In this article you will learn how to remove the banner extortionist from the Windows desktop. What is a banner on your desktop, you probably already know, as interested in this article. This problem exists, and there is a long time. So that’s unpretentious way, some not quite conscious person earn their daily bread and spoil the nerves happy owners of personal computers.
What is a banner on your desktop?
Banner is a malicious program that blocks Windows and displays on a monitor advertising module with different requirements:
- send an SMS to a short number
- transfer funds to the wallet
- said refill phone bill
- make a payment through the terminal
There are banners in many colors and content, but all of them partially or completely block the Windows operating system, depriving the owner of the computer or that function, and require money to unlock and reset.
Vinloker (Trojan.Winlock programs) — a computer virus blocking access to Windows. After infection prompts the user to send an SMS to obtain the code, reducing computer performance. It has a variety of software versions: from the simple — «penetrating» in the form of add-ons to the most complex — modifying the boot sector of the hard drive.
A warning! If your computer is locked vinlokerom, under any circumstances, do not send SMS and do not put the money to get the code of the operating system release. There is no guarantee that he will be sent to you. And if that happens, know that you give your hard earned attackers for nothing. Do not succumb to the tricks! The only correct solution in this situation — to remove the virus from your computer extortionist.
Independent removal of the banner-extortionist
This method is suitable use for vinlokeram that do not block the loading of the operating system in safe mode, Registry Editor, and Command Prompt. Its principle of operation is based exclusively on the use of system utilities (without the involvement of anti-virus software).
1. Seeing a malicious banner on the monitor, unplug the Internet connection is the first thing.
2. Restart the operating system in safe mode:
- at the time the system is rebooted hold «the F8» until then, until the monitor appears in the menu «Advanced Boot Options»;
- Using the arrow keys to select «Safe Mode with Command Prompt» and press «Enter».
Attention! If your PC fails to boot in safe mode or start up the command line / system utilities vinloker try to remove by other means (see below).
3. Type the command in the command line — msconfig, and then press «ENTER».
4. You will see a panel, «System Configuration». Open it the tab «Startup» and carefully review the list of items for vinlokera presence. As a rule, it contains the name of meaningless alphanumeric combinations ( «mc.exe», «3dec23ghfdsk34.exe» et al.) Disable any suspicious files and memorize / write down their names.
5. Close the panel and go to the command line.
6. Type «regedit» (without the quotes) + «ENTER». Upon activation, open the Windows Registry Editor.
7. In the «Edit» menu of the editor, click «Find …». Write the name and extension of vinlokera found at startup. Start Search button «Find Next …». All records with the name of the virus must be removed. Continue to scan using the «F3» key until all sections are checked.
8. Here, in the editor, moving to the left the bar, browse the directory:
the HKEY_LOCAL_MACHINE \ Software \ the Microsoft \ the Windows the NT \ the Current the Version \ the Winlogon.
Record «shell» — must be set to «explorer.exe»; Record «Userinit» — «C: \ Windows \ system32 \ userinit.exe,».
Otherwise, upon detection of malicious modifications, by the function «Correct» (right mouse button — the context menu) to set the correct values.
9. Close the editor and go back to the command line.
10. Now you need to remove the banner from your desktop. To do this, type in the command line «explorer» (without the quotes). When the Windows shell, remove all the files and shortcuts with an unusual name (which you have not installed the system). Rather, one of them is the banner.
11. Restart Windows normally, and make sure that you are able to remove the malware:
- if the banner has disappeared — connect online, refresh the installed base of antivirus, or use an alternative anti-virus product and scan all the partitions of the hard drive;
- if the banner continues to block the OS — you can use another method of removal. Perhaps your PC struck vinloker who «fixed» in the system a little differently.
Uninstalling using the anti-virus tools
To download the utility, removing vinlokery and record their disk, you’ll need a different, uninfected, computer or laptop. Ask a neighbor, a friend or a friend use his computer for an hour or two. Stock up 3-4 blank discs (CD-R or DVD-R).
Tip! If you are reading this article for informational purposes and your computer, thank God, is alive and well, it is currently treating download utility, discussed in the framework of this article, and save it to disk or flash drive. Harvested «first aid kit», increases your chances to win the viral banner twice! Quickly and without unnecessary disturbances.
1. Go to the Utilities of.sayt developers — antiwinlocker.ru.
2. On the main page, click the button AntiWinLockerLiveCd.
3. In the new browser tab will open a list of links to download software distributions. In the column «disk images for the treatment of infected systems,» click on the link «Download image AntiWinLockerLiveCd» with the highest number (new) version (eg 4.1.3).
4. Download the image in ISO format to the computer.
5. Write it down on a DVD-R / CD-R in the program ImgBurn, or Nero, using the «Burn disc image.» ISO-image must enroll in uncompressed form, to get a boot disk.
6. Insert the AntiWinLocker PC where rude banner. Restart the OS and enter the BIOS (check hotkey to enter in relation to your computer; options — «Del», «F7»). Install the boot with no hard drive (the system partition C), and a DVD-drive.
7. Again, restart the PC. If you have done everything correctly — correctly write the image to disk, change the boot setting in the BIOS — the monitor AntiWinLockerLiveCd utility menu appears.
8. Click «START» to automatically remove ransomware virus from your computer. And yet! No other action is required — the destruction in one click.
9. At the end of the removal process, the utility will provide a progress report (which services and files it unlocked and cured).
10. Close the utility. When the system restarts again go into the BIOS and select to boot from the hard drive. Run the OS normally, check its performance.
WindowsUnlocker (Kaspersky Lab)
1. Open the page in the browser sms.kaspersky.ru (of.sayt Kaspersky Lab).
2. Click the button «Download WindowsUnlocker» (is «How do I remove the banner» under the inscription).
3. Wait until the computer will download the boot image Kaspersky Rescue Disk to WindowsUnlocker utility.
4. Record the ISO image in the same way as the tool AntiWinLockerLiveCd — make a bootable disk.
5. Adjust the locked PC BIOS to boot from DVD-drive. Insert the disk Kaspersky Rescue Disk LiveCD and reboot the system.
6. To start the utility, press any key and then the cursor arrows, select the interface language ( «Russian») and press «ENTER».
7. Read the agreement and press «1» (agreed).
8. When you see the Kaspersky Rescue Disk desktop, click on the leftmost icon in the taskbar (the letter «K» on a blue background) to open the disc menu.
9. Select «Terminal».
10. In the terminal window (root: bash) near the invitation «kavrescue ~ #» enter «windowsunlocker» (without the quotes) and activate the directive key «ENTER».
11. Utility menu is displayed. Press «1» (Unlock Windows).
12. After unlocking close the terminal.
13. Access to the OS is already there, but the virus is still walking free. To destroy it, do the following:
- connect the Internet;
- run on the desktop shortcut «Kaspersky Rescue Disk»;
- update anti-virus signature database;
- select the objects you want to check (it is desirable to check all the items in the list);
- left mouse button activate the «Run scan objects»;
- select «Remove» in the case of virus-extortionist of the proposed action.
14. After treatment in the disc main menu, click «Disable». At the time of restarting the OS, go to the BIOS and set to boot from the HDD (hard drive). Save the settings and start Windows normally.
Service unlock computers by Dr.Web
This method is to try to make vinloker self-destruct. That is, to give him what he needs — the unlock code. Naturally the money to obtain it you will not have to spend.
1. Rewrite the purse or phone number that attackers left on the banner to buy the unlock code.
2. Go to the other, a «healthy» computer to unlock the Dr.Web service — drweb.com/xperf/unlocker/.
3. Type the number of copied and click the «Search code». Service will perform automatic selection unlock code according to your request.
4. Copy / copy all the codes displayed in search results.
Attention! If there are not found in the database, use the recommendation of Dr.Web for self-removal vinlokera (click on the link that is located under the message «Sorry, your request …»).
5. On the infected computer in the «interface» of the banner, enter the unlock code provided by the service Dr.Web.
6. In the case of self-destruction of the virus, update your antivirus and scan all hard disk partitions.
Warning: Sometimes the banner is not responding to input the code. In this case, necessary to use another method of removal.
Removing MBR.Lock banner
MBR.Lock — one of the most dangerous vinlokerov. Modifies the data and code zhёstokogo disk master boot record. Many users do not know how to remove the banner extortionist this species begin to reinstall of Windows, the hope that after this procedure, their PC «recover.» But, alas, this is not happening — the virus continues to block the OS.
To get rid of the blackmailer MBR.Lock follow these steps (for Windows version 7):
1. Insert the Windows installation disk (any version suitable, assembly).
2. Go to your computer’s BIOS (check hot key to enter the BIOS in the technical description of your PC). The First Boot Device setting set to «Sdrom» (boot from DVD-drive).
3. After restarting the system will boot the Windows installation disc 7. Select the type of your system (32/64 bit), interface language, and then click «Next».
4. At the bottom of the screen under the option «Install», click «System Restore.»
5. In the «System Recovery Options» leave everything unchanged and click «Next» again.
6. Select the tools menu option «Command Prompt.»
7. At the command prompt, type — bootrec / fixmbr, then press «Enter». System utility will overwrite the boot record and thus destroy the malicious code.
8. Close the command prompt, and then press «Reset».
9. Scan your PC for viruses utility Dr.Web CureIt! or Virus Removal Tool (Kaspersky).
It should be noted that there are other ways to treat your computer from vinlokera. The more in your arsenal will be a means to combat this plague, the better. And in general, as they say, better safe than sorry — do not tempt fate: do not go to questionable sites or install software from unknown vendors.