Menu
homeFiles and folders

What to do if windows are blocked. Treating MBR using antivirus utilities. Fixing problems after removing ransomware

Those who are “lucky” to encounter such malware, will understand well how unpleasant and serious this problem is. Just imagine, you downloaded some file from the Internet, for example e-book. So, you open the downloaded archive, and suddenly a message appears on the entire screen that the computer is locked and to unlock it you need to top up an account or transfer money to a wallet. In addition, there will definitely be a threat that if the requirements are not met, important data for you may be lost, damaging your reputation different ways and even damage and failure of the computer. That's it, you can't do anything anymore, the computer doesn't respond to any commands and even rebooting and trying to call the task manager doesn't help.

Don’t be scared, all these threats are just a bluff, and even more so, you shouldn’t transfer any money to anyone. Such viruses do nothing more than block your PC. They are created by students, or children in general, who simply used a ready-made product in the hope of easy profit.

You can become infected with such malware by downloading something from the Internet. It is also common for computers to be accessed through vulnerabilities in the browser. No one is safe from this anymore, because to get infected you just need to go to an infected website.

Such viruses, once on a PC, register themselves in startup and block the work of all key applications, which you can use while covering the entire screen with a lock message. But no matter how terrible this thing is, such malware can be avoided special effort get rid of.

Removing the Windows blocked banner

The images below show examples of banners.

First of all, you should understand that you should not follow the instructions in the banner. Don’t send money to anyone or send SMS, no one will send you an unlock key anyway, and you’ll just waste your money. Follow instead the following recommendations, which will help you rid your computer of Winlock.

First, find any other working computer or smartphone. And through it, visit the websites of the antivirus companies DrWeb or Kaspersky. You will find there special services selection of keys for unlocking. Enter the required data there, after which a key will be generated. Take this badass and write it in the field of the banner that has blocked the computer. Quite often this method helps.

You can also download a utility from the Kaspersky and DoctorWeb websites that can be used to scan your computer for malware.

(Marked with number 1 on the screenshot)

If you are faced with a program that encrypts data that is important to you and also requires money, then you need to use various additional programs who can decipher them. (Marked with number 2 on the screenshot)

I recommend recording similar utilities on a flash drive or disk in advance so that, if necessary, you can use the necessary tools without resorting to the help of an additional computer.

How to start the OS if Windows is locked?

We will launch Windows in safe mode. To do this, after turning on the computer, before loading Windows, you must press the F8 key. Using the arrows on the keyboard, you can select the desired boot mode. Will good sign, if the virus does not start in safe mode. If Winlock does start, then you can try another mode that has command line support. If it doesn't help in any of the cases, there is still one more option - start the OS with bootable flash drive or disk.

To create such a flash drive or disk, you must download Windows PE. And write the downloaded disk image to a suitable storage medium. After which, immediately after you turned on the computer and the Bios screen, press the Del key (or F2/F10/F12 depending on motherboard, having learned this in the instructions). You will be taken to the menu Bios settings, in which you need to set the floppy drive or usb first in the queue for loading the OS and save the changes. Don't forget to insert your disk/flash drive and restart your computer. After this, Windows PE will start, which will already have a fairly rich toolkit necessary to remove Winlocker.

If you were able to start your native OS, then scan with the anti-virus utilities recorded on the storage medium. If you started with Windows PE, then run these applications from a flash drive. Additionally, you can use the applications that come with this Windows OS.

How unlock computer manually?

This method often helps: through file manager, clear all temporary Temp folders and folder Application Data(is in home folder user).

Completely clearing all caches installed browsers. Delete the file through which you were infected, if there is one. After all these steps, restart your computer. If all this does not save you from the banner, try the following recommendations.

Look for all files with a recent modification date, this way you can find winlock files. Quite often, you can deactivate a virus by resetting the date in the BIOS several years ahead or back.

If you managed to start your native system in safe mode, then a mandatory step will be to clean the registry. Open the registry editor through the Run application by entering the regedit command. If there is command line support, then the same command can be entered in the console.

Next you should go to this branch: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Pay attention to the following parameter: Shell, which should contain “explorer.exe”, and in the parameter Userinit The value should be "\WINDOWS\system32\userinit.exe". If the values ​​of these parameters are not the same, then change them to what they should be. It would be better to rewrite these values ​​again, even if they are not different.

It is necessary to check the branch associated with autoloading, which is located on this path.

Currently exists great amount various computer viruses, which can ruin the life of any Windows 7 - 10 user. If you have a situation where a virus has blocked the operating system and the computer will not start, do not panic, perhaps the problem can be solved.

There is a type of virus that blocks a specific website or the entire system and asks you for money to unblock it. If after starting your computer you see, then a similar virus has entered your computer. The problem may not even go away after reinstalling the OS.

What to do in this case?

If your computer is infected with a system-locking virus, you can use an antivirus program that scans your computer before it starts. Are capable of this high-quality antiviruses, such as Kaspersky or Doctor Web. In order to unlock the system, you will need Internet access, a flash drive and another working computer.

Download from the official website antivirus system Dr.Web LiveDisk program (link - http://www.freedrweb.com/livedisk/). Next, insert the USB flash drive into the computer and launch the program. In the window that appears, you need to specify the flash drive, we need to check the box next to formatting operations and click on creating a utility at the bottom.

Wait a while. After the information is written to the drive, you will see a window notifying the creation of the disk disaster recovery on your flash drive.

Next, we execute and specify in the BIOS to launch from a flash drive. You will see an antivirus utility window in which you will need. Then check the boxes in the terms of the license agreement. After this, when the program asks you to select objects to scan, check the boxes next to all the disks and files that exist. Launch the utility.

After scanning, the program will display a list of viruses. Perform the neutralization operation after the program prompts and they will be deleted.

Hello my readers! It is unlikely that the average user of the Windows operating system can be surprised by the extortion of money using the malicious Winlock Trojans, better known among the people as the “Windows blocker”.

And it’s not surprising, because every second inexperienced user, having ignored the importance of the security of his computer, automatically sent himself to White list scammers who, as practice shows, quite cleverly “cheat” frightened and confused newcomers who don’t know how to react to such a situation.

Therefore, answering the questions: how to avoid becoming a victim of deception? and what to do if windows is locked? I suggest you carefully study the material presented below, which guarantees getting rid of the problem with a few clicks of the mouse.

Where it all begins

One evening, as usual, while browsing various sites on the Internet, reading the news feed, your computer may freeze. And a terrifying banner may appear in the center of the screen, which obscures almost the entire desktop and asks to send an SMS (which, obviously, is not free) or asks to top up the account specified in the request mobile number. Otherwise, all materials from the computer will be automatically destroyed.

I'll give you some practical advice What to do if Windows is locked and asks for a code. I'll bring you best options unlocking the system.

Without unnecessary movements

Fortunately, for some Trojans you can actually find an unlock code, which, although rare, completely destroys the virus from the system.

Pick up required code possible with the help of known antivirus databases(more specifically, in a couple of minutes you can find key data on their main pages).

Service Windows unlock available from the company:

  • "Doctor Web "
  • « Kaspersky Lab»

You can open the required page if your system is locked from any other PC, tablet or phone.

Important ! Having unblocked access to the system, do not rejoice prematurely. The next step is to scan the disk using any antivirus program.

System Restore

Before moving on to complex and tricky methods special software, I suggest you try to eradicate the problem using the means at hand, or rather, call the task manager in the way you are familiar with (usually Ctrl+alt+Del).

Happened? Then congratulations, you are dealing with the mediocre and a simple Trojan, which can be removed easily and quickly.

  • We find a suspicious foreign process in the list of processes.
  • We forcefully terminate it.

An example of what your virus might look like.

Often, a third-party process has a vague name and is displayed without a description. Identify those in the list and forcefully terminate them. I advise you to do this slowly and one at a time until the banner disappears.

If a miracle does not happen and the task manager is not called, then I suggest moving on to the use stage third party manager Explorer.exe processes, which can be downloaded from the link. The program can be launched using the “Run” command (press Win + R).

The explorer.exe directive makes it very easy to identify a suspicious process.

Military strategy

Another way you can cope with the virus is by using some standard programs, including an ordinary notepad or Wordpad.

To do this, you “blindly” (after all, you can’t close or hide the banner yet) you will need:

  1. Launch the Run utility (Win+R)
  2. Write “notepad” in it and click on the “Enter” key.
  3. Ideally, a new one will launch under the banner window text file, in which you type any (no matter what) text and press the power off button on the system unit.
  4. Next, all processes running in the system will begin to terminate, except for Notepad, which will ask you to “save” or “close without saving” the document (which we, of course, leave unchanged for now).
  5. After the virus is deactivated, as in previous method, find the location of the Trojan and destroy it.

More advanced way

For hacker viruses, “unrealistically complex” Trojans are a way to counteract Task Manager or others system components will not help.

Therefore, it’s time to move on to heavy artillery, or rather to safe mode.

Step-by-step instruction:

  1. We restart the computer, and while the operating system is loading, hold down the F8 key (sometimes the button is different, it depends on your PC).
  2. In the new window (which requires you to select a boot method), select “Safe Mode + Command Prompt”.
  3. After loading, enter regedit in the command line, press enter and launch the registry editor.
  4. Analyzing the Registry Editor running applications on PC.
    Most likely you will see the full path to the Trojan files located in the Shell key and in the Userinit branch. In “Shell” the virus is listed instead of explorer.exe, and in “userinit” it is listed after the comma.
  5. Copy full name virus to the clipboard.
  6. Type “del” on the command line, press space and right key mouse to call up the context menu.
  7. In the menu window, select the "Insert" command and press Enter.

Voila, the first Trojan file has been successfully destroyed. We carry out a similar operation with the second and subsequent ones (if any).

Well, that's all, the basics current methods I prescribed restoration of access to data. If all of the steps described above are difficult for you due to ignorance and fear of making it even worse, I recommend that you take the training course “ computer genius" It will help you gain courage and understand the basics of PC ownership.

I hope that now I can be calm for you and for the safety of your information. Be sure to share this useful information with friends on social media networks, they will probably also find this material useful. Don't forget to subscribe to blog updates and install reliable antivirus! See you again!

Sincerely! Abdullin Ruslan

Very many Windows users We have encountered that sometimes the computer locks up. Messages like “Your Windows is locked” can appear in several cases. And this is not always associated specifically with viral exposure. The fact is that the system itself can issue notifications this kind of. Next, it is proposed to familiarize yourself with possible situations and basic methods for eliminating such a problem.

Your Windows computer is locked: possible reasons for this phenomenon

So, let's start with the root causes of blocking the operating system itself, the registration record, the disk, or access to some applications. In general, there may not be many situations when it is reported that a Windows computer is blocked.

Among all the problems that occur most often, the following problems can be identified:

  • the system is blocked due to lack of activation;
  • access to programs is limited by the security system or administrator;
  • The system is blocked by ransomware viruses.

What to do if Windows 7 is locked after installation?

It is no secret that for all systems of this family, including the previously freely distributed tenth modification, a special license key must be entered during the installation process. However, in any installer you can skip this step, postponing activation of the operating system until later. The system will work, but its use is usually limited to thirty days.

If you do not enter the activation code during this time, a constantly hanging notification will appear on the screen in the system tray stating that, for example, Windows 7 is blocked. In other words, it will be impossible to use it fully. As is already clear, to correct the situation it is necessary to carry out activation. After successful completion of the procedure and reboot, a system notification that Windows system blocked will disappear. Many users, unfortunately, constantly postpone registration, leaving this procedure for later, and do not keep track of deadlines at all trial period. Thus, ordinary inattention leads to the fact that the entire system at one point stops working.

Using the activator

However, not all users strive to purchase official copies of the system and do not always have the necessary activation keys available. It is clear that in this case a message will again be displayed stating that Windows is blocked. What to do in such a situation?

There is a solution, although it can be attributed to some illegal actions on the part of the user that violate international law. However, this never stopped our user. If you want to activate the system without a key, just use utilities like KMSAuto Net, which produce this procedure automatically. The only thing you should pay attention to is the agreement to enter the reactivation process into the “Task Scheduler” ( re-registration will be carried out every ten days). In addition, the file itself cannot be deleted. If an antivirus or the protection system of the OS itself (Defender and firewall) is triggered, the object must be added to the exclusion lists of all tools that monitor system security. In the firewall, you can immediately add a program to the list of allowed ones or create a new rule to run it. Exactly the same actions are performed in antiviruses.

Administrator rights

But both the computer administrator and the system administrator can block access to Windows if network modifications are used. In this case we're talking about not only about restricting the use of programs or system tools, but even about the fact that logging in at the registered user level will simply be impossible.

So, if the administrator has blocked Windows 10 from logging in, the solution is obvious - you need to contact him to restore access. If you know the administrator username and password, the solution looks even simpler. Simply log in as an administrator, go to account management, select your registration and set the necessary rights or remove the lock. By the way, setting the appropriate change rights system parameters or disabling account control can also be useful if Windows 10 blocked the program, considering it unreliable when trying to install or when starting after its installation.

The most simple solution looks exactly which can be accessed through search engine Windows (so as not to rummage through various menus for a long time). In the settings window, you just need to move the slider to the lowest position, save the settings and restart. You can also disable the firewall and the TrustedInstaller service. If some applet has blocked Windows, you can unblock it, but after installing constant start on behalf of the administrator. To do this, use the properties section of the executable file or its shortcut and check the corresponding line so that the application always starts with necessary for the user rights, but the system did not issue constant requests about trust. By the way, the same applies to the TrustedInstaller service, which can be disabled in the simplest way through the services section, where in the parameters it is first deactivated, and then the disabled start option is set for it in the startup type.

Blocking by viruses: options to correct the situation

Finally, one of the most common situations is the inability to log into the system, when a constantly hanging banner appears on the screen during the loading process notifying that the computer is blocked (Windows is blocked) due to visits to some dubious sites on the Internet or distribution inappropriate content, which allegedly originates from your address.

In fact, the operating system itself does not provide for such a blocking, and the user is dealing with an ordinary ransomware virus, which, in addition to everything, also issues a requirement to pay a certain amount, after which the system should seem to return to normal. Do not even think about transferring anything to the specified details. You can get rid of this kind of viruses even more simple methods:

  • restore the system from a checkpoint;
  • remove virus keys from system registry;
  • use antivirus software.

System Restore

Let's consider a situation where, for example, Windows XP is blocked. The system does not start, and at the stage of loading the “Desktop” the above banner appears.

To begin with, you can try to forcefully turn off your computer or laptop, then turn it on again and see if it starts automatic recovery. If for some reason this does not work, turning it on and off will need to be done several times so that the system itself determines what has been done incorrect termination work.

If the recovery still doesn’t work, the system won’t boot, or at startup it turns out to be locked Account Windows, you can use the classic method of selecting the boot type by pressing the F8 key at startup (in Windows 10 this option does not work, and you can use removable media). Here you simply choose to load the last working configuration and see how the system behaves.

If this does not help, try starting in safe mode, and then entering the system recovery settings through the “Control Panel” and performing a rollback using control point, which preceded the virus’s penetration into the system (if there is no such point, click on the link to show other points).

Using Registry Editor in Safe Mode

But let's assume that this had no effect. Again we see a situation where Windows is blocked by a virus application. What to do in this case?

First, you should boot in safe mode with command line support, and then call the registry editor through the console ( regedit command). Now comes the most important part.

First of all, you need to find the Shell and Userinit keys in the HKLM branch, which are located in the Winlogon directory. For the first entry (without options), the value explorer.exe must be specified, and for the second, the full path to the executable file userinit.exe, which is located in system folder System32 of the Windows root directory in the system partition (usually on drive C).

After that, you should check the similar section in the HKCU branch. Here in the same directory the above keys should not exist at all. If they are present, they must be removed. Then, to be sure, you need to check the Run and RunOnce directories in the HKLM and HKCU branches. In these sections you need to get rid of all suspicious entries in which references to executable EXE files, the names of which consist of a meaningless set of characters (if for some reason you doubt whether to delete a certain key, just go to edit parameters by double-clicking and set the value to one - this will disable the execution of the application, and if necessary, the value can be will be returned to its previous state after eliminating the main problems with the operating system itself, but after it has been restarted in working order).

Next step, if the Windows disk is locked, it will be cleaned. To do this, the same command line is used, but the abbreviation cleanmgr is written in it. In the window that appears, you need to check all the lines that are present in the list, with the exception of the file deletion item Reserve copy.

After editing the registry and the cleaning procedure, you can restart the computer and see how the boot will proceed. If for some reason the start is impossible again, command console enter explorer.exe, go to user Users folder, in your directory, go to AppData folder and in subdirectories, delete files with the names that you got rid of in the registry.

If, when performing the specified actions with the registry and system partition It is not possible to call the command line via start in safe mode; you will have to boot from removable media (installation or recovery disk/flash drive) and then perform similar procedures. The command console in this case is the most in a fast way can be activated via Shift combination+ F10.

AntiWinLocker application

But what to do if even after this it turns out that your Windows computer is blocked by an application viral in nature? This is where specialized utilities will come to the rescue. One of the most interesting can be called the described boot program, which allows you to start while being recorded on an optical or USB media.

After starting the program you must accept license agreement and choose automatic start. Next, this tool will produce full check computer system and will indicate exactly where the viruses are located. You can delete them immediately or leave such actions for later, but after the restart you will additionally need to launch some antivirus scanner. In theory, the system should boot into normal mode.

If the previous solution did not help, and again it turns out that your Windows computer is locked, you can use an equally effective utility Kaspersky Rescue Disk, which also starts from removable media.

After launching the utility, you first need to select the language and preferred interface (graphical is best). After this, you can either scan for viruses or go directly to unlocking the system. For the first option, all disks and partitions are marked, after which the scanning process starts.

For the second option, use the terminal line, called through the main menu button (like “Start” in Windows), and enter the line windowsunlocker in the console that appears. After this, a black window similar to a command console will appear, where three options will be offered. To instantly unlock, enter one, after which all you have to do is wait for the process to complete. However, even if an immediate scan is carried out and a virus is detected and it is removed or neutralized, starting the operating system will be possible. By the way, this particular program allows you to detect and eliminate almost all known threats, so its use in case of deep infection is as effective as possible.

AVZ program

Now there is another situation in which it turns out that Windows is blocked. AVZ program or some portable scanner can be used, so to speak, for a control shot - checking the system and/or restoring it with eliminating detected problems.

The application starts when the system starts from removable media or in safe mode, after which the recovery option is selected from the file menu. Mark everything you need and click the button to perform the selected actions. But it’s too early to rejoice. Next, you need to go to the built-in “Troubleshooting Wizard”, select systemic problems and the “All” item, mark all lines and perform the necessary actions to scan and eliminate the faults found. After this, you need to use the browser settings and tweaks section in the same way, and then through service menu go to the Explorer extensions editor, where you uncheck all the items marked in black. Next, through the same service menu you need to go to the manager Internet extensions Explorer and delete all the lines that appear in the settings window.

When your Windows computer is locked, starting this application may not work in safe mode. If you want to use exactly this option for starting the utility, you can use boot menu system (F8) and select first to launch the recovery tool, and then use the command line, from which you need to launch the standard Notepad by entering notepad commands. In this program, you should open the AVZ.exe file, selecting “All” in the file type, and executable file launch the antivirus via RMB with the selection of the line “Open” and not “Select”, since using the second item will only result in the text representation of the compiled file being shown, and not its start as an executable applet.

What to do if nothing helps?

As is already clear, block access to Windows viruses They can do it quite simply. Typically, such situations are associated with outdated versions XP, however, it is far from a fact that later modifications cannot be subject to such effects.

However, returning to the main question, we can assume that none of the above solutions gave a positive result. What to do in such a situation? Here, as a last option, you can suggest removing the hard drive with the infected system, connecting it to an uninfected one computer terminal and check it for viruses using a portable antivirus launched from the computer to which your HDD. What to use? In principle, utilities like Dr. are a good idea. Web CureIt or KVRT from Kaspersky Lab. In them, however, note the boot or hidden areas connected HDD It won’t work, but this solution can be used as a last option (of course, provided that no other measures help).

Instead of a total

That, in fact, is all that concerns the occurrence of problems when the system or some of its functions are blocked. If operating system starts, we can immediately conclude that the bans were imposed due to lack of activation or represent security measures on the part of the system itself or the computer administrator. But in the case of messages appearing in the form of banners, this a clear sign viral impact.

As for eliminating problems and bringing the system back to normal operational state, for activation it is best to use KMSAuto Net (the program is portable and does not require installation), to eliminate problems with prohibitions from the OS itself, disabling it is suitable UAC control or giving yourself extended rights to change system configuration or access blocked programs. Well, to combat viruses without utilities, which start even before the main Windows modules are loaded, in in this case it can be impossible to get by.

Yes, and here's another thing. Even if the operating system starts in safe mode, under no circumstances is it recommended to use supposedly antivirus programs like SpyHunter, since threats may be detected and will be, but it will be impossible to remove them or neutralize them without purchasing the main application. In addition, then getting rid of anti-virus applets of this type will be much more difficult than removing threats detected by other applications, for example, programs from Kaspersky Lab. So, if you are asked to download and install such utilities, it is better, as they say, not to take risks.

What should you do when, when you turn on your computer, it says Windows is locked? This situation itself indicates that the computer is infected with a virus. When working on the Internet, viruses pose the most serious security threat; the Windows operating system is especially vulnerable to them. The main causes of infection are the lack of an antivirus or the use of a program with outdated databases, lack of necessary updates systems, visiting dubious sites, downloading and running unverified software.

There are different types of viruses, but blockers are one of the most unpleasant ones. Once on a PC, such a virus completely blocks its operation. A banner appears on the screen with text in which the owner of the computer to Windows unlock offer to list a certain amount. The cursor moves only within the window hacker program, rebooting doesn't help. It is not possible to remove the virus on your own, since you cannot get to its process.

Restoring Windows to normal operation

What should I do if my computer says Windows is locked? Remember appearance blocker windows and ransomware contact information. If a second OS is installed, boot from it and go to the Kaspersky Lab or Dr.Web website. Open the section dedicated to Windows blockers. Find the option that matches yours in the list, or enter its details in the search box. You will be given an unlock code. It must be entered in the window virus program, after which the operating system will start working normally again.

Unfortunately, the codes are not known for all versions of ransomware, so this option it may not work. In this case, you can try downloading a disk image from the same sites that will allow you to remove the virus from your computer. An image saved on a computer is written to disk - for example, using Nero programs. After that, it must be launched when you turn on the computer, selecting boot from CD. The utility will clean your PC of the virus and remove all traces of its presence.

It is clear that not every user can independently perform all these rather complex operations. In many cases, it is much easier and more effective to seek help from an experienced specialist. If you have the problem described above, call us - the called technician will come to your home, having everything with him necessary utilities, and will quickly restore your PC. We guarantee high quality work and low prices.