Home Malware Programs Ransomware Windows Blocked ransomware

Windows Blocked ransomware

Posted: September 15, 2011

Windows заблокирован! Ransomware is a Russian ransomware Trojan that locks up your PC into a Windows installation/repair screen and requests that you pay a fee in Ukrainian currency to release Windows from Windows заблокирован! Ransomware's clutches. Paying this fine is unnecessary, since Windows заблокирован! Ransomware isn't capable of making additional attacks on your PC, if you refuse to fund Windows заблокирован! Ransomware's criminal behavior, and Windows заблокирован! Ransomware is neither a legitimate aspect of Windows nor a message from any law-abiding agency. SpywareRemove.com malware researchers recommend the same solution to Windows заблокирован! Ransomware that works for similar types of ransomware Trojans – rebooting into Safe Mode and using a good anti-malware program to delete Windows заблокирован! Ransomware in a system scan.

Windows заблокирован! Ransomware's Initial Hook

Most Windows заблокирован! Ransomware infections are likely to occur after you've been exposed to hostile websites; for Windows заблокирован! Ransomware's purposes, fake pornographic websites are especially convenient hosts. Avoid downloading software updates or interacting with risky advertisements while visiting websites that you don't trust.

After Windows заблокирован! Ransomware sneaks onto your PC (usually in the form of a fake movie player update), Windows заблокирован! Ransomware will lock up your computer and disable all significant actions, including the use of various security programs. Although the screen that Windows заблокирован! Ransomware locks you into is one that looks very similar to a Windows setup screen, Windows заблокирован! Ransomware has no affiliation with Microsoft or any other type of legitimate company.

This screen presents the following message (with a rough translation provided below for convenience):

Windows заблокирован!

Microsoft Security обнаружил нарушения использования сети интернет.
Причина: просмотр нелицензионного гей и детского порно.

Windows is blocked!

Microsoft Security has detected infringement of Internet network usage.
The reason: viewing illegal homosexual and pedophile pornography.

Windows заблокирован! Ransomware follows up this error by instructing you to transfer 200 Hryvnia (a Ukrainian currency) by using the WebMoney money-transferral service. Although Windows заблокирован! Ransomware claims that this will free your computer, there's no reason to follow Windows заблокирован! Ransomware's suggestions, since Windows заблокирован! Ransomware isn't a message from genuine law enforcement and can be unlocked in ways that don't cost you money.

The Magic Key to Unlock Windows заблокирован! Ransomware

Like many other ransomware Trojans, such as Trojan.Ransomlock.H, Trojan.Ransom Fake Federal German Police (BKA) Notice variante, Trojan-Ransom.Win32.Chameleon.mw or Trojan.Ransomgerpo, Windows заблокирован! Ransomware can be removed by judicious application of anti-malware software and suitable PC security tactics. Safe Mode is the recommended environment for deleting any Windows заблокирован! Ransomware infection, since it will avoid triggering the startup entries that allow Windows заблокирован! Ransomware to lock your computer in the first place.

To access Safe Mode on any Windows computer, reboot and tap the F8 key until you see the relevant menu. Several versions of Safe Mode are available, and the 'Safe Mode with Networking' option will allow limited Internet connectivity if you need to install security software or updates.

SpywareRemove.com malware researchers also stress the importance of updating your security software before you use them to delete Windows заблокирован! Ransomware, since similar ransomware Trojans tend to use rootkit capabilities to avoid deletion. Using anything less than a fully up-to-date anti-malware product to remove Windows заблокирован! Ransomware may result in failure.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



[SET OF RANDOM CHARACTERS].exe File name: [SET OF RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ “Shell” = “[SET OF RANDOM CHARACTERS].exe”

Related Posts

Loading...