Recently, computers have become infected with the so-called ransomware virus (Trojan.Winlock), to unlock which you are offered to send a paid SMS. In this article you will learn how you can get rid of this virus absolutely free. In situations where antivirus sites do not open, download and run this utility.
1 way. For the case when Windows boots and a banner appears on the screen.
The easiest way to get rid of a virus on your desktop is to go to the website of the antivirus software developer Kaspersky Lab and use the form to obtain an unlock key. A similar operation can be performed by going to the Doctor Web website. After the banner disappears from your desktop, be sure to scan your computer for viruses.
Sequencing:- Go to the Kaspersky Lab website or Doctor Web. and use the unlock key.
2 and the following methods, for cases when the UNLOCK KEY IS NOT SUITABLE.
If a banner appears on the desktop when you turn on your computer, use free utility for treatment of CureIt viruses- Download, or Kaspersky utility Virus Removal Tool Download These cleaning utilities can be run even if you already have another antivirus installed on your computer.
Sequencing:Download and run the CureIt utility - Download, or Kaspersky Virus Removal Tool Download
3 way. For the case when Windows does not boot.
If when you turn on the computer, instead of booting operating system An offer appears on the monitor screen to part with a couple of hundred rubles, boot the computer in safe mode. To do this, restart your computer and constantly press the “F8” key on your keyboard. After a few seconds, you will be asked to select an option to boot into Windows. Select "Safe Mode with Boot" network drivers". Next, we get rid of the virus using one of the methods described above.
Sequencing:- Boot into Safe Mode
- Delete using a key from one of the Kaspersky Lab or Doctor Web sites.
- To restart a computer.
- Scan your computer for viruses.
4 way. For the case when Windows does not boot in safe mode.
In a situation where you need to remove a banner from the desktop, and the operating system does not boot in either normal or safe mode, the best option would be either the second home computer, or a neighbor's computer. If there are any, we do everything as in the “first or second method.” Also, it will not be bad if you have a LiveCD, download LiveCD from Dr.Web, by booting from which you can check your computer for viruses. Almost all antivirus programs with latest updates treat the computer from a banner on the desktop.
Sequencing:- Enter the unlock key using another computer, or by booting from a LiveCD, download LiveCD from Dr.Web, download LiveCD from Kaspersky Lab.
- Scan your computer for viruses.
5 way to remove a banner.
For Windows 7: after pressing the Win + U keys, click on the link “Help with settings” - “Privacy Statement”. Next, go to point 5
- After your computer starts, press the keyboard shortcut button windows icon+U
- Select On-Screen Keyboard and click Launch.
- Click "Help" - "About"
- In the window that appears at the bottom, select “Microsoft Web Site”
- In the address field, write http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
- A file save window will pop up, save to your desktop.
- In the browser, click “File” - “Open” - “Browse” at the top.
- On the left, click "Desktop". At the very bottom “File type” - “All files”
- Find the downloaded program and run it.
- Select Full Scan.
6th way to remove a banner.
If the banner appears before the desktop loads, the screen is locked.
- Press Ctrl+Shift+Esc until the task manager starts blinking.
- Without releasing the Ctrl+Shift+Esc keys, click on the task manager " Cancel task".
- In Task Manager, click " new task" and enter " regedit"
- Go to HKEY_LOCAL_MACHINE /SOFTWARE/MicrosoftWindows NT/CurrentVersion/Winlogon
- Go to the right pane of the Registry Editor and check the two options “ Shell" And " Userinit" The Shell parameter value must be " Explorer.exe". Userinit parameter – " C:\WINDOWS\system32\userinit.exe," (no spaces, always a comma at the end)!
- If the “Shell” and “Userinit” options are ok, find the HKEY_LOCAL_MACHINE /SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options section and expand it. If it contains a subkey explorer.exe, delete it (Click right click mouse => Delete).
- Restart your computer.
- Be sure to check your computer for viruses.
If unsuccessful, repeat this method in safe mode.
If none of the above methods help you, you can contact our company at
Perhaps one of the most unpleasant problems A problem that Windows users have to deal with are banners. A regular reboot will not solve the problem here - after a reboot the banner does not even think of disappearing. And it’s not so bad if it’s ordinary annoying advertising. It’s worse when it’s extortion, seasoned with intimidation under an article of the criminal code that no one actually violated. Newbies are fooled into doing this too, sending money to an unknown wallet. Ignorance plays a cruel joke on them.
What to do if you are one of the lucky ones who received a banner on your computer? Is there a solution to this problem? There is, and more than one. In this article, we will look at not only several ways to remove a banner from a computer, but also look at the reasons for its appearance, so that you do not step on the same rake in the future. Let's start with removal methods.
To remove a banner using this method, follow these instructions:
- Restart your computer.
- While turning it on, press the F8 button to open the startup mode selection menu. You must have time to do this before the operating system boots.
- Select «
Safe mode with command line support." IN this menu The mouse does not work, so use the arrow keys to move between options and the Enter button to select.
- Wait for Windows to load, then open the window «
Run” by pressing the “Win+R” key combination.
- Type "regedit" »
and press «
OK »
.
- Open the folder: "HKEY_LOCAL_MACHINE-SOFTWARE-Microsoft-Windows NT-CurrentVersion-Winlogon" then find the setting called "Shell" and replace its value with "explorer.exe".
- Reboot your PC to confirm the changes. It is done.
Video - removing a banner from your computer
Method number 2. Removal using antivirus
Read detailed review the best antivirus programs in the article -
This method is simpler than the first, as it requires almost no action from you. All you need is installed antivirus. Any will do: Kaspersky, Avast, Dr.Web and others. Now let's move on to the instructions:
Method No. 3. "All in"
The easiest way to solve problems related to the OS is to reinstall it. If you do not have the opportunity to install an antivirus and do not want to delve into the registry, then you can resort to this simple method. But don't forget to follow two simple rules:
So, you have deleted the banner. Now it won’t hurt you to know what you need to do so as not to litter your computer with banners in the future and not to resort to the system manipulations described in the methods above over and over again. Let's look at the reasons and ways to avoid them.
Reasons why a banner appears on a computer
Reason #1. Installing Flash Player
No, do not rush to remove the flash player! This useful program, with which you can watch videos directly in the browser, listen to music and do many other pleasant things. It’s another matter when, under the guise of installing it from a dubious site, malicious software gets onto your computer, clogging it with banners and other obscenities.
In fact in most browsers Flash Player installed initially and there is no need to install it again. You can easily check its availability. To do this, perform the following operations:
Important! If you don’t have a Flash player, then download it from the developer’s website, and under no circumstances let strange pop-up windows do this for you. It is free and publicly available.
Reason #2. Installing pirated software
A lot of people love freebies. They will prefer to download a crack, patch, keygen, etc., which will help them use some program without paying for it. Unfortunately, after activating such software, you will most likely receive a banner as a reward. Therefore, the best option in this case is to show respect to the developers and not skimp on funds. It is better to calmly use licensed software and not waste your time and nerves.
Reason #3. Dangerous sites
Read useful information And best services to check in the article -
The Internet is wonderful because it provides a lot of opportunities. With its help you can receive almost any information, conduct financial operations, whether ordering goods or paying for air tickets, downloading games, programs, books, etc. It would seem, what is the problem? But the problem is that the Internet is replete with a huge number of dubious sites from which it’s easy to pick up a virus (which, in fact, is a banner).
To avoid this, follow these simple rules:
- download software only from the developer’s website. But be careful - there are many “fake sites” that copy the interface of official sites. Pay attention to the page address in address bar. If it contains an extra number or a letter is written incorrectly, leave it immediately;
- don't download executable files(files with the .exe extension), especially if you need to download a picture, music or any other file of a different format. Downloading exe files is the easiest way to ruin your OS;
- don't click on dubious ones advertising banners. There are often cases when Windows users XP and older OSes were caught after such a Winlocker, which completely blocked their access to the system.
Following simple instructions and the rules described in this article, you can easily remove the annoying banner and in the future minimize the risk of rewarding your computer with it again.
Video - How to remove a banner from your desktop
Surely every fourth user personal computer I have encountered various scams on the Internet. One type of deception is a banner that blocks the operation of Windows and requires you to send an SMS to paid number or requires cryptocurrency. Essentially it's just a virus.
To fight banner ransomware, you need to understand what it is and how it penetrates your computer. Typically a banner looks like this:
But there may be all sorts of other variations, but the essence is the same - scammers want to make money from you.
Ways a virus gets into a computer
The first option for “infection” is pirated applications, utilities, and games. Of course, Internet users are accustomed to getting most of what they want online “for free,” but when downloading pirated software, games, various activators, and other things from suspicious sites, we risk becoming infected with viruses. In this situation it usually helps.
Windows may be blocked due to a downloaded file with the extension " .exe" This does not mean that you should refuse to download files with this extension. Just remember that " .exe"may only apply to games and programs. If you download a video, song, document or picture, and its name has “.exe” at the end, then the chance of a ransomware banner appearing increases sharply to 99.999%!
There is another tricky move with the supposed need for updating Flash player a or browser. It may happen that you will work on the Internet, move from page to page, and one day you will find an inscription that “your Flash player is out of date, please update.” If you click on this banner and it does not lead you to the official adobe.com website, then it is 100% a virus. Therefore, check before clicking the “Update” button. The best option such messages will be ignored altogether.
And lastly, outdated Windows updates weaken the system's security. To keep your computer protected, try to install updates on time. This feature can be configured in “Control Panels -> Windows Update” to automatic mode so as not to be distracted.
How to unlock Windows 7/8/10
One of simple options remove the ransomware banner - this is . It helps 100%, but it makes sense to reinstall Windows when you do not have important data on drive “C” that you did not have time to save. When you reinstall the system, all files will be deleted from system disk. Therefore, if you do not want to reinstall software and games, then you can use other methods.
After treatment and successful launch of the system without the ransomware banner, you need to take additional steps, otherwise the virus may resurface, or there will simply be some problems in the operation of the system. All this is at the end of the article. All information has been verified by me personally! So, let's begin!
Kaspersky Rescue Disk + WindowsUnlocker will help us!
We will use a specially developed operating system. The whole difficulty is that you need to download the image on your work computer and or (scroll through the articles, it’s there).
When this is ready, you need. At the moment of startup, a small message will appear, such as “Press any key to boot from CD or DVD.” Here you need to press any button on the keyboard, otherwise the infected Windows will start.
When loading, press any button, then select the language – “Russian”, accept the license agreement using the “1” button and use the launch mode – “Graphic”. After starting the Kaspersky operating system, we do not pay attention to the automatically launched scanner, but go to the “Start” menu and launch “Terminal”
A black window will open, where we write the command:
windowsunlocker
A small menu will open:
Select “Unlock Windows” with the “1” button. The program itself will check and correct everything. Now you can close the window and check the entire computer with the scanner already running. In the window, put a checkmark on the disk with Windows OS and click “Run object scan”
We wait for the check to finish (it can take a long time) and finally reboot.
If you have a laptop without a mouse and the touchpad does not work, then I suggest using the text mode of the Kaspersky disk. In this case, after starting the operating system, you must first close the menu that opens with the “F10” button, then enter the same command in the command line: windowsunlocker
Unlocking in safe mode, without special images
Today, viruses like Winlocker have become smarter and block loading Windows in safe mode, so most likely you won’t succeed, but if there is no image, then try. Viruses are different and can work for everyone different ways, but the principle is the same.
Reboot the computer. During boot, you need to press the F8 key until the menu appears additional options start Windows. We need to use the down arrows to select from the list an item called "Safe Mode with Command Line Support".
This is where we need to go and select the desired line:
Next, if everything goes well, the computer will boot and we will see the desktop. Great! But this does not mean that everything is working now. If you don’t remove the virus and just reboot in normal mode, the banner will pop up again!
We are treated using Windows
You need to restore the system when the blocker banner did not yet exist. Read the article carefully and do everything that is written there. There is a video below the article.
If it doesn’t help, then press the “Win + R” buttons and write the command in the window to open the registry editor:
regedit
If, instead of the desktop, a black command line, then simply enter the command “regedit” and press “Enter”. We have to check some sections of the registry for the presence of viruses, or, to be more precise, malicious code. To start this operation, go to this path:
HKEY_LOCAL_MACHINE\Software\Microsoft\WinNT\CurrentVersion\Winlogon
Now we check the following values in order:
- Shell – “explorer.exe” must be written here, there should be no other options
- Userinit – here the text should be “C:\Windows\system32\userinit.exe,”
If the OS is installed on a different drive other than C:, then the letter there will be different. To change incorrect values, right-click on the line you want to edit and select “edit”:
Then we check:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
There should be no Shell and Userinit keys here at all; if there are, delete them.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
And also be sure to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
If you are not sure whether you need to delete the key, you can simply add a “1” to the parameter first. The path will be incorrect, and the program will simply not start. Then you can return it to how it was.
Now you need to run the built-in system cleaning utility, we do it in the same way as we launched the “regedit” registry editor, but we write:
cleanmgr
Select the drive with the operating system (C: by default) and after scanning, check all the boxes except “Files backup copy update package"
And click “OK”. With this action, we may have disabled the autorun of the virus, and then we need to clean up traces of its presence in the system, and read about this at the end of the article.
AVZ utility
The idea is that in safe mode we will launch the known antivirus utility AVZ. In addition to scanning for viruses, the program has just a lot of functions for fixing system problems. This method repeats the steps to close holes in the system after the virus has worked, incl. To get acquainted with it, move on to the next point.
Fixing problems after removing ransomware
Congratulations! If you are reading this, it means the system started without a banner. Now they need to check the entire system. If you used the Kaspersky rescue disk and checked there, then you can skip this point.
There may also be one more problem associated with the activities of the villain - the virus can encrypt your files. And even after completely deleting it, you simply will not be able to use your files. To decrypt them you need to use programs from the Kaspersky website: XoristDecryptor and RectorDecryptor. There are also instructions for use there.
But that's not all, because... Winlocker has most likely played a dirty trick on the system, and various glitches and problems will be observed. For example, the Registry Editor and Task Manager will not start. To treat the system we will use the AVZ program.
When booting from using Google Chrome may have a problem because... This browser considers the program malicious and does not allow you to download it! This question has already been raised on the official Google forum, and at the time of writing this article everything it's already normal.
To still download the archive with the program, you need to go to “Downloads” and there click “Download malicious file” :) Yes, I understand that it looks a little stupid, but apparently Chrome thinks that the program can cause harm to the average user. And this is true if you poke it anywhere! Therefore, we strictly follow the instructions!
We unpack the archive with the program, write it to external media and run it on the infected computer. Let's go to the menu "File -> System Restore", check the boxes as in the picture and perform the operations:
Now we follow the following path: "File -> Troubleshooting Wizard", then go to “System problems -> All problems” and click on the “Start” button. The program will scan the system, and then in the window that appears, check all the boxes except “Disable operating system updates in automatic mode” and those that begin with the phrase “Autostart is allowed from...”.
Click on the “Fix noted problems” button. After successful completion, go to: “Browser settings and tweaks -> All problems”, here we check all the boxes and click on the “Fix marked problems” button in the same way.
We do the same with “Privacy”, but here do not check the boxes that are responsible for clearing bookmarks in browsers and whatever else you think is necessary. We complete the check in the “System Cleaning” and “Adware/Toolbar/Browser Hijacker Removal” sections.
Finally, close the window without leaving the AVZ. In the program we find “Tools -> Explorer Extension Editor” and uncheck those items that are marked in black. Now let's move on to: “Service -> Extension Manager Internet Explorer» and completely erase all the lines in the window that appears.
I have already said above that this section of the article is also one of the ways to cure Windows from banner ransomware. So, in this case, you need to download the program on your work computer and then write it to a flash drive or disk. We carry out all actions in a safe mode. But there is another option to launch AVZ, even if safe mode is not working. You need to start from the same menu when the system boots, in the “Troubleshoot your computer” mode
If you have it installed, it will be displayed at the very top of the menu. If it’s not there, then try starting Windows until the banner appears and unplugging the computer. Then turn it on - a new launch mode may be offered.
Running from the Windows installation disc
Another surefire way is to boot from any installation Windows disk 7-10 and select there not “Install”, but "System Restore". When the troubleshooter is running:
- You need to select “Command Line” there
- In the black window that appears, write: “notepad”, i.e. launch a regular notepad. We will use it as a mini conductor
- Go to the menu “File -> Open”, select the file type “All files”
- Next, find the folder with the AVZ program, right-click on the file to be launched “avz.exe” and launch the utility using the “Open” menu item (not the “Select” item!).
If all else fails
Refers to cases when, for some reason, you cannot boot from a flash drive with a recorded Kaspersky image or the AVZ program. All you have to do is remove the hard drive from your computer and connect it as a second drive to your work computer. Then boot from UNINFECTED hard drive and scan YOUR disk with a Kaspersky scanner.
Never send SMS messages that scammers ask for. Whatever the text, do not send messages! Try to avoid suspicious sites and files, and generally read. Follow the instructions, and then your computer will be safe. And don’t forget about antivirus and regular operating system updates!
Here is a video where you can see everything with an example. The playlist consists of three lessons:
PS: which method helped you? Write about it in the comments below.
Hello, friends! In this article we will look at ways to remove banner from desktop. This can happen not only due to visiting sites with erotic content, but also when using cracks or keygens downloaded from unknown sources. Therefore, try to download software only from manufacturers' websites. If you receive a suspicious file, do not be lazy and check it for viruses online. Typically, such banners are called extortionists, as they demand money from the user. This can be like sending an SMS to a short number or topping up your account in the system electronic payments. Fraudsters usually write on such banners that the user has violated the law, for which they are required to pay a fine. In this article we will tell you how to unblock your computer from such banners.
These services are easy to use, but there are no guarantees. You can spend a lot of time but still not unlock the system. But you definitely need to try it.
To use, you need a device (another computer, tablet or phone) with Internet access. Go to any of the listed addresses. Let's take Kaspersky for example.
In a special field you must enter the phone number or account to which you want to transfer money. If you are asked to send an SMS to a short number, then write down this number and the text that needs to be sent, separated by a colon. Afterwards, press to get the code
The search results will appear below. Choose your banner and try the codes against it.
If you haven’t found your banner, try on the Dr.Web or Eset website. If this method did not help remove the banner from your desktop, read on.
Using System Restore
This option is good if you have this function enabled. If System Restore was disabled, proceed to the next step.
In order to remove the banner from the desktop using system restore- restart the computer and click on boot F8 repeatedly. If a list of devices from which booting is possible appears, select your drive (hard drive or SSD) and continue pressing F8 again. You should see a similar picture below. You need to select the item System Troubleshooting highlighted by default
A window will load where you need to select a language, then a user. Next there will be a window with a choice of several recovery options. Choose System Restore. Then select a restore point and return the computer to that point in time. First, take the nearest restore point; if that doesn’t help, restore to an earlier one.
You can read more about how to use System Restore.
Removing the banner from safe mode
By checking Dr.Web Cureit or analogues
There are banners that are not active in safe mode. You need to take advantage of this. To prepare for treatment it is necessary to healthy computer download the Dr.Web Cureit utility by opening the following link in your browser.
To remove a banner from your desktop by cleaning the registry, you need to check several points in the registry.
On the left side of the window go to the address
HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Run
Go to the right side and delete all items except one (Default) for which the value is not assigned. Right-click on the item and select Delete. With this action we will remove the banner from Windows startup. (How to manage Windows startup 7 and Windows 8 when the computer is in working order you can read.)
All the above steps must also be performed in the section
HKEY_LOCAL_MACHINE -> Software -> Microsoft -> Windows -> CurrentVersion -> Run
There are two more places left to check
HKEY_CURRENT_USER -> Software -> Microsoft -> Windows NT -> CurrentVersion -> Winlogon
In this we check the absence of points Shell And Userinit. If they are there, delete them.
HKEY_LOCAL_MACHINE -> Software -> Microsoft -> Windows NT -> CurrentVersion -> Winlogon
check the values of the above points
Shell = explorer.exe
Userinir = C:\Windows\system32\userinit.exe, (comma required)
If the values are different, we correct them to the correct ones.
Close the registry editor and, to be on the safe side, check the computer with the Dr.Web Cureit utility or an analogue if you did not check it before editing the registry.
After checking, reboot in normal mode and check whether the banner is removed.
Using Kaspersky WindowsUnlocker to remove a banner from the desktop
Using this utility, you can disinfect all operating systems installed on your computer. It does automatically what we did manually in the previous paragraph. This utility included in Kaspersky Rescue Disk.
You can download the Kaspersky Rescue Disk image from the official website here
To register at USB device It’s better to use the utility from the manufacturer
In the program window using the button Review specify the path to the Kaspersky Rescue Disk image. You insert the USB drive into the computer and it immediately appears in the appropriate section. If this does not happen, select it manually.
Attention! Save all important data from your USB drive.
After all the settings, press the button START
The image will be written to the USB drive. If the process completes successfully you will see the following window. Click OK and close the rescue2usb program
Now you need to boot from the prepared USB storage on an infected computer. To do this, insert the USB flash drive into the computer and reboot. When you boot your computer, press F8 several times to call up a list of devices from which it can boot. Select the connected USB drive. (There may be two inscriptions in this list suggesting booting from USB. Try one first, then the other). If you can’t boot from a flash drive, you need to set boot from a USB drive in the BIOS. You can read how to do this.
After all the settings, it will boot from the USB drive and you will see the following window. Any key must be pressed within 10 seconds
Select the required language using the arrows on the keyboard
You must accept the license by pressing button 1 on the keyboard
Select the Kaspersky Rescue Disk download mode. If you don't have a mouse, choose text. In all other cases, select graphics mode
In the terminal we type windowsunlocker and press Enter
If you have selected text mode, then press F10 close the menu that appears and type windowsunlocker in the line below file manager. Click Enter
For that to remove the banner from the desktop press 1
After all the manipulations, you must press 0 - Exit.
After unlocking the operating system, you need to update the Kaspersky Rescue Disk databases and perform a full scan of your computer. To do this, open the main menu and select Kaspersky Rescue Disk. Go to the update tab and click Perform update. In this case, the Internet must be connected to the computer
Go to the tab Checking objects and select all objects in field 2 with checkboxes. Click Perform object check
Wait until the scan is completed and delete or cure the found ones. malicious files. Afterwards, reboot in normal mode and check whether the banner is removed from the desktop.
Fixing the boot record
If the virus loads immediately when you turn on the computer before the operating system logo appears, then this infection has changed the boot record of your drive.
You need to log into the console Windows recovery and try to restore the boot record.
To open the recovery console, you must press the key at boot F8 as when choosing safe mode. When a window appears with a choice of download options. The item selected by default will appear at the very top - System Troubleshooting. Select this item by clicking Enter
Afterwards, a window for selecting a user and entering a password will appear. Select a user and enter a password if you have one and click Further
A window will then appear with system recovery options. There you can choose to restore the computer from an image (which is done by backing up data in Windows) or perform a system restore (if it is enabled. See point 3 of this article) and much more. You choose last point Command line.
You type in it BOOTREC.EXE /FixBoot
Then reboot and check whether the banner has been removed from the desktop.
Checking the drive on a healthy computer
If you have the opportunity to check your drive on another computer, do so.
Turn off your computer. Disconnect the hard drive. With it turned off, connect it to another computer. Boot up. Update antivirus databases and check the connected disk for viruses. I like this option the most because it is possible. If it is not there, use the options described above.
I hope it doesn’t come to a reinstallation and some of the points described above will help you.
Conclusion
In this article how to remove banner from desktop we looked at a lot of ways to successfully unlock the operating system. The main thing we need to understand is that there is no need to send any SMS or top up any accounts.
Of course, it’s worth starting the unlocking process by using the services provided by large antivirus companies. Such services are described in the first part of this article. The next best thing to do is to restore the system one, two or three times back. In general, the system recovery service can be of great help in critical situations. I highly recommend turning it on and allocating several gigabytes for it in the settings. If recovery fails, then proceed to treatment in safe mode. Unless, of course, the virus blocks everything there with its banner.
If safe mode does not work, then Kaspersky WindowsUnlocker as part of Kaspersky Rescue Disk is an excellent solution. If possible, you can and should check your drive on the healthy machine of your relative, friend or neighbor. Don't worry, the virus won't jump to another computer. If the virus is registered in the boot record, then try through the recovery console. If all else fails (which is unlikely), then it is better to reinstall the operating system.
Video on how to unlock a computer from a banner
Often, users become victims of viruses that seriously interfere with working in Windows. A striking example is blocking the desktop using a banner. This happens if you haven't taken care of protecting your computer. You cannot perform any actions, the OS is locked, and the screen says something like “You have broken the law. Top up such and such a mobile number, otherwise you will lose all your data.” This article describes how to remove such a banner from the desktop of your computer. 
Please understand that this is a scam. You didn’t violate anything; there are no provisions in the law regarding blocking users’ desktops. Under no circumstances follow the lead of scammers and do not send them your money.
Most likely, this will not even help - unlocking using a code is unlikely to help get rid of the virus, and the banner will remain on the computer.
Often, to get rid of such problems, it is recommended to simply reinstall the operating system. Of course, delete and repeat Windows installation will definitely help. But this is a long way. Don't forget that you still need to install everything necessary drivers and programs.
This article discusses simpler and faster ways to get rid of ransomware banners.
Starting in Safe Mode
If you find that when Windows startup a banner pops up blocking all computer functions, you need to start the operating system in diagnostic mode. To do this, follow the instructions provided:
This will take you to the diagnostic Windows mode. If you succeeded and the banner is not here, move on to the next part of the guide. If there is a lock in this mode, you will need to start the PC using LiveCD (described below).
Typically, a banner virus modifies some entries in the registry, which leads to a faulty Windows work. Your task is to find all these changes and eliminate them.
Editing the Registry
Open the Run dialog using the Win + R key combination. In the window that opens, enter the command “regedit” and press Enter. You will be taken to the editor Windows registry. Follow the instructions carefully so you don't miss anything. 
Using the directory on the left side of the program window, users need to open the following directories:
· HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Run
Here you need to find the entry responsible for autorunning your banner when the system starts. Next, it should be removed. Right-click on the entry and select the “Delete” option in the opened context menu. Feel free to delete anything suspicious; it will not affect the operation of your system in any way. If you delete something unnecessary, such as Skype autostart, you can get everything back. 
· HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon
In this folder you need to find a parameter called “Shell” and assign it the value “explorer.exe”. Next, find the “Userinit” entry and give it a value "C:\Windows\system32\userinit.exe". To edit entries, simply double-click on them. 
· HKEY_CURRENT_USER/Software/Microsoft/Windows NT/CurrentVersion/Winlogon
Also look for the "Userinit" and "Shell" options. Write down their meanings somewhere - these are the paths to your banner. Delete both entries. They shouldn't be in this directory.
Prevention
Once you have managed to remove all unnecessary entries from the Windows registry, you can close the editor and restart your computer. The system should start without any problems.
Now you need to remove the “tails” that are left from the malicious script. Open Windows Explorer (My Computer). Find the files that were referenced by the "incorrect" Shell and Userinit parameters and delete them.
After this, it is very important to scan the system using antivirus program. Preferably with the deepest scan available in your antivirus. If you do not have any system protection, download and install immediately. For example, you can use free program from Microsoft - Security Essentials. You can download it from this link - https://www.microsoft.com/ru-ru/download/details.aspx?id=5201.
The following guide describes how to remove the banner if it opens even while starting Windows Safe Mode.
Creating a Live CD from Kaspersky
If you are unable to remove the banner through safe mode, you should use a LiveCD. This is a special mini-OS that is recorded on a disk or flash drive. With it, you can boot up and edit a damaged registry or run an automatic troubleshooting utility.
For example, you can use free service from Kaspersky Lab. To do this you need to create bootable USB flash drive or a disk on another, working computer:
Unlocking via Kaspersky Live CD
To remove the effects of virus infection, you will need to do the following:
Installation disk
You can also use installation disk from your operating system to get rid of the consequences of virus infection. This has to be resorted to when the banner appears immediately after sound signal BIOS, and you do not have the opportunity to use other means.
Insert the installation disk or bootable USB flash drive with an image of your system and restart the PC. Call Boot Menu and select download from external media. If necessary, press any key on the keyboard. Next, removing the consequences of a virus attack is described using Windows 7 as an example.
Select the interface language and click “Next”. At the bottom of the screen, click on the hyperlink "System Restore". A new window will open in which you will need to select "Command line". 
In the console that opens, enter the command “bootrec.exe /FixMbr” and press Enter. After that, enter another command - “bootrec.exe /FixBoot” and press Enter again. Also enter the line “bcdboot.exe c:\windows” (If the system is installed on a different drive, you need to specify it). Reboot your PC and the problem will be solved.