Wednesday, May 18, 2011

"Your Windows has been blocked" Ransomware Removal (Uninstall Guide)

"Your Windows has been blocked" is a Trojan Ransom that hijacks your computer and demands payment in exchange for the unlock key. When you run the Trojan, you will see a fake warning saying that you have violated Copyright law. The fake warning looks a lot like Windows XP activation window. "Your Windows has been blocked" has this scary countdown timer and another alert in the right lower corner saying that you shouldn't restart your computer; otherwise you will lose all of your files. No need to worry, because the "Your Windows has been blocked" Ransomware can not delete your files. Nothing happens even if you run out of time. Cyber criminals use such scare tactics all the time to trick users into thinking hat they have some serious problems. But think about it for a second, some guy from Romania tolds you to send $100 to him and then he sends you the unlock key. What is more, this amount of money has to be wired by Western Union. That doesn't make sense. Thankfully, there is an easy way to remove the "Your Windows has been blocked" Trojan from your computer. Please follow the removal instructions below. Good luck and be safe online!




"Your Windows has been blocked" removal instructions:

1. Reboot your computer is "Safe Mode". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm



2. Go to C:\Documents and Settings\[UserName]\Application Data\Microsoft\ folder.

Example in Windows XP:
C:\Documents and Settings\Michael\Application Data\Microsoft

Look for a file named explorer.exe and delete it.



NOTE: by default, Application Data folder is hidden. "Your Windows has been blocked" files are hidden as well. To see hidden files and folders, please read Show Hidden Files and Folders in Windows.
Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmark from the checkbox labeled:

- Hide extensions for known file types
- Hide protected operating system files

Click OK to save the changes. Now you will be able to see all files and folders in the Application Data.

3. Open Registry Editor. Select Start → Run (or press WinKey+R). Type in: regedit. Click OK or press Enter.

Locate the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

In the righthand pane select the registry key named explorer.exe. Right click on this registry key and choose Delete. At the Confirm Value Delete window, click Yes to remove it.



4. Go back into "Normal Mode". Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe, explorer.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

5. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Associated "Your Windows has been blocked" files and registry values:

Files:
  • C:\Documents and Settings\[UserName]\Application Data\Microsoft\explorer.exe
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "C:\Documents and Settings\[UserName]\Application Data\Microsoft\explorer.exe"
Share this information with other people:

No comments:

Post a Comment