How to unlock laptop from ransomware virus. How to unlock a computer or laptop from the virus "Ministry of Internal Affairs. Powerful professional way.

At the present time, with the modern development of technology and high data transfer rates, users personal computers, laptops, tablets and smartphones very often (even with anti-virus protection installed) they catch some kind of virus. Now hackers are very popular with programs that infect a device, while blocking access to it with a banner on the desktop. How to unlock the computer in this case? How to return access to it?

Unlocking with System Restore

An example of a ransom screen. The conclusion of the attack on the prefecture of Brazil. It is worth noting that the hacker does not guarantee that he will even unlock the victim's files. In some cases, as Fabio Assolini explains, even the hacker himself cannot decipher the malware. There is a growing number of amateur criminals in the market. During the creation of the virus, the hacker himself would exclude the key that opened the system files. First, due to the lack of a guarantee. Secondly, nothing prevents the criminal from attacking the same victim twice.

What banners exist?

The most common are the following: Internet access is blocked, Windows is blocked, the rules for using the Internet are violated, your account has been hacked and now spam is being sent from it, and so on. The owner of the computer is offered assistance in solving the problem. For this, he is asked to send only one SMS to a short number. By doing this, you will lose at least 250-300 rubles. And, accordingly, the banner in almost all cases does not go anywhere.

Third, paying to rescue files is the attitude that saves ransom attacks, after all, it is proof that the system works and hackers have billed this illegal practice. Mobile devices also do not avoid redemption. The virus locks the smartphone's screen and then opens a window explaining that in order to unlock the device's files, the victim must contact the hacker to close the agreement through the malware's own messaging service. In this case, the virus encrypted the website, leaving all content on the air.

Basic ways to solve the problem

What to do? How to unlock a computer from a virus and continue to use your device? Exists various ways salvation. The main ones are:

Recovery operating system.
Removing a virus program from OS startup.
Application of special unlock codes from Dr.Web and Kaspersky sites.
Engaging antivirus.

It must be remembered that there is no universal way to unlock a computer from a virus. Each of the above applies only to a specific situation. Now let's dwell on this for a bit.

Since the attacks are still of a recent nature, the method of infection is still unclear. In addition to the growth in the number of platforms and means of infection, the virus has also spread geographically, reaching countries with lower financial strength, including Brazil, which was the fourth largest victim of this kind of attack in "Formerly, ransomware attacks on developed countries, but due to the ease of cybercriminals began to strive for economic small countries,” says Fabio Assolini from Kaspersky.

The rise in ransomware attacks has also spawned a market that goes beyond direct file capture and therefore further increases the number of attacks. With all these ransomware and other digital threats, getting complete protection becomes more difficult, but some methods will help you avoid viruses that can completely lock your computer.

Solving a problem via the Internet

This option is good for someone who has access to the network or who has a connection with someone who is ready to help. The official websites of Kaspersky and Doctor Web have codes that can unlock your device. If they were not there, we go the other way.

Removing the banner from autoload

If the user has a vulnerable system, there is a possibility of an attack. However, since this type of attack is money related, the bigger the fish, the bigger the banquet, which ends up making businesses, hospitals, and prefectures the most frequent victims of ransom. Since email is still the main vehicle used for ransomware infections, never open email from dubious or unknown sources. No room for security curiosity, if you receive an email from someone you don't know, think of it like a normal email.

How to unlock the computer in this way? This path is very simple. The device needs to be loaded into safe mode. To do this, when loading it, press F8. We will see a menu with options. Windows boot. We select the required one. Then one of two things: the banner has not gone away or the system will boot without a virus. In the latter case, click "Start" and enter msconfig in command line. We go to autoload, uncheck suspicious items there and restart the PC.

Simple horses - simple measures

Never open emails from dubious or unknown sources. In the case of enterprises, attacks most often occur on low-security servers and remote services. Therefore, investing in a comprehensive antivirus or security system is a good idea and a big headache is prevented.

It is also recommended that general and business users keep backup copies of their key files on external drives storage or cloud services. It should be noted again that being a victim of a ransom, it is not recommended to pay a ransom for files. It is always good to remember that we are dealing with criminals and in this type of attack, all power is in the hands of the hacker and nothing prevents the attacker from simply taking the money and not releasing the encrypted computer.

Legacy unlock method

Powerful professional way

If all of the above does not help solve the issue of how to unlock the computer, we will fight the banner with the help of an antivirus. If it is possible to access the desktop in safe mode, then we use Kaspersky's Removal-tool or Doctor Web's Cureit, the most famous of all. In the absence of such an opportunity, we use LiveCD - a special boot disk, which downloads the antivirus without any problems and removes the banner. To do this, we write its image to a USB flash drive or blank, then to a computer, after which we scan the system for viruses. This option can be difficult for the average user to use, so it is recommended to turn to professionals. So we figured out how to unlock the computer.

Is Brazil ready for a wave of buyouts? According to Norton's cybersecurity prediction, ransomware will represent the digital crime that will be most widely used in Brazil over the next few years. But are we ready for this situation?

As already mentioned, one of the targets of extortion attacks in Brazil is the prefecture, which is very worrisome. Since it involves the theft of information and corresponding amounts of money, the use of extortion is considered the crime of extortion. According to Nelson Barbosa, a security expert at Norton and a law student, the country's legislation must continue to undergo an evolutionary process to include digital crime. “Some capitals already have virtual police stations, but it will still take some time to become cybercrime in court and be tried.”

As a rule, this is a Trojan from the Winlock family. It is easy to determine it: if an image of a pornographic or, conversely, business character appears on the screen, and at the same time the computer stops responding to commands, this is our client.

At the same time, the banner often contains the message “Your computer is blocked” and an offer to send a paid SMS or deposit money to the specified account - supposedly only after that the harmful banner (and with it the PC blocking) will disappear. The image even has a field where you need to enter a special code that should come after the above requirements are met. The principle of operation of such malicious elements is reduced to the substitution of Shell parameters in the shell of the operating system and the leveling of Windows Explorer functions.

Currently needed backup copy your key files. Another problem that authorities face when it comes to finding a criminal is geography: attacks are sent from other countries by advanced means, and when the repayment is paid in bitcoin, finding cybercriminals is very unlikely. Fabio Assolini, explains that there is cooperation between internet security companies and the police. While the police act on national level, The Internet is quite globalized, which does not prevent hackers from launching an attack from Europe to reach Brazil.

There are several generations of ransomware viruses. Some of them are neutralized in a couple of clicks, others require more serious manipulations. We will give methods by which you can deal with any Trojan of this kind.

Method number 1

Task Manager

This method will work against primitive trojans. Try calling the regular task manager (key combination CTRL+ALT+DEL or CTRL+SHIFT+ESC). If this succeeds, find in the list of processes what should not be running, and end it.

Law enforcement experts and law enforcement often cooperate, Arrests of cybercriminals are enforced. In this scenario of increasing cybercrime and little preparation of important organs of society, all we simple Internet users can do is stay prepared and never open e-mails from the Ukrainian lottery.

Why are some computers blocked?

When a locked computer tries to browse the Internet, a message will appear on the browser screen saying that the machine is locked, possible reasons lock and number contact phone. The user must contact their network manager. Because they exhibit abnormal behavior. Contaminated computers, most often, have behavior that can be detected through the network. When this happens, the security team blocks it to alert the user to take urgent action.

If the dispatcher is not called, you can still use the process manager via the Win + R keys. In the "Open" field, enter the word "notepad" and press ENTER, - thus, you will open the Notepad application. In the application window that opens, type arbitrary characters and briefly press the on / off button on your laptop or desktop PC. All processes, including the Trojan, will immediately end, but the computer will not turn off. While the virus is deactivated, you can find files related to it and eliminate them or perform an antivirus scan.

How do I know if my computer is locked?

When a user does not take action or tries to bypass the blockade, not only the security of your computer, but the entire network of the University is at risk.

Who does the unlocking of computers

In total, the company collected more than 200,000 samples of this type of malware during this period.

This is almost three times more than the number of samples collected during the same period last year. By clicking on the ad, the user drops a virus onto their computer without knowing it. After receiving the program starts in background, locks the computer functions and displays a warning image to intimidate the user. With the rapidity, this type of attack has gained more urgency among cybercriminals. Check out the gallery below for some of the ransoms found by the researchers.

If you haven't had time to install antivirus software, you may ask: how can I remove ransomware from my computer? In most cases, the offspring of the evil Winlock family sneak into the directories of some temporary files or browser temporary files. First of all, check the paths:

C:\Documents and Settings\directory where the username is specified\and

In Europe, cybercriminals typically demand between €50 and €100 during extortion attempts. In general, cybercrime sets a deadline for payment, which usually takes place over the Internet. However, it often happens that even after payment, the user cannot unlock the computer - only after removing malware from the computer.

According to Lau, in early ransomware reports, cybercriminals used simple messages demanding money in exchange for unlocking a computer. Nowadays, however, cybercriminals have begun to create country-specific recession as well as content that threatens users based on the possible crimes they have committed.

C:\Users\username directory\AppData\Roaming\.

There look for "ms.exe" as well suspicious files with a random character set like "0.277949.exe" or "Hhcqcx.exe" and delete them.

Method number 2

Removing virus files in safe mode

If the first method did not work and Windows is blocked - what to do in this case? There is no need to worry here either. This means that we have encountered an advanced Trojan that replaces system components and blocks the launch of the Task Manager.

To make a payment, the user goes to another page where they need to provide a credit card. Although Brazil has not yet been targeted by cybercriminals who hijack computers for quick profits, Internet users can take some precautions to prevent such viruses from infecting a computer.

Don't click on ads on sites you don't trust. Install programs and applications developed by trusted companies. Get an antivirus and keep it up to date. Often he does not even realize that he did it. Nothing happens for a while, but suddenly you get a message that your files have been encrypted by a Trojan and will have to pay a ransom to release them. After the initial shock, try verifying the story to make sure it's not a joke: all files are locked and cannot be accessed.

In this case, we will have to choose to work in safe mode. Restart your computer. Hold F8 while starting Windows. Select "Safe Mode with Command Line Support" from the menu that appears.

Further in the console you should write: "explorer" and press ENTER - you will start the explorer. After that, we write the word "regedit" in the command line and again press ENTER. So we will call the registry editor. In it, you can find the entries created by the Trojan, and also the place where its autorun comes from.

In addition to blocking your files, the Trojan also steals personal data and bitcoins. However, we have good news: there is free tool which can save your system. In this section, we will talk about the facts about the Trojan. These threats try to trick you into sending money, believing that your computer is no longer available.

Start your computer in Safe Mode with Networking

From the Advanced Startup Options menu, use the scroll keys to select Safe Mode Online. If you don't want to enable rootkit checking, go to Settings and uncheck Enable rootkit checking. Follow the instructions on the screen to complete the scan.

Select the desktop as the destination and click Save.
Read the license agreement and click "I accept".
When you are prompted to restart your computer, click Restart.

Please note that these messages are not legal.

The paths to the files of the malicious component will most likely be in the Shell and Userinit keys (in the first one it is written explorer.exe, and in "Userinit" it can be easily identified by a comma). Next, the procedure is as follows: copy the full name of the detected virus file right click to the clipboard, on the command line we write "del", after which we put a space and paste the copied name. ENTER - and you're done. Now you know how to remove ransomware.

Messages are created by cybercriminals to steal money from unsuspecting Internet users. Paying the fines required by these browser blocking messages is equivalent to sending money directly to the cybercriminals. As a rule, virtual criminals responsible for creating such scams use the names of various authorities around the world. Virtual criminals have created several different variants of ransomware, and this particular one is called Broulok.

Removing the virus "Your browser is blocked"

If your internet browser is blocked by one of these messages, do not pay the fine. The correct way to deal with this schema is to eliminate it. To close the window containing the fake message, exit your internet browser process. After successfully completing your internet browser, check your computer for possible malware. Download Recommended software to remove malware.

We do the same with other infectious files.

Method number 3

System Restore

We boot the system in safe mode, as described above. In the command line, write: "C:\WINDOWS\system32\Restore\rstrui.exe". Modern versions will understand and just "rstrui". And, of course, ENTER.

The System Restore window will pop up. Here you will need to select a restore point, or rather, the date before the virus hit the PC. It could be yesterday, or it could be a month ago. In short, choose the time when your computer was 100% clean and healthy. That's all unlock windows.

Method number 4.

emergency disk

This method assumes that you have time to download the software from another computer or go to a friend for it. Although, maybe you have prudently acquired it?

Special software for emergency treatment and system recovery is supplied by many developers directly in anti-virus packages. but rescue disk can also be downloaded separately - free of charge and without registration.

You can use ESET NOD32 LiveCD, Comodo Rescue Disk, or . All these applications work on the same principle and can be placed on a CD, DVD, or USB drive. They are automatically loaded along with the integrated OS (most often it is Linux), block Windows startup and, accordingly, malicious elements, scan your computer for viruses, remove dangerous software, and disinfect infected files.

They are automatically loaded along with the integrated OS (most often it is Linux), block the launch of Windows and, accordingly, malicious elements, scan the computer for viruses, remove dangerous software, and cure infected files.

Conclusion:

If you have successfully unlocked Windows and removed the banner from the desktop, do not rush to forget about everything and continue to surf the Internet just as carelessly. Since there is a breach in your security system, hurry up to download the antivirus. We recommend choosing one of the best options for free protection against all types of viruses -, or.