Please do not write in the comments: "What code for number 89xxxx". All services prompting unlocking codes are well known and the article is not about it. Consider that in most cases there are simply no codes: a person who made this malicious program is interested only in obtaining your money, but to provide an unlock code in the banner and the way to transfer it to you is superfluous and not necessary for it.
The site where unlock codes are presented in another article, about how to remove the banner.
Types of SMS banners of extortionists
Classification of species I, in general, came up with myself so that you were easier to navigate in this instruction, because It consists of several ways to remove and unlock the computer, ranging from the simplest and working in most cases, ending with more complicated, which are nevertheless, sometimes required. On average, the so-called banners look like this:
So, my classification of extortionable banners:
- Simple - it is enough to remove some registry keys in safe mode
- Slightly more complicated - work in safe mode. They also are treated with the help of registry edit, however, LiveCD will be required.
- Contributes to the MBR of the hard disk (reviewed in the last part of the instructions) - appear immediately after the BIOS diagnostic screen until Windows starts uploading. Deleted by restoring the MBR (hard disk loading area)
Removing a banner in safe mode using registry editing
This method works in the overwhelming number of cases. Most likely, he will work. So, we will need to boot in safe mode with command line support. To do this, immediately after turning on the computer, you will need a frantically press the F8 key on the keyboard until the download options menu appears as in the picture below.
In some cases, the computer's BIOS can react to the F8 key by giving out its own menu. In this case, press ESC by closing it, and press F8 again.
You should choose "Safe Mode with Command Line Support" and wait for the download to complete, after which you will be the command line window. If your Windows has multiple user accounts (for example, administrator and Masha), then when downloading, select the user who caught the banner.
In the command prompt enter regedit. And press ENTER. The registry editor opens. In the left part of the registry editor, you will see the tree structure of the partitions, and when a specific partition is selected, the right part will be displayed. Parameter names and them Values . We will look for those parameters whose values changed the so-called. The virus causing the appearance of a banner. They are always recorded in the same sections. So, here is a list of parameters whose values must be checked and fix if they differ from the following:
Section: HKEY_CURRENT_USER / Software / Microsoft / Windows NT / CurrentVersion / WinLogon This section There must be no settings for the name Shell, userinit. If they are available, delete. Also worth remembering which files these parameters indicate - this is a banner. \ Windows \ System32 \ userinit.exe, (just like that, with a comma at the end)In addition, you should look into the sections:
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / Current Version / RunAnd the same section in HKEY_CURRENT_USER. In this section, programs are prescribed automatically starting at the start of the operating system. If you see some unusual file that does not have a relationship to those programs that are really automatically started and on a strange address - boldly delete the parameter.
After that, leave the registry editor and restart the computer. If everything was done correctly, then with a high probability after Windows restarting will be unlocked. Do not forget to remove malicious files and just in case scan hard disk for viruses.
The above way to remove banner - video instruction
Recorded the video, which shows the method described above using a secure mode and registry editor, perhaps someone will be more convenient to perceive information.Safe mode is also blocked
In this case, you will have to use any LiveCD. One of the options is Kaspersky Rescue or Drweb Cureit. However, they do not always help. My recommendation is to have a boot disk or flash drive with such sets of programs for all occasions, like Hiren's Boot CD, RBCD and others. Among other things, on these disks there is such a thing as Registry Editor PE is a registry editor that allows you to edit the registry by booting in Windows PE. For the rest, everything is also made as described earlier.
There are other utilities for editing the registry without loading the operating system, such as Registry Viewer / Editor, also available on Hiren's Boot CD.
How to remove a banner in the hard disk boot area
The last and most unpleasant option is a banner (although it is difficult to call it, rather - the screen), which appears before you start uploading Windows, and immediately after the BIOS screen. You can remove it by restoring the MBR hard disk boot record. It can also be done using LiveCD, such as Hiren's Boot CD, but for this you need to have some experience in restoring the partitions of a hard disk and understanding the operations. There is a way somewhat easier. All you need is a CD with the installation of your operating system. Those. If you have Windows XP, you will need a Win XP disk if Windows 7 is a disk with Windows 7 (although the Windows 8 installation disk is also suitable.Removing the boot banner in Windows XP
Board the Windows XP installation CD and when you are prompted to run the Windows Recovery Console (not automatic recovery by F2, namely the console, starts the R key), run it, select a copy of Windows, and enter two commands: FixBoot and FixMBR (first The first, then the second), confirm their execution (enter the Latin Y symbol and press ENTER). After that, restart the computer (no longer from the CD).
Restoring boot record in Windows 7
It is produced in almost the same way: insert the Windows 7 boot disk, boot from it. First you will be prompted to choose a language, and on the next screen below there will be an "Restore System" item, and you should choose. Then it will be proposed to choose one of several options for recovery. Run the command line. And in order, run the following two commands: bootrec.exe / fixmbr and bootrec.exe / fixboot. After restarting the computer (already from the hard disk), the banner should disappear. If the banner continues to appear, then start the command line from the Windows 7 disk again and enter the bcdboot.exe C: \ Windows command in which C: \ Windows is the path to the folder in which you have installed Windows. This will restore the correct loading of the operating system.
More ways to remove banner
Personally, I prefer to delete banners manually: in my opinion, so faster and I know for sure that it will work. However, practically all manufacturers of antiviruses on the site you can download the image of a CD, downloading from which the user can also remove the banner from the computer. In my experience, these discs do not always work, however, if you are too lazy to understand the registry editors and other such pieces, such a recovery disc may be very by the way.
In addition, there are also forms in antiviruse sites in which you can enter the phone number to which you require sending money and, if there are lock codes for this number in the database, they will be communicated to you for free. Beware of sites where you are asked for the same thing: most likely, the code that you will not work there will not work there.