extortionists are different…. This article discusses ways to get rid of ransomware, a malicious program, usually a Trojan, that locks a computer and offers to send money to a specific e-wallet or a paid SMS to a short number to restore its work. As a rule, after sending money or SMS, nothing changes, and the cost of SMS turns out to be much higher than that which was indicated initially. Ransomware viruses are different: some restrict the work with the browser or access to websites; others encrypt the user's files; still others block access to OS resources or restrict actions in it. Usually, such viruses hide among files with the rar, zip, bat, exe, com extension.
Instructions
Step 1
If you cannot access the Internet or go to most sites, and a message appears stating that you need to send a paid SMS, then most likely you are dealing with the following viruses: Trojan-Ransom. BAT. Agent.c or Trojan-Ransom. Win32. Digitala (Get Accelerator, Digital Access, Get Access, Download Manager v1.34, Ilite Net Accelerator). The first virus has the bat extension, it modifies the Hosts file located in the root directory of the C drive (Windows-95/98 / ME) or in the WindowsSystem32driversetc folder (Windows NT / 2000 / XP / Vista). Open this file using any text editor and remove all lines except 127.0.0.1 localhost. After that, scan your computer with an antivirus and restart it.
Step 2
If a virus of the Trojan-Ransom. Win32. Digitala group appears: find out the activation code required to restore the computer's performance. Using another computer or mobile phone, go to the website of one of the anti-virus software manufacturers, go to the page with the service for deactivating ransomware-viruses. Then fill in a few fields and get a code to unlock your computer. After unlocking, update the database and scan your computer.
Step 3
If the unlock code you received did not help, try treating your computer using the Digita_Cure utility (a Kaspersky Lab product), which is specially designed to treat ransomware of the Trojan-Ransom. Win32. Digitala group, or use the CureIt program (a Dr. Web product) that can detect other types of viruses. Before starting the treatment, close the Internet access and restart the computer in safe mode - press F8 immediately after turning it on and select “Boot in safe mode. Then launch the USB flash drive or disk with the utility, and run a full scan of the computer. After disinfection, reboot as usual.
Step 4
If you are using the Internet Explorer browser, and when you visit any site, a banner with a demand for money appears, then you have been visited by a Trojan-Ransom. Win32. Hexzone or Trojan-Ransom. Win32. BHO virus. To get rid of it: open a browser and find in the menu the item "Tools" - "Add-ons" - "Enable or disable add-ons". After that, all the add-ons that are installed in the browser will appear. Check all add-ins and look for those that do not have an entry in the Publisher column or that say Not Verified. Now disable them one at a time and then launch the browser each time. After disabling the malicious add-on, the banner will disappear.
Step 5
If you cannot run any program except Outlook Express and Internet Explorer, then this is the Trojan-Ransom. Win32. Krotten virus that blocks the operating system. Contact the free unlock service. After unlocking, check your computer with an antivirus program with fresh databases. To avoid such cases, observe safety rules and do not save on computer protection, use only licensed antivirus programs, and store especially important files on disks or flash drives.