How to remove a virus-extortionist

For a start, remember: Send SMS and replenish someone else's phone number in no case it is impossible!! No unlock code is likely tosend, but lose money. Sometimes a banner-extortionist can disguise himself as a message from law enforcement agencies and threaten with criminal liability for the possession and dissemination of child pornography, if you do not pay a fine. Do not believe this is the same virus-extortionist, the MVD does not use such methods.

Previously, you could remove the banner-extortionistrelatively simple: it was enough to complete the process of the virus using the task manager. Now viruses have become more "advanced", they are able to block access to the registry, call the task manager, edit startup and boot in safe mode. They are registered in the startup and "please" you every time you turn on and restart the computer. How to remove a virus-extortionist?

First, try to get by with "little blood". If you have a working computer or a gadget with an Internet connection, you can try using free computer unlocking service from <! - noindex -> Dr.Web <! - / noindex -> or <! - noindex -> Kaspersky Lab. You need to enter in a special field the mobile phone number or purse, to which the banner requires money transfer. The system will give you the possible unlock codes, one of them may come up. After that, scan the computer with the antivirus software.

If this method did not help to remove the extortion virus, you can try to boot from the LiveCD. You can, for example, download Kapsersky Rescue Disk or Dr. Web LiveCD. Downloading the disk image from the official site, itsyou need to write to a CD or USB flash drive. In the BIOS, install the boot from a disk or USB-media and boot from the appropriate drive. After downloading, start the computer scan for viruses: the system will find a virus-extortioner and delete it.

An alternative to LiveCD from antivirus developers - LiveCD ERD Commander. When downloading from the LiveCD you will be askedselect the system folder of the operating system, do this. The ERD Commander interface resembles the familiar Windows desktop interface. To remove the extortion virus, you can use several functions of this package:

1. 
   

   Rollback of the system until the date when you have not yet managed to "catch" the virus. Click Start, and then click System Tools → System.Restore. In the Recovery Wizard window, select the first item, click Next. In the calendar that appears, select the date to which you want to roll back (you need to choose from dates written in bold type - this means that a recovery point has been created for this date). After the recovery is complete, restart the computer and boot in the normal mode.

2. 
   
   

   Editing the registry. Sometimes the virus removes recovery points, inIn this case, you may need to manually edit the registry. Click Start → Administrative Tools → Registry Editor. Next, find the HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTC currentVersionWinlogon branch. Check the Shell parameter: it should look like Explorer.exe; if there is too much information, change the value to C: WindowsExplorer.exe. Also check the value of the Userinit item: if there is something too, change the value to C: WindowsSystem32userinit.exe. After rebooting the computer, boot up in normal mode.

After editing the registry, it is desirable Scan the computer further. Web CureIt or any other free utility. By the way, in the same way you can edit the registry when using LiveCD from Kaspersky or Dr.Web.

If the virus does not block the safe mode, you can do without the LiveCD: just boot in safe mode and complete the virus process in Task Manager. Then the virus should be removed from the startup and finally scan the computer with an antivirus utility.

As you can see, there are several ways get rid of a virus-extortionist, we hope, at least one of them will help you.