What is “Your computer has been locked!” Virus
“Your computer has been locked!” Virus is a notorious ransomware which made to locks computer and forces the victims to pay ransom money. This FBI virus can be activated by Trojan hiding on your PC, or be installed when you access to junk email, spam email and free download software. Due to its rich distribution routes, there were thousands of PC users all over the world were infected by “Your computer has been locked!” Virus.Once “Your computer has been locked!” Virus invade your PC, it disables your system functions and blocks up your screen when you boot up PC, then you will just see a screen with title and logo of FBI, claiming that you computer have been locked because you have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content”, and viewing or distributing prohibited Pornographic content (Child Porno/Zoofilia and etc.)”, thus you have to pay a fine ($100 / $200 / $300 / $400) via MoneyPAK to unlock your PC and prevent yourself from being accused.
“Your computer has been locked!” Virus has scammed lots of people with such trap, since most of the victims had experience of browsing porn websites, so it is easy to make them believe that they were accused for watching or distributing forbidden contents. If you see the FBI “Your computer has been locked!” Virus on your screen, just dismiss the warning from it, do not become the next victim who contributes money to the evil hacker. More severely, the hackers will steal your credit card details when you were paying the money via MoneyPak, that means you will possible lose all the funds on your bank! Please read the easy guide here to get rid of “Your computer has been locked!” Virus and avoid further damage and loss.
Attention: If you have no enough skills and experience on handling a virus manually, please never try to complete the manual removal steps by yourself, or you will risk to disable your PC by removing crucial system files. Get Online PC Expert to help you:
Fake FBI Webcam Monitoring
Once infected by FBI MoneyPak Virus, you will also see a fake “recording ” webcam on your screen, which attempts to make you believe that your activities are under monitoring. All of these content look like real, so most people were scammed into paying the fake fine. Don’t be fooled, the FBI is not monitoring your activities.Fake Warning from FBI Virus
Your computer has been locked!Your computer has been locked due to suspicion of illegal content downloading and distribution.
Mentioned illegal content (414Mb of video files) was automatically classified as child pornographic materials. Such actions, in whole or in part, violate following U.S. Federal Laws:
18 U.S.C. 2251 - Sexual Exploitation of Children (Production of child pornography)
18 U.S.C. 2252 - Certain activities relating to material involving the sexual exploitation of minors (Possession, distribution and receipt of child pornography)
18 U.S.C. 2252A - certain activities relating to material constituting or containing child pornography.
Any individual who violates, or attempts to violate, or conspires to violate mentioned laws shall be sentenced to a mandatory term of imprisonment from 4 to 30 years and shall be fined up to $250.000.
Technical details:
Involved IP address: <ip address>
Involved host name: <computer's host name>
Source or intermediary sites:
All suspicious files from your computer were transmitted to a special server and shall be used as evidences. Don't try to corrupt any data or unblock your account in an unauthorized way.
Your can be classified as occasional/unmotivated, according to title 17 (U.S. Code) 512. Thus is may be closed without prosecution. Your computer will be unblocked automatically.
In order to resolve situation in an above-mentioned way you should pay a fine of $300.
Different Versions of FBI MoneyPak Virus
Cyber Command of California Virus, Cyber Command of New York Virus, USA Cyber Crime Investigations Virus, CyberLocker Virus, The ICE Cyber Crime Center Virus, United Kingdom Police Virus, Homeland Security Virus, caribarena virus, FBI Cybercrime Division Virus, FBI Moneypak Virus, Child Porn Virus, Interpol Department Of Cybercrime virus, fine@fbi.gov, DirtyDefrag.exe, Your browser has been locked, West Mercia Police Virus, Canadian Association of Chiefs of Police Virus, NSA Internet Surveillance Program Virus, Department of Justice virus, Royal Canadian Mounted Police Virus, Computer Crime and Intellectual Property Section, United States Courts Virus, Mandiant U.S.A Cyber Security virus, ICE Cyber Crime Center, Homeland Security Virus, metropolitan police Virus, Cheshire Police Authority UkashIs it possible to remove “Your computer has been locked!” Virus by antivirus software?
No. “Your computer has been locked!” Virus will firstly disable your firewall and antivirus once you launched PC, thus no matter how strong your antivirus is, it cannot help you at that time. You may think that your antivirus will work in Safe Mode, but unfortunately, this “Your computer has been locked!” ransomware will even disable your safe mode immediately once you boot your PC into that mode. So far, manual removal is the only method that helps you get rid of “Your computer has been locked!” Virus and unlock your PC, take action to remove the Moneypak virus now with the steps below.Unlock your PC from “Your computer has been locked!” Virus step by step
Step1: Bootup the infected PC in Safe Mode with Networking with these steps:a. Reboot your infected PC
b. keep pressing F8 key before Windows start-up screen shows
c. use the arrow keys to select “Safe Mode with Networking” and press Enter.
(If your Safe Mode with Networking has been disabled by FBI virus as well, please contact Online PC Expert to get further solutions.)
Step2: Stop “Your computer has been locked!” Virus processes in the Windows Task Manager by Pressing Ctrl+Alt+Del keys together
random.exe
Step3: Show all hidden files:
%System%\regsvr.exe %System%\svchost .exe %System%\setting.ini %System%\setup.ini %AllUsersProfile%\Application Data\~ %AllUsersProfile%\Application Data\~r %AllUsersProfile%\Application Data\.dll %AllUsersProfile%\Application Data\.exe %AppData%[trojan name]toolbarstat.log %AppData%[trojan name]toolbarstats.dat %AppData%[trojan name]toolbaruninstallIE.dat
Step5: Terminate these Registry Entries created by “Your computer has been locked!” Virus.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "random " HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0′ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSettings “CertificateRevocation”=0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run: [avsdsvc] %CommonAppData%\ifdstore\security_defender.exe /min HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus Security Pro Virus\UninstallString “%AppData%[RANDOM CHARACTERS][RANDOM CHARACTERS].exe” –u HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\[RANDOM CHARACTERS] %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Inspector
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.