Detailed instructions for unlocking a computer, in case you have become a victim of a so-called banner that reports that your computer is blocked. Several common methods are considered (the most perhaps effective in most cases is the Windows registry editing).
If the banner appears immediately after the BIOS screen, prior to the start of Windows loading, then solutions in the new article how to remove the banner
general information
Such an attack, as SMS banners, extortionists are one of the most common problems among today's users - I say it as a person engaged in the repair of computers at home. Before talking about the ways of removing SMS banner, I will note some of the moments of a general nature that may be useful for those who are faced with this for the first time.So, first of all, remember:- No money to send no money - in 95% of cases it will not help, it is also not worth sending SMS to short numbers (although banners with a similar requirement falls on less).
- As a rule, in the text of the window appearing on the desktop, there are references to what terrible consequences are expected to be waiting for you if you feel and do it in your own way: deleting all data from a computer, criminal prosecution, etc. "It's not worth believing any of the written, all this is allocated only that an unprepared user, without understanding, as soon as possible to put 500, 1000 or more rubles to the payment terminal.
- Utilities that allow you to get the unlock code very often do not know this code - just because in the banner it is not provided - there is a window for entering the unlock code, and there is no code itself: scammers do not need to complicate life and provide for the removal of your SMS of the extortioner, they need Get your money.
- If you decide to refer to specialists, you may face the following: some companies that provide computer assistance, as well as individual wizards, will insist that in order to remove the banner, you must reinstall Windows. It is not so, reinstalling the operating system in this case is not required, and those who claim the opposite - either do not have sufficient skills and use reinstalling as the easiest way to solve the problem that does not require them; Or put a task to get a large amount of money, since the price of such a service as an OS installation is higher than the removal of the banner or treatment of viruses (moreover, some assign a separate cost for saving custom data during installation).
Perhaps it is enough to introduce into the topic. Go to the main topic.
How to Remove Banner - Video Instruction
This video clearly shows the most effective way to remove the winking banner using the Windows registry editor in safe mode. If something is not clear from the video, then the same way is described in detail in text format with pictures.
Removing a banner using the registry
(not suitable in rare cases when the extinct message appears before Windows boot, i.e. immediately after initialization in the BIOS, without the appearance of the Windows logo when loading, pops up the text of the banner)
In addition to the case described above, this method works almost always. Even if you are a novice in working with a computer, you should not fear - just follow the instructions and everything will work out.
First you need to access the Windows Registry Editor. The easiest and most reliable way to do this is to download the computer in secure mode with command line support. To do this: Turn on the computer and click F8 until the download mode selection list appears. In some BIOS, the F8 key can call a menu with a disc choosing from which you want to boot - in this case, select your main hard drive, press ENTER and immediately after this - again F8. We choose the already mentioned - secure mode with command line support.
After that, wait for the console to load with the command input. Enter: regedit.exe, press ENTER. As a result, you must see the Windows Regedit registry editor. The Windows registry contains system information, including data on automatic program startups when starting the operating system. Somewhere there I recorded myself and our banner and now we will find it there and delete it.
On the left in the registry editor, we see folders called sections. We have to verify that in those places where this so-called virus can register, there were no extraneous records, and if they are there - remove them. There are several such places and check everything. Begin.
Go to B.
HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Run- Right We will see a list of programs that run automatically when the operating system is loaded, as well as the path to these programs. We need to remove those that look suspiciously.
As a rule, they have names consisting of a random set of numbers and letters: ASD87982367.exe, one more distinctive feature is to find in the C: / Documents and Settings / folder (subfolders may differ), it may also be a MS.exe file or other files Folders C: / Windows or C: / Windows / System. You should remove such suspicious entries in the registry. To do this, make the right click in the Stage name called the parameter and select "Delete". Do not be afraid to delete something wrong - it does not threaten anything: it is better to remove any more unfamiliar programs from there, this will not only increase the likelihood that there will be a banner among them, but also, perhaps, will speed up the work of the computer in the future (in some The autoload is a lot of all too much and unnecessary, which is why the computer slows down). Also, when removing parameters, you should remember the path to the file, so that it is then removed from its location.
All of the above repeat for
HKEY_LOCAL_MACHINE -> Software -> Microsoft -> Windows -> CurrentVersion -> RunThe following sections are somewhat different:
HKEY_CURRENT_USER -> Software -> Microsoft -> Windows NT -> Currentversion -> WinLogon. Here you must make sure that the parameters like Shell and Userinit are missing. Otherwise, delete, here it is not a place. Hkey_local_machine -> Software -> Microsoft -> Windows NT -> CurrentVersion -> WinLogon. In this section you need to make sure that the value of the userinit parameter is set as: C: \ Windows \ System32 \ userinit.exe, and the Shell parameter has the Explorer.exe value.
In general, everything. Now you can close the registry editor, enter the EXPLORER.EXE to another unclosed command line (Windows desktop will start), delete files whose location we found out during the registry work, restart the computer as usual (since it is in safe ). Most likely everything will work.
If you cannot boot in safe mode, you can use any Live CD, which includes a registry editor, such as Registry Editor PE and make all the above operations in it.
Remove the banner using special utilities
One of the most efficient utilities for this is Kaspersky WindowsUnlocker. In essence, it does the same thing that you can do manually using the method described above, but automatically. In order to use it, you must download the Kaspersky Rescue Disk from the official site, write a disk image on an empty CD (on a not infected computer), after which it is booting from the created disk and do all the necessary operations. Using this utility, as well as the necessary disk image file available on http://support.kaspersky.ru/viruses/solutions?Qid=208642240. Another excellent and simple program that will help easily remove the banner, is described here.
Similar products from other companies:- Dr.Web Livecd. http://www.freedrweb.com/livecd/how_it_works/
- Avg Rescue CD. http://www.avg.com/use-en/avg-Rescue-cd-download
- Rescue image VBA.32. Rescue. http://anti-virus.by/products/utilities/80.html
- http://virusinfo.info/deblocker/
- https://www.drweb.com/xperf/unlocker/
- http://sms.kaspersky.ru/
Banner appears before Windows boot
A rather rare case when the extortion is loaded immediately after turning on the computer, which means that the fraudulent program has been loaded to the basic boot record of the MBR hard disk. In this case, to get to the registry editor will not work, moreover, the banner is not loaded from there. In some cases, the Live CD will help us, download which by reference indicated above.
If you have Windows XP installed, you can correct the hard disk boot section using the operating system installation disk. To do this, you need to boot from this disk, and when you are offered to enter the Windows Recovery Mode by pressing the R key to do it. As a result, a command line should appear. In it, we need to execute the command: FixBoot (confirm by pressing Y on the keyboard). Also, if your disk is not broken into several partitions you can execute the FixMBr command.
If there is no setting disk or if you have another version of Windows installed, it is possible to correct the MBR using the Bootice utility (or other utilities to work with the hard disk boot sectors). To do this, download it on the Internet, save the drive on a USB and start a computer with Live CD, then run the program from the flash drive.
You will see the next menu in which you want to select your main hard drive and click the Process MBR button. In the next window, select the type of boot record you need (usually it is automatically selected), click the Install / Config button, then OK. After the program executes all the necessary actions, restart the computer without Live CD - everything should work as before.