Surely, you heard, and maybe even got into such a situation when after downloading a file or visiting a dubious website on the Internet.
The PC suddenly became uncontrollable and a banner appeared demanding to enter a code in order to unlock the computer, which can be obtained by sending SMS or replenishing the account of the specified phone for a certain amount.
What to do in this case? To submit to the ransomware or is there still a chance to somehow unlock the computer without SMS? Let's look at several options for our actions in order not to become a “cash cow” for scammers.
After all, after topping up the account they will already know your phone and most likely they will be able to log in with your mobile operator. It means that it will not be difficult for them to withdraw money from your phone. But let's not despair and first try to deal with the problem on our own. So how?
Attempt to unlock from the banner through the task manager
This is one of the simplest methods. Who knows, maybe scammers are not so literate and just bluffing? So, we call the task manager and remove the task performed by our browser. To do this, simultaneously press the keys Ctrl + Alt + Del (pluses, of course, do not press). Then in the window that opens, click “Run Manager”:
This window may have different views, depending on the operating system, but the essence is hopefully clear. Next comes the task manager. Here we must remove the task of our browser. We click on the line with the browser and then on the “Cancel task” button:
By the way, this method is applicable for this as well as for any other task. To close a frozen program, for example. I must say that it is not always possible to do this on the first try, sometimes the task manager window blinks and disappears again.
In such cases, it happens that repeated pressing helps Ctrl + Alt + Del and repeated, and up to 10 times in a row! More probably does not make sense. It turned out well. No - proceed further.
Attempt to unlock a computer through the registry
Now we try the following option - more complicated. We put the cursor in the code entry field, press Ctrl + Alt + Del and carefully look at the banner.
Of course, it will not necessarily be the same as mine, but the offer to send SMS or to replenish the number and line for entering the code or password must be present. If, as a result of our actions, the cursor disappeared, then the keyboard’s attention turned to the task manager:
Now you can press Tab, and then Enter, and an empty desktop should open in front of you, most likely even without a “Start”. If this happened, now to “unlock our prisoner” you need to go to the registry, since viruses are usually registered there.
Push Ctrl + Alt + Del. Then “Run Task Manager.” In the new window that appears - “File”, then in the drop-down menu “New task (Run ...)”:
In the following we write the “regedit” command and then click “OK”:
The “Run” command can be called up and easier if, of course, it turns out - by pressing the Win + R buttons on the keyboard. Who does not know, Win is a key with a Windows picture, usually at the bottom left of the keyboard.
If everything works out, we will be in the registry editor. Here be very careful and careful. Do not touch anything superfluous. Because incorrect actions can lead to unpleasant, and sometimes unpredictable consequences in the operation of a computer.
So we need to get here: HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows NT / CurrentVersion / Winlogon. I will show you two windows so that it is clear where and what to click to implement this venture.
In the first window, find the line with the inscription “HKEY_LOCAL_MACHINE” and click on the triangle to the left of it:
The list below this line will expand. There you need to find the line “SOFTWARE” and also click on the triangle:
Do not be alarmed, the lists there are very large, do not forget about the lower slider - move it to see the labels completely.
When you get to Winlogon in this way, already click not on the triangle on the left, but on the word “Winlogon” itself. After that, turn your eyes to the right panel, where you will need to check the parameters: “Shell” and “Userinit” (If it is hard to see, click on the picture - it will increase):
We look at the Shell parameter - its value is only “explorer.exe”. Userinit "should look like this:" C: \\ WINDOW \\ Ssystem32 \\ userinit.exe, ".
Please note that at the end after “exe” is a comma! If there are any other values, then correct to the above. To do this, just click on “Shell” or “Userinit” with the right mouse button, click “Change”, in the pop-up window write the desired value.
This, I think, will not cause you much difficulty.
Final work and failure action
In some cases, it happens that these parameters are in order. Then we find the following section: HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows NT / CurrentVersion / Image File Execution Options and deploy it. If the subsection explorer.exe appears there, we delete it without regret. Well, we did everything to unlock our “prisoner”.
Now you can restart your computer. If the virus is no more insidious, everything should return to their places. If so, then we can laugh at the mountain - SMS - by extortionists. And of course, after all the work done, be sure to perform a full scan of the antivirus program. Yes, and the cleaner before this does not hurt to walk - such as CCleaner.
If all else fails or you do not dare to do the above steps, contact a specialist. But do not send SMS in any case. You can also familiarize yourself with other unlock methods from Trojan Winlock Virus on the VirusStop website or on the Kaspersky website.
That's all. Now you know how to unlock a computer without SMS. But it would be better if you never needed to do this, at least on your computer.
So, today we’ll talk with you about how to unlock your computer from the "Ministry of Internal Affairs" virus. This is a modern form of computer infection, which can be easily picked up on the Internet. But getting rid of it will be quite difficult, especially if you do not know what to do. So let's quickly try to figure out how to deal with the problem.
Appearance
But before the “MVD” virus, let's think about what we have to deal with. It is always good to know the enemy in person. This will help us quickly find a way around this or that computer infection.
So, the "MVD" virus is the so-called Internet access blocker. When working on the network, it pops up over the page, preventing you from continuing actions. With all this, if you managed to restart the computer, then this rubbish will pop up all the time when the browser starts. And working on the Internet will now be simply impossible.
If you think of the virus "Ministry of Internal Affairs of the Russian Federation", then in no case do not send an SMS message that requires a banner. You just lose money - you won’t get any unlock code. You will remain with a problem, and even without money. Now let's see where this infection can come from, as well as how a computer behaves when it is infected. After that, it will be possible to talk about how to unlock the computer from the virus "Ministry of Internal Affairs of the Russian Federation."
Where does it meet
Well, how can you run into our infection today? The thing is that just like that, blockers do not appear in the operating system. You have to try very hard to stumble upon a similar virus.
In contrast to spam or "Ministry of Internal Affairs" (how to remove it, we will talk later) is found mainly on a variety of sites. This is not necessarily an advertising page. We can say that no user is safe from this infection. True, there is one little advice that you can follow. It will help to avoid thinking about how to unlock the computer from the virus "Ministry of Internal Affairs of Russia" on its own.
The advice is simple - do not visit sites that look suspicious, and also advertise something prohibited by the government. For example, pages of an intimate nature or torrent trackers with pirated software. As a rule, it is on such sites that our today's “hero” of the review is most often found. And removing it can be quite difficult. So let's now see how the computer behaves after infection, and also study the methods of healing the system.
Behavior
So, what happens to your operating system after our today's blocker got into it? Perhaps it is worth discussing a number of features that can be highlighted. Especially if you managed to just close the browser and reboot the system, and after that you did not try to work on the Internet.
To begin with, it is worth noting that your operating system will immediately begin to slow down. The thing is that the virus is registered in autorun, and this loads the processor quite a lot. In addition, the infection leaves its files in Windows, thereby slowing down. If you notice something like this, then most likely in the near future you will have to think about how to unlock the computer from the MVD virus yourself.
In addition, if you try to work on the Internet, then you will not succeed - instead of the browser, a blocker window will pop up, which will inform you that you must send an SMS message with a specific code in order to receive an unlock. Naturally, as already mentioned, this is not necessary. So, if you lost your browser, then you should think about how to unlock your computer from the "MVD" virus. There are several good ways. True, they must be used comprehensively.
Check
So, the first step that you need to take to clean your computer of today's virus is the most banal check of the operating system for viruses and trojans. This move will not save you from the infection completely, but it will help to heal most of the files.
In order to practically answer the question of how to unlock a computer from the "MVD" virus, you will have to buy Dr.Web here is perfect. If you do not like it, then use Nod32. Update the virus database, and then start a deep scan. This process can be quite time consuming. Nevertheless, wait for the results.
Everything that was discovered will have to be cured. Be prepared for the fact that not all files are treatable. In this case, they are quite simple to remove. Close the antivirus program, and then proceed to the next step. However, if you are not particularly worried about the security of your computer, then you can skip this step because of the inability to use it.
Antispyware
This application does an excellent job of searching for folders that contain malicious and dangerous software. Checking with such a utility after an antivirus is a great way to rid the system of viruses that are very well encrypted. Run the check, and then delete everything that is found. If you did not have this program installed, you can skip this step. After all, you will not be able to download Spy Hunter until you get rid of the computer infection.
Work in the system
So, now let's see what we need in order to answer how to unlock the computer from the "MVD" virus. After scanning, you will have to do a couple more manipulations, after which you can reboot.
So, the first thing we go to the registry. You can open it after running the "regedit" command. Before that, press Win + R, and then write this function. Go to "Edit" and then to "Search". Write "MVD" in the line that opens, and then start the scan. Delete everything that was found, then close the registry.
Now go to My Computer. Here you have to get into the Windows system folder. Find there "System32", and in it "Drivers". Take a look there. Double-click on the inscription "etc", and then open the notebook "host". You will see some inscriptions. We will not delve into them - now we need to get rid of the blocker. Therefore, we boldly erase everything that is written there, and then save the changes. Now just restart the computer. It will not hurt to reinstall the browser again. That's all. Now you know how to unlock the computer from the "Ministry of Internal Affairs" virus yourself.
In this article I will tell you about the main classes of malware and classic vulnerabilities in popular OSs using the example of Windows 7 / XP / 2000. I will try to describe the main methods of elimination in a more understandable and simple language aimed at the general audience of users.
Currently, there is a huge amount. In parallel with viruses, it develops, becoming more and more perfect, but not always affordable for the average user. And many use the simplest antivirus programs or do not have at all hoping that the virus does not get into their computer.
What viruses are there? Let's see a simple classification:
- by habitat
— file virusesget into executable files (* .SOM, * .EXE, * .SYS, * .BAT, * .DLL);
— boot viruses, seek to get into the boot sector of the disk (Boot sector);
—macro viruses, affect systems that use macros in their work (for example, Word, Excel).
—network viruses distributed using computer network commands and protocols.
Recently, the most unpleasant and even scary virus for an ordinary user has become banners blocking the computer and extorting money. There are three ways to deal with such blocking viruses.
1. First way simplest. Use another computer or mobile device to enter the official website of the anti-virus product manufacturers (Kasperskiy, Dr Web, Nod 32). Each company has a section where you can find the unlock code by entering the phone number indicated on the banner.
If such a banner is in the database, then this method will help you unlock the computer. But there remains the possibility of launching this banner again.
2. Second way a little more complicated, but success is guaranteed if everything is done correctly.
To do this, use the Live CD or preload and enter “ Safe mode»Computer work. At the command line, write “ regedit.exe»And enter the registry work program.
We go the following way:
HKEY_LOCAL_MACHINE / SOFTWARE /
Microsoft / Windows NT /
CurrentVersion / Winlogon
We find the files in the right column " Userinit Shell". The value of " Userinit"Must be exactly as in the picture, and the value" Shell"should match " Explorer.exe"Or this parameter may not exist at all. If your values \u200b\u200bdiffer from the above, then you need to change them. Double-click on the value and change it, then " Remember". These values \u200b\u200bare the address of the banner. The computer is unlocked, but the virus has not been removed. You can clean using the special free utility “ Dr.web cureit"Which can be downloaded on the official website of Doctor Web.
3. The third way.
3.1 Download the image from the official site of Kaspersky Lab - iso disk " Kaspersky Rescue Disk. "
3.2. Write the downloaded image to a CD / DVD-ROM. Burn image isousing programs Nero Burning ROM , ISO Recorder , Deepburner , Roxio creator and etc.
3.3 You can also burn the utility image to USB stick
To record, insert the USB drive into the computer. The volume of the drive must be at least 256 MW. Drive file system must be Fat16orFat32. If the drive has a file system NTFS then you need to format it with the desired system. Download the image for the USB drive and run the file rescue2usb.exe.
Using the “ Overview"Find the downloaded utility and below select a USB drive where we write the image, press the button" Start". After the recording is completed, in the window that opens, click the “ OK«.
In the BIOS menu we find Boot where we install the drive from which the boot will take place, this is - CD-ROM drive or Removable Devices.
After choosing the boot method, insert the disk with the image into the drive or USB drive into the port. Reboot the computer. In the window that appears, you will see the inscription " Press any key to enter the menu»
and press any key for 10 seconds otherwise the download will go from the hard drive. In a new window, select the interface language.
Accepting the license agreement, press the " 1 «.
We proceed to the treatment of the registry. Find the button with the letter " K "(in the lower left corner), select " Terminal". At the command prompt, write the command windowsunlocker and click Enter on keyboard.
The utility is running and you see a window with a menu where you are prompted to perform an action. Choose on the keyboard " 1- unlock Windows "And click" Enter. "
The program will clear the registry and show the result.
The last thing to do in the menu is to choose » 2 ″ - Save copies of boot sectors.Click " 0 " output.
After successful completion of registry cleaning, we remove the virus residues with the Dr.web cureit utility.
You got acquainted with three simple and effective ways to unlock a computer infected with a very unpleasant virus ().
Video
The ransomware virus is an extremely dangerous malware that, when it enters the operating system of a personal computer, completely blocks its operation. To unlock the computer from the ransomware virus, you need to pay a special code by sending SMS or transferring the information specified. Otherwise, he threatens to destroy all the data available on the PC.
What to do in this situation and how to prevent infection, we will talk in this article.
Ransomware viruses exist of several types, namely those that:
- Block sites.
- Block the browser.
- Block the operation of the operating system.
Of course, this is not the whole list of such threats, there are a lot of them, they are all different and require different amounts.
Whatever it is, the ransomware virus attack is designed to scare you and get your money. And unsurprisingly, many do pay for the code to get rid of the problem. But the fact is that sending messages does not help to remove the ransomware virus from the computer, and you simply spend your money in vain. That is why in no case should you send money! This will not save the situation and will not solve the problem.
Take measures to protect your PC
Malicious utilities are found everywhere, including on numerous adult websites, file hosting sites and other similar resources. Very often they hide in files with the extensions exe, zip, rar, .msi, cmd, bat. They can be disguised as a regular flash player, by installing which, the operating system is completely blocked. Moreover, you can get infected both over the network and through removable media.
Some tips for protecting your laptop:
If you neglected the above tips and your PC was attacked then how to remove the ransomware virus from the Ministry of Internal Affairs of the Republic of Belarus or any other malicious program, we will talk further.
How to get rid of the threat and restore Windows
If you don’t know how a standard ransomware or ransomware virus works, then it will come as a surprise to you that you won’t get rid of it by a simple removal procedure. This means that the virus must be removed automatically using a reliable antivirus that will be able to detect the malware and remove it.
However, viruses such as the Ministry of Internal Affairs warning on the Internet can block the operation of the antivirus, or even prevent the system from loading, in which case it becomes much more difficult to cure the computer.
Uninstall using antivirus software and boot in safe mode
Step 2: Removing the virus:
Rollback to recovery point
A very effective way that will allow you to roll back all changes to Windows until the moment when the PC or laptop has not yet been infected by the ransomware.
Instructions for Windows XP / Vista / 7
- We do the same as indicated for the above method, only in the “Advanced Boot Options” window we select “Command Prompt”.
Step 2: Perform a recovery.
Instructions for Windows 10/8
After the system is restored, turn on and scan the PC just in case for malware. Thus, you radically get rid of the threat.
If no method has helped you, you can always reinstall Windows or contact a service center, specialists will help you quickly solve this problem.
Another solution parsed in this video
I welcome you, dear visitor of the blog "Pensermen".
Surely, you heard, or maybe even got into a situation where, after some file or visiting a dubious site on the Internet, the PC suddenly became uncontrollable and a banner appeared with a request to enter a code in order to unlock computer , which can be obtained by sending SMS or replenishing the account of the specified phone for a certain amount.
What to do in this case? Submit to ransomware or still have a chance somehow unlock a computer without SMS? Let's look at a few options for our actions in order not to become a “cash cow” for. After all, after topping up the account they will already know your phone and most likely they will be able to log in with your mobile operator. It means that it will not be difficult for them to withdraw money from your phone. But let's not despair and first try to deal with the problem on our own. So how?
Attempt to unlock from the banner through the task manager
This is one of the simplest methods. Who knows, maybe scammers are not so literate and just bluffing? So, we call the task manager and remove the task performed by our browser. To do this, simultaneously press the keys Ctrl + Alt + Del (pluses, of course, do not press). Then in the window that opens, click “Run Manager”:
This window may have different views, depending on the operating system, but the essence is hopefully clear. Next comes the task manager. Here we must remove the task of our browser. We click on the line with the browser and then on the “Cancel task” button:
By the way, this method is applicable for this as well as for any other task. To close hung, for example. I must say that it is not always possible to do this on the first try, sometimes the task manager window blinks and disappears again. In such cases, it happens that pressing Ctrl + Alt + Del and repeatedly, and up to 10 times in a row, helps! More probably does not make sense. It turned out well. No, proceed further.
Attempt to unlock a computer through the registry
Now we try the following option - more complicated. We put the cursor in the code entry field, press Ctrl + Alt + Del and carefully look at the banner. Of course, it will not necessarily be the same as mine, but the offer to send SMS or to replenish the number and line for entering the code or must be present necessarily. If, as a result of our actions, the cursor disappeared, then the keyboard’s attention turned to the task manager:
Now you can press Tab, and then Enter, and an empty desktop should open in front of you, most likely even without a “Start”. If this happened, now to “unlock our prisoner” you need to go to the registry, since viruses are usually registered there.
Press Ctrl + Alt + Del. Then “Run Task Manager.” In the new window that appears, “File”, then in the drop-down menu “New task (Run ...)”:
In the following we write the “regedit” command and then click “OK”:
The “Run” command can be called up and easier if, of course, it turns out, by pressing the Win + R buttons on the keyboard. Who does not know, Win is a key with a Windows picture, usually at the bottom left of the keyboard. If everything worked out, we find ourselves in. Here be very careful and careful. Do not touch anything superfluous. Because incorrect actions can lead to unpleasant, and sometimes unpredictable consequences in the operation of a computer.
So we need to get here: HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows NT / CurrentVersion / Winlogon. I will show you two windows so that it is clear where and what to click to implement this venture. In the first window, find the line with the inscription “HKEY_LOCAL_MACHINE” and click on the triangle to the left of it:
The list below this line will expand. There you need to find the line “SOFTWARE” and also click on the triangle:
Don’t be afraid, the lists there are very large, about the bottom slider - move it to see the labels completely. When you get to Winlogon in this way, already click not on the triangle on the left, but on the word “Winlogon” itself. After that, turn your eyes to the right panel, where you will need to check the parameters: “Shell” and “Userinit” (If it is hard to see, click on the picture, it will increase):
We look at the Shell parameter - its value is only explorer.exe. "" Userinit "" should look like this: C: \\ WINDOW \\ Ssystem32 \\ userinit.exe,. Please note that at the end after “exe” is a comma! If there are any other values, then correct to the above. To do this, just click on "" Shell "" or "" Userinit "" with the right mouse button, click “Change”, in the pop-up window write the desired value. This, I think, will not cause you much difficulty.
Final work and failure action
In some cases, it happens that these parameters are in order. Then we find the following section: HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows NT / CurrentVersion / Image File Execution Options and deploy it. If the subsection explorer.exe appears there, we delete it without regret. Well, we did everything to unlock our “prisoner”.
Now you can restart your computer. If the virus is no more insidious, everything should
