How to remove the virus (Interior Ministry): struggling with a banner-extortionist

By | 12.04.2016 virus

Removing virus step by step instructions

Virus — belongs to the category of ransomware viruses. Blocks access to Web pages in all browsers that are only available in the operating system. Including Internet Explorer, Google Chrome, Firefox and Yandex Browser.

Symptoms of the virus infection

Instead, the user’s request on the banner tab appears with the message that law enforcement officers allegedly Rossi illegal activities on the Internet have been found to have committed a given PC. Another modification of malicious mvd less verbose — its banner says «access blocked». When you try to delete tab there is an additional window on the prohibition of this operation.

browser blocked virus

Under the text, traditionally for extortion virus displays a message request-offer — send an SMS to pay a fine for the violation (which was not!). As well as the promise — that the lock will disappear after payment. For more convincing con artists have made so that in the address bar of the browser displays more and address of the official site MIA — ie Precisely because of this «property» malware, and got its name.

Of course, all these «old wives tales»! Naturally, you can not believe in them; more than that — they need to be removed from the PC. And do not be afraid that the police officers you will be punished for resisting law enforcement. They know and do not know what happened to your PC, and in general, what you websites visited and when.

malicious actions in the OS

Penetrating into the system, the virus modifies the configuration PC network connection. Or rather, prescribes address malicious DNS-server. By connecting to the WAN, the infected computer will automatically redirected to the specified in the IP settings. As a result, under the name of Ministry of Internal Affairs ofsayta displayed blocking «position information» and other sites become unavailable.

Removing virus

Reset browser settings, disable the locking tab through the Task Manager (Solution for Google Chrome) in relation to this «extortioner» are ineffective control measures. While in the DNS settings will be set to the IP address of the computer-villains, the virus will feel at ease in the operating system and still not «let» on the Internet.

(Example on Windows 7) to remove the virus mvd.runeobhodimo do the following:

1. Open the right-click menu of the network connection (the icon «Display» in the system tray).

2. Select «Network control center ….»

OS network management center

3. In the «View your active networks», next to the inscription «Connections:», click the link (connection name).

active networks view

4. Click the «Properties» In the «Status …».

properties of active connections

5. On the «Network» in the ingredients list, left-click «Internet Protocol Version 4». Then activate the setting «Properties» (button at the bottom, below the list).

DNS-server configuration

6. The protocol properties on the «General» tab, in the field «Preferred …» and «alternative …» displays the IP-addresses that are «inserted» virus. To remove them, click the button, located just above — «Get DNS-server address …».

disabling malicious IP

After that malicious settings disappear.

7. Open a browser, enter address bar and press «ENTER». Instead of a banner is scheduled to open this site MIA. Try to go to other sites (Odnoklassniki, Vkontakte, etc.), if they are working correctly — then neutralized the virus.

In the case of a banner (ie it was not possible to remove the virus), again go to the properties of the report (item №6 this manual):

1. Enable the «Obtain an IP automatically».

2. Click the radio button «Use the following address».

3. In the «Preferred DNS-server» set address — (IP DNS-cerver Google).

4. Open a command line console OC:

  • in the search field «Start» menu, type «the CMD» (without the quotation marks);
  • Press «Enter».

5. Run the utility ipconfig c key flushdns (ochistkaDNS cache) — enter ipconfig / flushdns.

6. Launch the browser and test it.


Certainly viruses are improved, and banner is no exception in this regard. Perhaps his «function» is only partially blocked, and it still hurts the system, though not so clearly (trojans, worms, etc.) After the restoration of the network operating system settings, it is imperative that all partitions scan utility Dr. Web CureIT! or Free Anti-Malware.

Let your PC will always be healthy!

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *