In case if you login to your PC and find the warning alert “your computer is locked for violating the Law of Great Britain” instead of your desktop theme it means your workstation is hijacked by some nasty ransomware. This post is devoted to the virus that generates the falsified warning alert allegedly from West Yorkshire Police. It is a dirty trick of cyber crooks. They attack the targeted computer via available security holes, drop the virus code and do their bad activities. They display the following notification (see the screenshot)
To mislead you and make you believe that some illegal actions were hold on your PC. You are told that your computer will be totally damaged and unusable. You are blamed in visiting pornographic Web sites. Your IP address will be stored in their database and if you visit such pages again your data will be transferred to a special department for a further investigation. Indeed it In order to unlock your computer you should pay a fine in amount of 100 pounds. Indeed it is much ado about nothing. You should not pay any funds for the crimes you do not commit. You should unlock your PC and eradicate this ransomware.
1. This ransomware creates the files:
%LOCALAPPDATA%\[random].exe
%COMMONAPPDATA%\[random].exe
If you have Windows XP OS, you should for look the next files:
%LOCALAPPDATA% = %USERPROFILE%\Local Settings\Application Data
%COMMONAPPDATA% = %ALLUSERSPROFILE%\Application Data
If you have Windows Windows 7 OS, you should look for the next files:
%LOCALAPPDATA% = %USERPROFILE%\AppData\Local
%COMMONAPPDATA% = %ALLUSERSPROFILE%\Application Data
2. This ransomware creates the registry entries:
2.1. It creates the parameter AutoRun in the registry key HKCU\Software\Microsoft\Command Processor
2.2. Change the parameter value Shell in the registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
2.3. Change the parameter value DisableTaskMgr into 1 (or creates the parameter with value 1)
in the registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
To unblock your PC the next steps are recommended:
1. Launch your PC in Directory Services Restore Mode or Debugging Mode.
2. Remove the parameter AutoRun in the registry key HKCU\Software\Microsoft\Command Processor
3. Change the parameter value Shell in the registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon на Explorer.exe
4. Remove the parameter value DisableTaskMgr in the registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
5. Reboot your PC in the normal mode.
6. Launch the reputable anti-virus solution such as GridinSoft Trojan Killer to clean your computer from potentially insecure malicious objects.
Source: http://remove-trojans.com/your-computer-is-locked-for-violating-the-law-of-great-britain-fake-warning-alert/
No comments:
Post a Comment