DotFab Blog » Malware Removal»Remove Your Computer Has Been Locked Ransomware (Removal Guide)

Remove Your Computer Has Been Locked Ransomware (Removal Guide)

A lock screen says “Your computer has been locked due to suspicion of illegal content downloading and distribution…” and thus demands you a fine of USD $300 using Greendot Moneypak code?  If such is your case, then your computer is getting infected by a computer virus, categorized as ransomware, also referred to as pc lock up virus or lock screen Trojan or your computer has been locked virus. Read more in this post to remove this ransomware infection and unlock your computer OS without payment to those cyber criminals. Read more below.

In this article, you will learn more about:

I. What is Your Computer Has Been Locked Ransomware

II. How Did This Your Computer Has Been Locked Ransomware Get onto My Computer

III. How to Avoid Being Infected by Your Computer Has Been Locked Virus

IV. Symptoms of Your Computer Has Been Locked Ransomware Infection

V. Your Computer Has Been Locked Ransomware Removal Guide

VI. Ransomware Prevent Tips

 

 I. What is Your Computer Has Been Locked Ransomware

 

Your computer has been locked ransomware is a computer virus, categorized as ransomware, and shown in the form of a lock screen that delivers a message bearing the logo of the Department of Justice, U.S. Department of Homeland Security and Federal Bureau of Investigation to pretend itself is authorized by these institutions  and then fake a message that says the victim user need to pay a fine of USD $300 for the crimes committed in order to unlock the locked computer.  And that is how this called the ransomware.

Your computer has been locked ransomware is mainly targeted in the United States and it uses both sophisticated techniques and social engineering tricks to do scams on innocent users. Once infected, the computer desktop will freeze and there will be instead a lock screen as shown in below picture every time you start the Windows based computer.  Even when you restart the computer to safe mode to troubleshooting, in majority of cases, you are unable to run the computer in safe modes as well. That really makes many victims feel frustrated.

 

The lock Screen of Your Computer Has Been Locked ransomware infection

your-computer-has-been-locked ransomware

 

The bogus message of the Your computer has been locked ransomware lock screen reads:

Your computer has been locked!

Your computer has been locked due to suspicion of illegal content downloading and distribution.

Mentioned illegal content (414Mb of video files) was automatically classified as child pornographic materials. Such actions, in whole or in part, violate following U.S. Federal Laws:
18 U.S.C. 2251 – Sexual Exploitation of Children (Production of child pornography)
18 U.S.C. 2252 – Certain activities relating to material involving the sexual exploitation of minors (Possession, distribution and receipt of child pornography)
18 U.S.C. 2252A – certain activities relating to material constituting or containing child pornography.

Any individual who violates, or attempts to violate, or conspires to violate mentioned laws shall be sentenced to a mandatory term of imprisonment from 4 to 30 years and shall be fined up to $250.000.

Technical details:
Involved IP address: <ip address>
Involved host name: <computer’s host name>
Source or intermediary sites:

All suspicious files from your computer were transmitted to a special server and shall be used as evidences. Don’t try to corrupt any data or unblock your account in an unauthorized way.

Your can be classified as occasional/unmotivated, according to title 17 (U.S. Code) 512. Thus is may be closed without prosecution. Your computer will be unblocked automatically.

In order to resolve situation in an above-mentioned way you should pay a fine of $300.

This alert is totally fake as part of the ransomware scams and under no circumstances should you trust it let alone to pay to unlock it.  If you already has paid, please contact Greendot Moneypak for money back.  Actually even if you already pay for that, you will not get your locked computer unlocked in majority of cases.

 

II. How Did This Your Computer Has Been Locked Ransomware Get onto My Computer

 

Like many other similar ransomware infections such as FBI Moneypak virus, or ICE Cyber Crime Center Ukash virus, this ransomware also use Trojan, known as Reventon, is distributed through several means. Malicious websites, or legitimate websites that have compromised, can infect your machine through exploit kits that utilize vulnerabilities on your computer to install the Trojan without your notice.

Another method used to propagate malware is spam email containing infected attachments or links to malicious websites. Cyber crooks spam out an email, with forged header information, tricking you into believing that it is from a shipping company like DHL or FedEx. The email tells you that they tried to deliver a package to you, but failed for some reason. Sometimes the emails claim to be notifications of a shipment you have made. Either way, you cannot resist being curious as to what the email is referring to-and open the attached file (or click on a link embedded inside the email). And then, your computer is infected with the Your computer has been locked ransomware.

Besides, this threat can also be downloaded manually by tricking the user into thinking that they are installing a useful piece of software, such as a bogus update for Adobe Flash Player or another piece of software.

This type of ransomware can spread on peer-to-peer file sharing websites and is often packaged with pirated or illegally acquired software.

 

 III. How to Avoid Being Infected by Your Computer Has Been Locked Virus

 

Therefore according to above said, in order to avoid being infected by the very dangerous your computer has been locked virus that may damage your Windows OS and even stored data permanently, you need to be very careful when surfing online apart from avail various online protection solutions such as antivirus, antimalware tools install, etc. For detailed information to prevent risky malware infections, you may refer to the ransomware prevent tips included at the last of this article.

 

IV. Symptoms of Your Computer Has Been Locked Ransomware Infection

 

  • a. Once infected, you will see a lock screen as shown above on the desktop that blocks you out of the entire OS.
  • b. You are delivered a bogus notification that are supposed from the U.S. Department of Homeland Security, Department of Justice and the FBI saying that your computer has been locked due to some reasons related to illegal activities online and thus a fine of $ 300 to be paid via Moneypak is  required.
  • c. If you see through such tricks and try to restart your computer to safe mode for troubleshoot, then you will also get blocked from safe mode operation.

Apparently, many ransomware are very dangerous and hard to remove because it almost disables any operation of the infected computer and its tricks are very sophisticated. Even Microsoft company also call this type of ransomware as “boot sector virus” that once infect your computer, you have to reinstall your computer for recovery. You may also find that this ransomware even shows some technical details including IP address to appear more scaring, but the truth behind is that it uses free online services to find your IP address.

 

Deny Flash

Most ransomware exploits Java or flash vulnerabilities to load the malicious code. In some cases denying or disabling flash on your system may suspend the Your Computer Has Been Locked ransomware virus and enable the user to navigate through the infected system. If this not a necessity for removal, skip to the removal options below these steps. If any questions in the process, just feel free to contact us for timely help via email below.

To disable (deny) flash 
1.Visit:http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html

Deny-Flash
2. Select the “Deny” radio option

3. Proceed to a removal option (detailed below).

____________________________________________________________________

 V. Your Computer Has Been Locked Ransomware Removal Guide

 

This tutorial suits the removal of Ukash, PaysafeCard, MoneyPak and CashU ransomware.

Generally there are two situations when your computer got infected with this your computer has been locked ransomware. One is that you can still boot your computer to safe mode and the another one is not. According to this, there are two removal options for each situation for you to choose.


 

Removal Option 1-Safe Mode with Command Prompt Restore

 

Step 1> Launch your PC into Safe Mode with Command Prompt.

 

During the start, keep pressing F8 key till the Advanced Windows Options Menu shows up and then use the arrow key on the keyboard to highlight the Safe Mode with Command Prompt option and then press EnterSee detailed instructions on how to boot Windows to Safe Mode

 

1

 

 

Note: make sure you login your computer with administrative privileges. (login as admin)

 

Step 2> Type explorer to access

 

Once the Command Prompt window appears you only have few seconds to type “explorer” and hit Enter. If you fail to do so within 2-3 seconds, the ransomware virus will not allow you to type anymore.

 

Command Prompt window

 

 

Step >3 Once Windows Explorer shows up browse to:

  • Win XP: C:\windows\system32\restore\rstrui.exe and press Enter
  • Win Vista/7: C:\windows\system32\rstrui.exe and press Enter

3

 

Step 4> Restore

 

Follow all steps to restore or recover your computer system to an earlier time and date (restore point), before infection.

4

 

Step 5> Scan malware and restart

 

Download, install, update and run the antimalware Anvi Smart Defender (direct download: www.dotfab.com/download_asd.html). Remove all threats detected and reboot your PC.

___________________________________________________________________

Removal Option 2-Remove the Ransomware using Anvi Rescue Disk

 

In most cases of computer infected by ransomware,  your PC would be totally blocked from any operation, including safe mode runing. Then, you can use the Anvi Rescue Disk to fix the issue together with the antimalware Anvi Smart Defender.  Some patience and time is needed for this removal emthod. If any question in the process, please feel free to send your email below to our online Technical Support for timely help.

 

Below is a video of ransomware removal using Anvi Rescue Disk for your reference.

 

Step 1> Download the Anvi Rescue Disk iso image file

 

Download the Anvi Rescue Disk iso image file Rescue.iso and the USB disk production tool BootUsb.exe from Anvisoft official site. (Both are packaged in the file offered to download below.)

Direct download link: http://download.anvisoft.com/software/rescuedisk.zip

Please kindly note that Rescue.iso is a large file to download; please be patient while it downloads.

 

Step 2> Record the Anvi Rescue Disk iso image to USB drive.

 

You can also record the iso image to a CD/DVD. We will introduce the steps to record iso image to a CD/DVD in following guide.

 

To record the Anvi Rescue Disk iso image to USB drive:

1. Firstly find a clean computer with correct internet connection and then connect your USB driver to the clean computer. You’d better backup your important data and format your USB drive before using it to record the iso image.

2. Locate your download folder and double-click on BootUsb.exe to start it. And then click “Choose File” button to browser into your download folder and select Rescue.iso file as your source file.

USB burning

 

3. Select the path of USB drive, such as Drive H:

4. Click “Start Burning” to start the burn of USB Rescue Disk boot drive.

5.Please close BootUsb.exe tool after you successfully burn the file to the USB drive when you get the following message.

2

 

Now, you have bootable Anvi Rescue Disk to repair your computer.

 

——Alternative Option

 

You can also record Anvi Rescue Disk iso image to a DV/DVD. Any CD/DVD record software is fine for burn iso image. If you don’t have any, you can download and install Nero Burning ROM and ImgBurn. Here we will use Nero Burning ROM for demonstration purpose.

Please open and start Nero Burning ROM and select Burn Image from the drop-down menu of the Recorder.

CD/DVD recorder

 

1. Locate your download folder and select Rescue.iso file as your source file and then click Open button.

9

 

 

2. Click Burn button to start record the iso image. After a few minutes, you will have a bootable Anvi Rescue Disk to repair your computer.

 

burn compiliation

 

Step 3> Configure your infected computer to boot from the USB drive/DV/DVD

 

Restart your infected computer and configure it to boot from USB drive/DV/DVD that recorded Anvi Rescue Disk.

Basically , you can use F8 to load USB boot menu.

For different motherboard, you may need to use the Delete or F2, F11 keys, to load the BIOS menu. Normally, the information on how to enter the BIOS menu is displayed on the screen at the start of the OS boot.

boot menu instruction

 

The keys F1, F8, F10, F12 might be used for some motherboards, as well as the following key combinations:

  • • Ctrl+Esc
  • • Ctrl+Ins
  • • Ctrl+Alt
  • • Ctrl+Alt+Esc
  • • Ctrl+Alt+Enter
  • • Ctrl+Alt+Del
  • • Ctrl+Alt+Ins
  • • Ctrl+Alt+S

If you can enter Boot Menu directly then simply select your CD/DVD-ROM as your 1st boot device.

If you can’t enter Boot Menu directly then simply use Delete key to enter BIOS menu. Select Boot from the main BIOS menu and then select Boot Device Priority. After that, set USB drive or CD/DVD-ROM as your 1st Boot Device. Save changes and exist BIOS menu.

 

Step> 4 Boot your computer from Anvi Rescue Disk.

 

After that let’s boot your computer from Anvi Rescue Disk.

1. Restart your computer. After restart, a message will appear on the screen: press any key to enter the menu. So, press Enter or any other key to load the Anvi Rescue Disk

2. please selected your preferred language and press Enter to continue.

Anvi Rescue disk language setting

 

Step> 5 Run the Anvi Rescue Disk to scan and repair.

 

1. Now you are in the mini Operating system, please double-click Rescue tool to start Anvi Rescue disk.

Anvi Rescue Disk
Important note: make sure that your computer is connected to network connection before you run a scan on your computer. If you fail to connect your computer to Internet, please check the tutorial on network configuration in this article: Network Troubleshooting Tips for Ransomware Removal Using Anvi Rescue Disk

Connection established

 

2. Please run a full scan by clicking the “Scan Computer” button in the middle of the program to detect and kill the PC lockup virus.

 

Anvi Rescue disk scan

 

3. Clicking “Fix Now” to Remove the detected threats detected by Anvi Rescue Disk.

Anvi Rescue disk fix now

 

4. Switch to Repair tab. Scan and fix the registry error with the “Repair” module of Anvi Rescue Disk.

 

Anvi Rescue disk repair

 

Important Notice: You must repair the registry error after kill the virus. Otherwise, you would be disabled to boot your Windows without fixing registry damaged by the virus.

 

Step>6 Download Anvi Smart Defender antimalware to ensure a clean computer.

 

After the repair, your computer should be clean and resuced from the evil claw of the ransomware infection. However, many professionally crafted ransomware variants have evolved to be very persistant, that is to say, harder to remove, so you are highly recommended to download the antimalware Anvi Smart Defender by clicking Yes button on the prompted window to fulfill the download.

 

Download ASD in Rescue Disk

 

After the download, please restart your computer to normal Windows mode and then go to the folder: C:\Users\[username]\Downloads

Find the downloaded file asdsetup.exe and double click its file to install it and then start it to perform a full scan on your computer sytem, in order to ensure the computer is clean from any associated infections or leftovers.

After the scan, remove any detected infections and then you can have a clean computer now.

 

Recommended step:

To return a smooth running computer system after the virus removal, you are highly recommended to use a system optimizer like Cloud System Booster to fully boost your computer performance by throwing out junk files, fixing registry errors, optimizing system services and cleanning application files. You can directly download the Cloud System Booster with convenience here: www.dotfab.com/download_csb.html

 

cloud system booster results

You can either download the free version or upgrade it to paid version for basic system maintenance use and upgraded system optimizing efficiency.

 

_________________________________________________________

 VI. Ransomware Prevent Tips

 

1. Timely install system security patches released by Microsoft.

As mentioned above that most ransomware trojans seek their ways into computer for scams by exploiting system vunlerabilities. Therefore to prevent such kind of infections, you are supposed to timely install pack of system patches released by Microsoft.

2. Enhance your computer security using an antimalware program

Also you are highly advised to avail enough computer protection solutions with antivirus, antimalware programs. Anvi Smart Defender would be a nice choice that coworks with your installed antivirus to enhance your online protection.

3. Be very careful when suring online. 

There are various risks of scams online, so you should be very careful when you are visiting webpages. Stay far away from those malicious websites, often with exceeding ads or embarrasing contents, and phishing sites. Then how? Here we offer you an ad blocker-Anvi AD Blocker, which is developed to block annoying yet risky pop up ads, flash ads and malicious websites, phishing sites and even your unwanted websites.

A screenshot of Anvi AD Blocker

Please note that Anvi AD Blocker offers you only free trial use for 15 days. You can buy it now (price: $ 9.98 for 1year/PC) or you can use it for free in the antimalware Anvi Smart Defender professional version( price: $24.98 1year/PC) by upgrading the installed Anvi Smart Defender to pro version now.

Regardless of all, you are supposed to turn on security features of the Internet browser when you are browsing online. See detailed instructions to turn on Security Features of IE, Firefox and Google Chrome.

Good luck and be safe online. For any question related to our recommended software or malware removal, feel free to email us below.

One comment

  1. Anon says:

    Saved my life! MUST read for those with this problem

Leave a Reply

Your email address will not be published. Required fields are marked *