Removing porn banner from your desktop

By | 27.04.2016



Deleting the banner blocking Windows

Banner windows blocked Microsoft security

Windows Banner blocked! Microsoft Security found violations of the use of the Internet. Add MTS phone number

If the boot in «Safe Mode with Command Prompt» still appears a banner demanding recharge MTS or Beeline subscriber (mostly banner computer is locked for viewing, copying and duplicating videos, etc.), without the boot disk is not do. It is best to use the ERD Commander .

banner Your computer is locked for viewing, copying and duplicating videos containing elements of pedophilia article 242.1

Banner on your desktop: Your computer is locked for viewing, copying and duplicating videos containing elements of pedophilia article 242.1

Download the disk image can be here . The image you want to record on a CD. This can be done using free software for disc burning DeepBurner (you can download it here ). If you have a netbook or computer without a floppy drive, you can create a bootable USB flash drive with ERD Commander

Deleting the banner Computer blocked — Step 1.

Load the ERD Commander , setting in the BIOS or by accessing the Boot Menu to boot from the CD-ROM drive . In the boot menu, select the disk version (XP, Vista, 7). After the download window appears asking you to connect to any OS. Select the path to your windows folder and click OK (if you have Windows XP)

banner removal - ERD Commander

If you have Windows 7 , then to select the path to the OS you need to answer a few more questions. Asked to initialize your network connection in the background? Answer no.

Reassign the drive letters so that they match the drive letters the target operating system? The answer Yes.

Next, select the keyboard layout. After we choose the path to the target OS and click Next .

How to remove a banner your computer is blocked — Step 2.

We need a registry editor to remove entries from the Windows registry banner. To fix an infected Windows registry menu choose Etpu Startthe Administrative the ToolsRegistry Editor is (for the Windows XP, ).

ERD Commander - launch the Registry Editor

ERD Commander 5.0 for Windows XP

If you have seven, ERD Commander menu will differ. In the first window, select the menu item Microsoft Diagnostics and Recovery Toolset for running the OS recovery. In the window that appears, choose a set of tools Registry Editor the ERD .

how to remove a banner through erd commander windows 7

ERD Commander 6.5 for Windows 7

Open the Windows registry, the path to which we chose in the first window at startup. It infected Windows registry, in which sits a porn banner. We need to look registry branch, which usually registers banner.

The first branch is the HKEY_LOCAL_MACHINE \ SOFTWARE \ the Microsoft \ of WindowsNT \
CurrentVersion \ the Winlogon
.

Pornobanner registry

Here you need to check three keys:
— Key Shell is responsible for loading the shell (desktop) the Windows and should have a string value of the Explorer.exe , but it would be better if a full path to the file is the C: \ the Windows \ the explorer.exe
UIHost must have a string value logonui.exe
Userinit provides the user login must have the string value of
C: \ Windows \ system32 \ userinit.exe ,

Now check branch
the HKEY_LOCAL_MACHINE \ SOFTWARE \ the Microsoft \ the Windows \
CurrentVersion \ the Run
.

Remove the registry pornobannera

There are prescribed startup program. Check out all these programs, and disable suspicious. Suspicious primarily programs are those that are in the folders the C: \ the temp , the C: \ the Documents and the Settings \% the username% \ the Local the Settings \ the Temp , the C: \ the Documents and the Settings \% the username% \ the Local the Settings \ the Temporary of Internet the Files , C: \ Windows \ Temp and the like, where % the username% — the name of your account. This can be done, for example, changing the extension to ex_

Sometimes the banner is written in the registry key of the HKEY_LOCAL_MACHINE \ SOFTWARE \ the Microsoft \ the Windows the NT \ CurrentVersion \ the Windows \ AppInit_DLLs . The value of this key is usually empty or there is prescribed antivirus.

Deleting the banner in the registry

If there is registered a file is most likely a virus. Double mouse click on the key necessary AppInit_DLLs and erase the prescribed path, leaving the Value field empty, then click OK.

Now let’s see the branch HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options. The main purpose of the keys in this branch — starting programs under a debugger (used for writing and testing programs). But at the same time, here is a virus to register as a debugger for any system file, such as userinit.exe and explorer.exe. As a result, the virus starts instead of the program.

For example making a banner and banner www.gei-porno.ru www.iznosilovanie-detei.ru

Banner Windows Internet Security: Your computer is blocked for a site visit www.gei-porno.ru

Your computer is locked. You visited the forbidden web site www.gei-porno.ru

banner with gay porn in a branch registry Image File Execution Options

In the left column of the Registry Editor need to see whether there are sections of the explorer.exe , iexplorer.exe , userinit.exe . If such a profile is available, select it in the right pane, look at the path to the virus. After cleaning the registry through a conductor to delete this file. Now press the right mouse button on a section in the left part of the window ( userinit.exe ) and click Remove (Delete)

You also need to check posmtoret registry branch
HKEY_USER the S \% the username% \ Software \ the Microsoft \ the Windows the NT \
CurrentVersion \ the Winlogon
and HKEY_USER the S \% the username% \ Software \ the Microsoft \ the Windows \ CurrentVersion \ the Run

where % the username% — account name, the Windows .

After checking all registry keys and correct or delete invalid entries, Registry Editor to close.

Removing porn banner requiring recharge — Step 3.

Check the Startup blocked Windows. Start the Computer Management tool menu Etpu Start — the Administrative the Tools — Autoruns (Windows XP,) or Computer Management (Windows 7)

ERD Commander - Autoplay

Branch System shows startup items are common to all operating systems, that is, for all accounts (registry hive the HKEY_Local_Machine )

Banner Windows locked in Changeling userinit.exe file

Search banner at startup

The figure shows that the system file userinit.exe replaced infected files. This is determined by the file description ( Description ) and developer companies ( Company ). Also userinit.exe file spoofing can be identified by date.

It is because of the fact that userinit.exe file is infected, banner blocking Windows in safe mode, and appeared before the boot prompt. After all, it is responsible for user login and loaded immediately after the account of choice.

It is necessary to delete the infected file C: \ Windows \ System32 \ userinit.exe , and replace it with the original file. The latest versions of banners as a substitute for the file C: \ windows \ system32 \ taskmgr.exe which is why when you start Task Manager banner appears again. This file is also better to replace the original, ie, remove and recover from disk. How to do this can be found here: How to recover deleted or damaged Windows system files . Duplicates of these files are in the folder of the C: \ of windows \ system32 folder \ dllcache . They need to do the same action.

You also need to check the programs that are downloaded from a particular user. They can be found in a branch with the user account name (in the example the name uchetki — 1 ).

Banner blocking the computer to the Startup folder

The figure shows that in the C: \ Documents and Settings \ 1 \ Start Menu \ Startup is an infected file. Determine this is possible by creation date, and modification of a file. In the first place should be alerted that the Description field (Description) and Developer (Company) empty. Reliable developer is always specified in the Company. This file is to be deleted through Windows Explorer.

Many modifications banners recently introduced its entry in the file hosts thereby redirecting from popular sites such as Odnoklassniki and VKontakte, to your server where your computer will be infected again. Therefore, it is necessary to check the hosts file for foreign records. Read more here .

There are banners that create a second folder, the Windows , thereby forcing down with confusing and complicating the search for a defective software. Learn more about these banners and how to remove them in this article .

How to remove the banner blocking desktop — Step 4.

After repairing all registry values need to check the system disk virus scanner in Safe Mode. The best option is a free utility DrWeb CureIt , which can be downloaded from the official site . This utility is necessary to download in advance on a USB flash drive on another computer.

Run CureIt with the stick and check the system disk.

Also it is necessary to clean the hard disk from temporary files, which often hide viruses. How do you read the article How to clean C drive

After checking restart your computer. All! Now that you know how to remove the banner computer is locked and in general any banner, blocking the desktop Windows.

And do not forget to install a reliable anti-virus protection, for example, the best free antivirus Avast , which is in no way inferior to Kaspersky and Dr.Web

Phone number:

Banner MTS
8-981-757-49-15

Banner BEELINE
8-909-986-39-84

Banner MTS
8-989-752-07-81

Banner Beeline
8-965-134-99-84

Banner Beeline
8-965-376-95-94

Banner MTS
8-981-757-48-60

Banner Windows blocked MTS
7-917-955-73-64

Banner MTS Article 242.1
8-989-754-34-54

Banner Windows blocked MTS
+79873670004
+79874380853
8- (985) -313-60-71
8-985-267-17-84

Banner Computer blocked penalty on MTS number
+7 (981) 129 52 79

Banner www.gei-porno.ru
Phone: +7 911 162 77 04

Banner www.iznosilovanie-detei.ru
Phone: +7 (911) 729 40 75

Blue banner Computer blocked Beeline
8-967-253-54-86

Blue banner computer is locked article 242.1
8-906-097-14-25

Blue banner computer is locked article 242.1 beeline
79,060,970,538
79,671,021,590

Windows blocked Microsoft Security application Essentials
+79139512569
+79879716014
+79139400739
+79139146397
+79879110143
+79133914995
+79874324602
+79874324611
+79171519788
+79133906375
+79138949274

Red banner computer is locked beeline
89681039660

Windows Microsoft Security blocked Cause: The view of children’s and gay porn MTS
8-989-610-56-35

Computer blocked MTS Article 242.1 blue
988-183-17-15
988-185-36-37

Computer blocked Beeline 1000 rubles
79,037,309,402
79,067,307,572




Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *