To remove the virus and unlock the computer, you will need additional software and hardware, namely: a computer or laptop connected to the Internet and having a working drive for burning discs; blank CD.
Find a multiboot disk image, download it, and burn it to a CD.
Finding a malicious file
Insert the recorded disc into the drive of the infected computer and perform the procedure of booting the operating system from this media. Wait until the download process completes. Please note that booting the system will take much longer than when starting from a hard drive.
After booting the system, go to the user profile under which the computer is locked. If Windows 7 or 8 is installed on the computer, the profile is located “C:\Users\’username’”. In Windows XP, the profile is located “C:\documents and settings\’username’”.
Browse the root of this directory, as well as all subdirectories. Look for suspicious executable files, i.e. files with strange names and extension (type) “.exe”. For example, 7678329.exe, kjsafgf756.exe, etc. Run the found file. If the file turns out to be a virus, it will block this system.
Virus removal
Restart your computer and boot from the CD again. Wait until the download process finishes and find the file again. Rewrite the entire file name and delete it. Use the search to find backup copies of the malicious file and delete them.
Cleaning the registry from the effects of the virus
Execute the command “Start – Run – Regedit”, the registry editor will launch. Make a backup copy of the registry using the "File - Export" command.
Press Ctrl+F or execute the command “Edit – Find”. In the search window, type the name of the malicious file and click “Find.” Delete the found line in the registry that refers to this file. Repeat the search and delete procedure until all records associated with this file are completely destroyed.
Finishing the virus removal process
Restart your computer by loading the previously infected version of Windows. Wait until the download completes. Update the installed anti-virus system and conduct a full disk scan.
Start updating the operating system by executing the command “Start – Control Panel – Windows Update – Search for Updates”. The described steps will help you unlock your computer and get rid of many viruses known today.
What to do if a virus has blocked access to the Internet?
If you use the Internet and do not have an antivirus installed on your computer or it is outdated, then you have a chance to run into a new reincarnation of a very common virus - a blocker. If previously such viruses blocked the operation of the computer, encrypted data on the hard drive, or generally spoiled it, now everything is done much simpler - they simply block your access to the Internet under the pretext of “violating” some law.
So I found myself in the same ridiculous situation. I forgot to install antivirus on my netbook and here is the result.
The address bar of the browser shows the following - mvd.ru. When we try to go to another site, nothing works, we end up on the same page again. Moreover, from the page they can scare us about breaking some law. And it doesn’t matter which one.
To get rid of the blocking, we are offered to go through some kind of unlocking procedure, the result of which should be emptying our pocket (sending an SMS, transferring funds to a wallet, etc.). All this can be presented as a procedure for paying a mythical “fine”.
In general, nothing new, typical fraud. And don’t even think about entering your mobile number into any fields on such sites. The minimum you will get is spam on your cell phone.
It is also worth noting that the real address of such a site is not mvd.ru, as they would like to convince us, but, for example, like this.
This address was displayed on my quick access panel after a sad visit to this site. It is clear that he has nothing to do with either the Ministry of Internal Affairs or other law enforcement agencies.
What to do?
Give up on everything and sit without the Internet? No. Pay the “fine” in the hope of lifting the block? Well, yes. It's a virus. Losing money and getting nothing...
How to remove an Internet blocker virus?
There are two ways to go. The first thought that came to my mind was to download the antivirus installation file on another computer, transfer it to the infected computer and run it after installation full scan. So I did. But, as it turned out, the blocking problem can be solved in another, easier way.
The fact is that the virus sets its DNS servers in the network settings, or rather a combination of numbers like this: 104. 243. 38. 251. Because of this, our browser “sees” only one site - a fraudulent one. And nothing will change as long as the addresses of fraudulent DNS servers are specified in the settings!
How to restore previous settings? The simplest option.
For Windows XP.
Click "Start" - "Control Panel". Find the category "Network and Internet connections".
The Network Connections tab will show your available network connections. As you can see in the screenshot, I had two of them. One is wired (not used), the other is wireless (Wi-Fi).
Right-click on any of the connection icons and select “Properties” from the menu.
The following window will appear.
Select the line “Internet Protocol (TCP/IP)” with the mouse and click the “Properties” button next to it.
So we got to the very DNS server addresses that spoiled our mood. I found a similar picture in the "Local Area Connection" properties.
Check the "Obtain DNS server address automatically" checkbox. Be sure to click the "OK" button.
For the Windows 7 system, everything is done in the same way, although with minor differences.
"Start" - "Control Panel" - "Network and Internet" - "Network and Sharing Center" - then in the left column select " Change adapter settings". Then select the network connection and right-click. Select " Properties" - "Internet Protocol Version 4 (TCP/IPv4)" and/or " Internet Protocol Version 6 (TCP/IPv6)" - Further " Properties". The " tab will appear. Are common", where the required fields with addresses will be shown.
You need to check the settings of all network connections. If you did everything correctly, Internet access will appear again. But for final victory, you should conduct a full antivirus scan. This is what Dr.Web anti-virus found when scanning an infected netbook.
The source of the infection turned out to be a RAR archive with an abstract that was downloaded from one of the sites. After unpacking the archive, the computer was infected with the blocker. The antivirus recognized it as Trojan.Hosts.6838.
About where to get a free and high-quality antivirus
There is one particularly dangerous and unpleasant type. This is the so-called “SMS virus” or a virus that blocks the Internet. Currently, it is difficult to find a user who has never encountered it and has not suffered from the consequences. By the way, newcomers to the World Wide Web encounter this threat much more often. First of all, because they do not know how to properly protect a computer from malicious interference. They visit dangerous pages from a computer that does not have a proper firewall and antivirus. As a result, a malicious program penetrates the system. The virus blocks the Internet, and sometimes even access to the computer itself.
Features and appearance of the pest
Typically, the result of the action is a banner that covers most of the screen. Although their content differs in detail, in essence, it comes down to one single goal: to force the user to send a message to the number indicated below. Its presence is a distinctive feature of this type of malware. Moreover, other functions of the browser/computer become unavailable for the duration of the banner’s validity. The combination to call the task manager, which often helped in the past, will not help here. The developers of the virus have foreseen a lot.
To make it as difficult as possible to treat your computer from such a scourge, the virus blocks access to the Internet. Antivirus programs do not start; often even loading the OS in safe mode does not help. The only salvation is scanning your computer with an antivirus from an external drive. But this method also often fails. So what should users do if a virus blocks the Internet? Despite the complexity of the task, there are still several effective options for combating malicious banners.
A little about prevention
Any computer user should know that it is much easier to prevent trouble than to guess how to get rid of it. Therefore, as a precaution and common sense, it is not recommended to download obscure programs from unknown manufacturers. The virus can hide under anything. Serials, cracks for games, hacked software. Drivers, codecs - on sites where you can’t watch the video. Or the video itself with a strange extension such as “.avi.exe”. Which in itself does not bode well, as it potentially looks like a virus. The irony is that users download the future banner voluntarily, mistaking it for a useful file. That is why such programs are called Trojan horses.
Virus blocks the Internet: treatment
It makes changes to the operating system registry. As a result, the operation and protective functions of Windows are disrupted. The malware is saved as a separate file, usually in user directories. You can try typing the key combination win+U on your keyboard and select Magnifier. Then it will be possible to go to the official website, thus gaining access to the Internet. If it doesn’t help, then there is also the well-known five-time shift press to enable the sticky keys function. The window that opens will contain a link to the same special features, and then a magnifying glass.
If in this way the user managed to gain access to the World Wide Web, all that remains is to go to the website of one of the manufacturers of anti-virus programs. On the page of any major developer there is always information dedicated to malicious banners (take Kaspersky or Nod, for example). It describes ways to get rid of the problem - usually an unlock code that should be entered in the window.
What to do if the virus is still blocking the Internet, but the above did not help? You need to try to get to the registry. The fastest way to do this is to launch the Task Manager. If it is blocked, pressing ctrl+alt+del on your keyboard will help. If you hold them down long enough, you will see a manager flash on the screen. To start working in it, you will need another person holding these buttons. Next, you will need to go to the running processes tab and try to find the virus there. Then complete everything. But the malicious program will still run the next time you turn on the computer.
To permanently block the Internet, the user must restore the changes he made to the registry. In the File section, create a new task and type the regedit command. HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/Current Version/Winlogon/ - the branch you need to reach. There will be several titles in the window on the right. Among them is the Shell parameter. Having launched it, we check the content. Everything here is extremely simple, since the only entry should be “explorer.exe”. The rest must be removed without fail. In addition to the above parameter, it is recommended to check Userinit. This parameter should not contain anything extra after “userinit.exe”.
Good afternoon. In the vast expanse of the Internet, users find a lot of valuable information for themselves. But along with valuable information, unpleasant things await us there, such as computer viruses, worms, SMS banners, Trojans.
I have already touched on the topic of computer security more than once, for example, in my articles: - “”, “”, “?”.
In this article I continue this topic. Now we will consider the question: - How to unblock the ransomware virus? This is a very relevant topic, especially over the past 10 years.
I quite often met people who encountered this problem, and I myself encountered the so-called MVD virus. The essence of the problem is simple. The user is walking on the Internet, accesses one of the resources, and a banner appears on his desktop that blocks the computer and informs that the person has violated such and such a law and must be held accountable in the form of a fine (the banner may also contain an image of an erotic nature).
Or the computer is simply blocked, a threatening website page opens with the symbols of the authorities (coat of arms, flag, inscription of the Ministry of Internal Affairs) and a violation of the law is also reported and punished by a fine. At the same time, the fine must be paid by sending an SMS to a specific number, then the blocking will be lifted.
The inscription may be different, but the essence does not change. You will get rid of the blocking if you transfer money to your phone number.
In such situations, you should not transfer any money anywhere. Stay cool and reasonable. In this situation, I will give three tips on how to unblock the ransomware virus. Two system ones, using the command line, and one using third-party software.
How to unblock ransomware virus command rstrui
This is one of the simplest methods. No special knowledge is needed.
a) turn off the computer.
b) immediately after turning on, press the F8 key to enter safe mode with command line support.
c) when the system boots, open the command line through “Start” (for Windows 8, the combination Win + R).
d) in this line enter the following inscription: rstrui
14.04.2016
Currently, there are a huge number of viruses, fortunately, modern anti-virus software can cope with most “pests”. Conventionally, viruses can be divided into several groups, but the most common are spyware, adware and Trojans, which include ransomware viruses. It is the latter that will be discussed in this article. 
Recognize the computer infected with ransomware virus quite simple. An image of a business, pornographic or other nature appears and hangs on the screen. In this case, the computer either does not respond to commands at all, or responds, but the picture occupies almost the entire visible area. This is our client - Trojan familyWinlock or, to put it simply, .
The banner located on the screen has the following content: “ Your computer is locked, send money to your account or paid SMS.” After this, the banner along with the computer lock promises to disappear. Also in the picture there is a field in which you should enter the code that you will supposedly receive after payment. Don't panic and rush to part with your money. We'll tell you.
The virus in question has several varieties, depending on the generation. Older ones can be neutralized with a couple of mouse clicks. Others will require much more serious preparation. Don’t worry, we will provide all the options for getting out of such a difficult situation, which will definitely help you remove any such Trojan.
Method #1 – Task Manager
This method will help in the fight against old, primitive Trojans. Call the task manager ( Ctrl+Sshift+Esc on Windows 10 or Ctrl+Alt+Del on older versions of Windows). If the dispatcher starts, try to find a suspicious item in the list of processes. Complete this process.
If the manager does not start, try starting the process manager (keys Win+ R). Enter the command “ notepad" in field " Open" After this, Notepad should open. Type arbitrary characters in the window that opens and briefly (sharply) press the power button on your PC or laptop. All processes along with the Trojan should terminate automatically. The computer will remain on.
Now is the time to delete all infected files. You need to find them and delete them or scan the disks .
Let's assume that, by an absurd accident, you did not install an antivirus on your computer in advance. What should I do? Offspring Winlock usually get into temporary files, including browser files. Try checking the following paths:
C:\Users\username folder\App Data \ Roaming \
C:\ Documents and Settings \directory with username\
Find " ms.exe" or other suspicious files, for example, with an arbitrary combination of characters like " 89sdfh2398.exe" or " hgb.hd.exe" Remove them.
Method #2 – Safe Mode
The first method failed and you still don't understand how to unlock your computer from ransomware virus? There's no need to get upset. Our Trojan is just more advanced. He replaced system components and blocked the launch of the task manager.
To resolve the problem, restart your computer by holding down the F8 key while starting the system. From the displayed menu, select " Safe Mode with Command Line Support».
Then type “ explorer” in the console and click Enter. This manipulation will launch the conductor. We write down the word “ regedit” in the command line, press again Enter. After which the registry editor will launch. Here you will find the place where the virus autoruns from, as well as the records it created.
Look for ransomware virus components in keys Userinit And Shell. In the first it is easy to find by comma, in Shell it is written as explorer. exe. Let's copy the full name of the dangerous file we found to the clipboard using the right mouse button. We write “ del” in the command line, followed by a space, and then paste the name copied earlier. Click Enter and enjoy the results of your manipulations. Now you know how to unlock your computer from ransomware virus. We perform this operation with all suspicious files.
Method #3 – System Restore
After the manipulations have been completed, you must log in again using the method described in method No. 2. Write the following on the command line: “ C:\WINDOWS\system32\ Restore \rstrui.exe ” or in modern versions the laconic “ rstrui”, then press Enter. The window “ System Restore”.
You should select a date that precedes the appearance of the virus. This date is called the restore point. This could be a year or just a day earlier than the unfortunate date when your PC was attacked by a virus. In other words, choose a date in which your computer was healthy and 100% clean. This completes the unlocking.
Method #4 – Rescue Disk
To use this method, you need to download the necessary software in advance, use a second computer, or visit a friend for this purpose. Software for system recovery and treatment is usually built into antivirus programs. However, they can be downloaded for free, separately, without registration.
That's all, now you know how to unlock your computer from ransomware virus. Be careful from now on.