had accessed illegal material and that the laptop had been locked by UK law enforcement. No legitimate desktop was accessible, and the customer was understandably alarmed — not just by the lock, but by the accusation itself.
The customer had not clicked anything unusual before the lock appeared. The infection had arrived silently, most likely through a compromised website or an unpatched browser component.
Our Diagnosis
We identified the infection as the Urausy trojan, commonly known as the Metropolitan Police virus or Police ransomware. It was a well-documented strain that was particularly prevalent in the UK during 2013 and 2014. The trojan placed itself in startup routines and triggered the full-screen lock at boot, before the Windows desktop could load normally.
Crucially, the underlying Windows installation and the customer’s files were intact. The malware was designed to extort money rather than destroy data.
How We Fixed It
We bypassed the lock screen by booting into a recovery environment, which gave us access to the file system without triggering the malware’s startup behaviour. From there we removed the malware components, deleted the persistence entries that would have caused re-infection after a normal boot, and verified the integrity of system files.
Once normal startup was restored, we checked the customer’s documents, photos, and other stored files — all remained accessible. We then installed reputable antivirus software and confirmed it was running correctly before returning the machine.
The Result
The Aspire 5349 booted cleanly into Windows, all user data was accessible, and the customer avoided paying the scam demand. The whole job was completed the same day.
Why This Happens on This Model
The Acer Aspire 5349 was a budget consumer laptop running Windows 7, which was widely sold at a time when automatic update adoption was inconsistent. Machines like this were common targets for browser-based trojan delivery because older versions of Internet Explorer and Flash were easily exploited. The Aspire range also shipped without pre-installed security software on many units, leaving users exposed if they did not add their own antivirus after purchase.
Prevention Tips
- Keep Windows Update set to automatic so security patches are applied without manual intervention
- Install reputable antivirus software and keep its definitions current — free options from established vendors are far better than nothing
- Do not pay on-screen ransom demands under any circumstances; payment does not unlock the machine and encourages further criminal activity
- If a lock screen appears, power the machine off immediately and bring it to a repair professional rather than attempting home fixes that could trigger data loss
- Avoid browsing with outdated browser extensions, particularly older Flash or Java plugins, as these are common trojan delivery routes
Local Help in Wandsworth SW18
We cover Wandsworth SW18 for virus removal and malware repair, typically offering same-day turnaround. If your laptop has been locked by ransomware or is showing unusual behaviour, bring it to our Putney workshop or call ahead to arrange collection.
Related Services
- Virus Removal — malware, ransomware, and trojan removal for Windows laptops and desktops
- Virus Removal in Wandsworth — local service covering SW18
More Case Studies
- Compaq Presario hard-drive replacement and data recovery in Wandsworth — data recovery after storage failure in SW18
- Asus K53E keyboard replacement in Wandsworth — hardware repair for a Wandsworth customer
- How We Recovered Data from an Acer Aspire with Motherboard Failure — Acer data recovery case