What to do if Windows 7 is blocked. How to unlock Windows from a ransomware virus. Your Windows computer is locked: possible reasons for this phenomenon

As a rule, this is a Trojan from the Winlock family. It’s easy to identify: if an image of a pornographic or, conversely, business nature appears on the screen, and the computer stops responding to commands, this is our client.


The banner often contains the message “Your computer is blocked” and an offer to send a paid SMS or deposit money to a specified account - supposedly only after this the harmful banner (and with it the blocking of the PC) will disappear. There is even a field in the image where you need to enter a special code, which should arrive after fulfilling the above requirements. The principle of operation of such malicious elements comes down to substituting Shell parameters in the operating system shell and leveling the functions of Windows Explorer

There are several generations of ransomware viruses. Some of them are neutralized in a couple of clicks, others require more serious manipulations. We will give methods that, using which, you can cope with any Trojan of this kind.

Method No. 1

Task Manager

This method will work against primitive Trojans. Try calling the regular task manager (key combination CTRL+ALT+DEL or CTRL+SHIFT+ESC). If this succeeds, find in the list of processes what should not be running and terminate it.

If the dispatcher is not called, you can also use the process manager via the Win+R keys. In the “Open” field, enter the word “notepad” and press ENTER - this will open the Notepad application. In the application window that opens, type arbitrary characters and briefly press the on/off button on your laptop or desktop PC. All processes, including the Trojan, will end immediately, but the computer will not turn off. While the virus is deactivated, you can find files related to it and eliminate them or perform an antivirus scan.

If you haven't had time to install antivirus software, you may ask: how to remove ransomware from your computer? In most cases, the offspring of the evil Winlock family sneak into the directories of some temporary files or temporary browser files. First of all, check the paths:

C:\Documents and Settings\directory containing username\ and

C:\Users\directory by username\AppData\Roaming\.

There, look for “ms.exe”, as well as suspicious files with a random set of characters like “0.277949.exe” or “Hhcqcx.exe” and delete them.

Method No. 2

Removing virus files in safe mode

If the first method did not work and Windows is blocked, what should you do in this case? There is also no need to get upset here. This means that we are faced with an advanced Trojan that replaces system components and blocks the launch of the Task Manager.

In this case, we will have to choose to work in safe mode. Restart your computer. When Windows starts, hold F8. From the menu that appears, select “Safe Mode with Command Line Support.”

Then in the console you should write: “explorer” and press ENTER - you will launch Explorer. After this, write the word “regedit” in the command line and press ENTER again. This will open the registry editor. In it you can find the records created by the Trojan, and also the place from where it autoruns.

The paths to the files of the malicious component will most likely be in the Shell and Userinit keys (in the first it is written explorer.exe, and in “Userinit” it can be easily identified by a comma). The next procedure is as follows: copy the full name of the detected virus file with the right button to the clipboard, write “del” on the command line, then put a space and paste the copied name. ENTER - and you're done. Now you know how to remove ransomware virus.

We do the same with other infectious files.

Method number 3

System Restore

We boot the system in safe mode, as described above. In the command line we write: “C:\WINDOWS\system32\Restore\rstrui.exe”. Modern versions will also understand simply “rstrui”. And, of course, ENTER.

The “System Restore” window will pop up in front of you. Here you will need to select a restore point, or rather, the date before the virus hit the PC. It could be yesterday, or it could be a month ago. In short, choose a time when your computer was 100% clean and healthy. That's all for unlocking Windows.

Method No. 4.

Rescue disk

This method assumes that you have time to download the software from another computer or go to a friend to get it. Although, perhaps, you have already acquired it with the foresight?

Special software for emergency treatment and system recovery is supplied by many developers directly in anti-virus packages. However, the rescue disk can also be downloaded separately - free of charge and without registration.

You can use ESET NOD32 LiveCD, Comodo Rescue Disk, or . All these applications work on the same principle and can be placed on a CD, DVD, or USB drive. They automatically load along with the integrated OS (most often Linux), block the startup of Windows and, accordingly, malicious elements, scan the computer for viruses, remove dangerous software, and disinfect infected files.

Surely, every fourth user of a personal computer has encountered various scams on the Internet. One type of deception is a banner that blocks the operation of Windows and requires you to send an SMS to a paid number or requires cryptocurrency. Essentially it's just a virus.

To fight banner ransomware, you need to understand what it is and how it penetrates your computer. Typically a banner looks like this:

But there may be all sorts of other variations, but the essence is the same - scammers want to make money from you.

Ways a virus gets into a computer

The first option for “infection” is pirated applications, utilities, and games. Of course, Internet users are accustomed to getting most of what they want online “for free,” but when downloading pirated software, games, various activators, and other things from suspicious sites, we risk becoming infected with viruses. In this situation it usually helps.

Windows may be blocked due to a downloaded file with the extension " .exe" This does not mean that you should refuse to download files with this extension. Just remember that " .exe"may only apply to games and programs. If you download a video, song, document or picture, and its name has “.exe” at the end, then the chance of a ransomware banner appearing increases sharply to 99.999%!

There is also a tricky trick with supposedly the need to update the Flash player or browser. It may happen that you will work on the Internet, move from page to page, and one day you will find an inscription that “your Flash player is out of date, please update.” If you click on this banner and it does not lead you to the official adobe.com website, then it is 100% a virus. Therefore, check before clicking the “Update” button. The best option would be to ignore such messages altogether.

Lastly, outdated Windows updates weaken your system's security. To keep your computer protected, try to install updates on time. This feature can be configured in “Control Panels -> Windows Update” to automatic mode so as not to be distracted.

How to unlock Windows 7/8/10

One of the simple options to remove the ransomware banner is. It helps 100%, but reinstalling Windows makes sense when you don’t have important data on drive “C” that you didn’t have time to save. When you reinstall the system, all files will be deleted from the system disk. Therefore, if you do not want to reinstall software and games, then you can use other methods.

After treatment and successful launch of the system without the ransomware banner, you need to take additional steps, otherwise the virus may resurface, or there will simply be some problems in the operation of the system. All this is at the end of the article. All information has been verified by me personally! So, let's begin!

Kaspersky Rescue Disk + WindowsUnlocker will help us!

We will use a specially developed operating system. The whole difficulty is that you need to download the image on your work computer and or (scroll through the articles, it’s there).

When this is ready, you need. At the moment of startup, a small message will appear, such as “Press any key to boot from CD or DVD.” Here you need to press any button on the keyboard, otherwise the infected Windows will start.

When loading, press any button, then select the language – “Russian”, accept the license agreement using the “1” button and use the launch mode – “Graphic”. After starting the Kaspersky operating system, we do not pay attention to the automatically launched scanner, but go to the “Start” menu and launch “Terminal”


A black window will open, where we write the command:

windowsunlocker

A small menu will open:


Select “Unlock Windows” with the “1” button. The program itself will check and correct everything. Now you can close the window and check the entire computer with the scanner already running. In the window, put a checkmark on the disk with Windows OS and click “Run object scan”


We wait for the check to finish (it can take a long time) and finally reboot.

If you have a laptop without a mouse and the touchpad does not work, then I suggest using the text mode of the Kaspersky disk. In this case, after starting the operating system, you must first close the menu that opens with the “F10” button, then enter the same command in the command line: windowsunlocker

Unlocking in safe mode, without special images

Today, viruses like Winlocker have become smarter and block Windows from loading in safe mode, so most likely you won’t succeed, but if there is no image, then try. Viruses are different and different methods can work for everyone, but the principle is the same.

Reboot the computer. During boot, you need to press the F8 key until the Windows Advanced Startup Options menu appears. We need to use the down arrows to select from the list an item called "Safe Mode with Command Line Support".

This is where we need to go and select the desired line:

Next, if everything goes well, the computer will boot and we will see the desktop. Great! But this does not mean that everything is working now. If you don’t remove the virus and just reboot in normal mode, the banner will pop up again!

We are treated using Windows

You need to restore the system when the blocker banner did not yet exist. Read the article carefully and do everything that is written there. There is a video below the article.

If it doesn’t help, then press the “Win ​​+ R” buttons and write the command in the window to open the registry editor:

regedit

If, instead of the desktop, a black command line is launched, then simply enter the command “regedit” and press “Enter”. We have to check some sections of the registry for the presence of viruses, or, to be more precise, malicious code. To start this operation, go to this path:

HKEY_LOCAL_MACHINE\Software\Microsoft\WinNT\CurrentVersion\Winlogon

Now we check the following values ​​in order:

  • Shell – “explorer.exe” must be written here, there should be no other options
  • Userinit – here the text should be “C:\Windows\system32\userinit.exe,”

If the OS is installed on a different drive other than C:, then the letter there will be different. To change incorrect values, right-click on the line you want to edit and select “edit”:

Then we check:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

There should be no Shell and Userinit keys here at all; if there are, delete them.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

And also be sure to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

If you are not sure whether you need to delete the key, you can simply add a “1” to the parameter first. The path will be incorrect, and the program will simply not start. Then you can return it to how it was.

Now you need to run the built-in system cleaning utility, we do it in the same way as we launched the “regedit” registry editor, but we write:

cleanmgr

Select the drive with the operating system (C: by default) and after scanning, check all the boxes except “Update package backup files”

And click “OK”. With this action, we may have disabled the autorun of the virus, and then we need to clean up traces of its presence in the system, and read about this at the end of the article.

AVZ utility

The idea is that in safe mode we will launch the well-known anti-virus utility AVZ. In addition to scanning for viruses, the program has just a lot of functions for fixing system problems. This method repeats the steps to close holes in the system after the virus has worked, incl. To get acquainted with it, move on to the next point.

Fixing problems after removing ransomware

Congratulations! If you are reading this, it means the system started without a banner. Now they need to check the entire system. If you used the Kaspersky rescue disk and checked there, then you can skip this point.

There may also be one more problem associated with the activities of the villain - the virus can encrypt your files. And even after completely deleting it, you simply will not be able to use your files. To decrypt them you need to use programs from the Kaspersky website: XoristDecryptor and RectorDecryptor. There are also instructions for use there.

But that's not all, because... Winlocker has most likely played a dirty trick on the system, and various glitches and problems will be observed. For example, the Registry Editor and Task Manager will not start. To treat the system we will use the AVZ program.

There may be a problem when downloading using Google Chrome because... This browser considers the program malicious and does not allow you to download it! This question has already been raised on the official Google forum, and at the time of writing this article everything it's already normal.

To still download the archive with the program, you need to go to “Downloads” and there click “Download malicious file” :) Yes, I understand that this looks a little stupid, but apparently Chrome believes that the program can harm the average user. And this is true if you poke it anywhere! Therefore, we strictly follow the instructions!

We unpack the archive with the program, write it to external media and run it on the infected computer. Let's go to the menu "File -> System Restore", check the boxes as in the picture and perform the operations:

Now we go along the following path: "File -> Troubleshooting Wizard", then go to “System problems -> All problems” and click on the “Start” button. The program will scan the system, and then in the window that appears, check all the boxes except “Disable automatic operating system updates” and those that begin with the phrase “Allow autorun from...”.

Click on the “Fix noted problems” button. After successful completion, go to: “Browser settings and tweaks -> All problems”, here we check all the boxes and click on the “Fix marked problems” button in the same way.

We do the same with “Privacy”, but here do not check the boxes that are responsible for cleaning bookmarks in browsers and whatever else you think is necessary. We complete the check in the “System Cleaning” and “Adware/Toolbar/Browser Hijacker Removal” sections.

Finally, close the window without leaving the AVZ. In the program we find “Tools -> Explorer Extension Editor” and uncheck those items that are marked in black. Now let's move on to: “Tools -> Internet Explorer Extension Manager” and completely erase all the lines in the window that appears.

I have already said above that this section of the article is also one of the ways to cure Windows from banner ransomware. So, in this case, you need to download the program on your work computer and then write it to a flash drive or disk. We carry out all actions in a safe mode. But there is another option to run AVZ, even if safe mode is not working. You need to start from the same menu when the system boots, in the “Troubleshoot your computer” mode

If you have it installed, it will be displayed at the very top of the menu. If it’s not there, then try starting Windows until the banner appears and unplugging the computer. Then turn it on - a new launch mode may be offered.

Running from the Windows installation disc

Another surefire way is to boot from any Windows 7-10 installation disk and select not “Install” there, but "System Restore". When the troubleshooter is running:

  • You need to select “Command Prompt” there.
  • In the black window that appears, write: “notepad”, i.e. launch a regular notepad. We will use it as a mini conductor
  • Go to the menu “File -> Open”, select the file type “All files”
  • Next, find the folder with the AVZ program, right-click on the file to be launched “avz.exe” and launch the utility using the “Open” menu item (not the “Select” item!).

If all else fails

Refers to cases when, for some reason, you cannot boot from a flash drive with a recorded Kaspersky image or the AVZ program. All you have to do is remove the hard drive from your computer and connect it as a second drive to your work computer. Then boot from an UNINFECTED hard drive and scan YOUR drive with a Kaspersky scanner.

Never send SMS messages that scammers ask for. Whatever the text, do not send messages! Try to avoid suspicious sites and files, and generally read. Follow the instructions, and then your computer will be safe. And don’t forget about antivirus and regular operating system updates!

Here is a video where you can see everything with an example. The playlist consists of three lessons:

PS: which method helped you? Write about it in the comments below.

Greetings, dear readers of my site. I came across a locked computer and wanted to tell you more about it.

When a computer is locked, a banner appears on the screen with text that does not respond to any key at all: Microsoft security has detected violations of Internet usage. Reason: Watching CHILDREN and GAY porn, visiting porn sites.

To unlock Windows 7 you need to:

Top up your BEELINE subscriber number: 89054296778 in the amount of 500 rubles. (The amount can be any 1000, 2000 or 3000 rubles, depending on the greed of the extortionists) You can pay through a terminal for paying for cellular communications. After payment, on the receipt issued by the terminal. You will find your personal unlock code, which you must enter below.

If within 12 hours from the moment this message appears, the code is not entered, all data, including Windows and bios, will be IRREVERSIBLY DELETED! Attempting to reinstall the system will cause problems with your Microsoft Corporation computer. (CALM IN! THIS IS JUST A PICTURE, IT WILL NOT DO ANYTHING TO YOU)

What to do? Universal method!

We quickly fix the problem ourselves, in two steps,
boot into “safe mode with command line support” and execute:

Reboot the computer. Hooray everything is GREAT!!!

The bad option is that your recovery system is disabled or there are no recovery checkpoints. What to do? Don't despair!

Trojan identification

Kaspersky HEUR:Trojan.Win32.Generic 2013.01.29

DrWeb Trojan.Winlock.7907 2013.01.29

Attention!!! Another similar Banner "Windows is blocked" Trojan Winlock 6999 LokoMoTO banner file MVbCn7d.exe or MXROH_U_MF.EXE, YWR4ATG.EXE

Good luck!!! If it helped YOU, share the link with your friends, tell us how you can solve the problems yourself!

If, when you turn on your computer again, you see a message that Windows is locked and you need to transfer 3,000 rubles in order to get an unlock number, then know a few things:

  • You are not alone - this is one of the most common types of malware (virus)
  • Don’t send anything anywhere, you most likely won’t receive the number. Not to the Beeline account, not to MTS, or anywhere else.
  • Any text stating that a fine is due is subject to the Criminal Code, mentions of Microsoft security and so on are nothing more than a text made up by a would-be virus writer to mislead you.
  • Solving the problem and removing a locked Windows window is quite simple, now we’ll figure out how to do it.

A typical Windows lock window (not a real one, I drew it myself)

I hope the introductory part was clear enough. One last point to which I would like to draw your attention: you should not search forums and specialized antivirus websites for unlock codes - you are unlikely to find them. The fact that the window has a field for entering a code does not mean that such a code actually exists: usually scammers do not “bother” and do not provide it (especially lately). So, if you have any version of Microsoft's OS - Windows XP, Windows 7 or Windows 8 - then you are a potential victim.

How to remove Windows locked

First of all, I'll tell you how to do this operation manually. If you want to use an automatic method to remove this virus, then skip to the next section. But I note that despite the fact that the automatic method is generally simpler, some problems are possible after deletion - the most common of them is the desktop does not load.

Starting Safe Mode with Command Line Support

The first thing we need in order to clear the Windows blocked message is to enter safe mode with Windows command line support. To do this:

  • In Windows XP and Windows 7, immediately after turning on, start frantically pressing the F8 key until the menu of alternative boot options appears and select the appropriate mode there. For some BIOS versions, pressing F8 will select a menu of devices to boot. If this appears, select your main hard drive, press Enter and at the same second start pressing F8.
  • Entering Windows 8 Safe Mode may be more difficult. The fastest way is to turn off the computer incorrectly. To do this, with your PC or laptop turned on, looking at the lock window, press and hold the power (on) button on it for 5 seconds, it will turn off. After the next turn on, you should be taken to the window for selecting boot options, where you will need to find a safe mode with command line support.

Type regedit to launch Registry Editor

Once the command prompt has started, type regedit into it and press Enter. The registry editor should open, in which we will perform all the necessary actions.

First of all, in the Windows Registry Editor, go to the registry branch (tree structure on the left) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, it is here that viruses that block Windows are primarily located.

Shell is the setting in which the Windows virus most often runs. Blocked

Pay attention to two registry parameters - Shell and Userinit (in the right pane), their correct values, regardless of the version of Windows, look like this:

  • Shell - value: explorer.exe
  • Userinit - value: c:\windows\system32\userinit.exe, (with a comma at the end)

You will most likely see a slightly different picture, especially in the Shell parameter. Your task is to right-click on a parameter whose value differs from the desired one, select “Change” and enter the desired one (the correct ones are written above). Also, be sure to remember the path to the virus file that is indicated there - we will delete it a little later.

There should not be a Shell parameter in Current_user

The next step is to go to the registry key HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon and pay attention to the same Shell (and Userinit) parameter. They shouldn't be here at all. If there is, right-click and select “Delete”.

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

And make sure that none of the parameters in this section lead to the same files as Shell from the first paragraph of the instructions. If there are any, we delete them. As a rule, file names are a series of numbers and letters with the extension exe. If there is anything like that, delete it.

Close Registry Editor. You will see the command line again. Enter explorer and press Enter - the Windows desktop will launch.

Quickly navigate to hidden folders using the Explorer address bar

Now go to Windows Explorer and delete the files that were listed in the registry keys we deleted. As a rule, they are located deep in the Users folder and getting to this location is not so easy. The fastest way to do this is to specify the path to the folder (but not the file, otherwise it will launch) in the address bar of Explorer. Delete these files. If they are in one of the “Temp” folders, then you can safely empty this folder of everything.

After all these steps have been completed, restart your computer (depending on the version of Windows, you may need to press Ctrl + Alt + Del.

Upon completion, you will have a working, normally starting computer - “Windows is locked” no longer appears. After the first launch, I recommend opening the Task Scheduler (Task Schedule, can be found through a search in the Start menu or on the Windows 8 start screen) and see that there are no strange tasks there. If found, delete.

Removing Windows locked automatically using Kaspersky Rescue Disk

As I already said, this method of removing Windows lock is somewhat simpler. You will need to download Kaspersky Rescue Disk from the official website http://support.kaspersky.ru/viruses/rescuedisk#downloads from a working computer and burn the image to a disk or bootable USB flash drive. After this, you need to boot from this disk on a locked computer.

After booting from Kaspersky Rescue Disk, you will first see a prompt to press any key, and then a choice of language. We choose the one that is more convenient. The next step is the license agreement, in order to accept it, you need to press 1 on the keyboard.

Kaspersky Rescue Disk menu

The Kaspersky Rescue Disk menu will appear. Select Graphics Mode.

Virus scan settings

After this, the graphical shell will launch, in which you can do many things, but we are interested in quickly unlocking Windows. Check the boxes for “Boot sectors”, “Hidden startup objects”, and at the same time you can also check the C: drive (the check will take much longer, but will be more effective). Click "Run Check".

After the check is completed, you can look at the report and see what exactly was done and what the result was - usually, such a check is enough to remove the Windows lock. Click "Exit" and then turn off your computer. After shutting down, remove the Kaspersky disk or flash drive and turn on the PC again - Windows should no longer be locked and you can return to work.

Many Windows users have experienced that the computer sometimes locks up. Messages like “Your Windows is locked” can appear in several cases. And this is not always associated specifically with viral exposure. The fact is that the system itself can issue notifications of this kind. Next, it is proposed to familiarize yourself with possible situations and basic methods for eliminating such a problem.

Your Windows computer is locked: possible reasons for this phenomenon

So, let's start with the root causes of blocking the operating system itself, the registration record, the disk, or access to some applications. In general, there may not be many situations when it is reported that a Windows computer is blocked.

Among all the problems that occur most often, the following problems can be identified:

  • the system is blocked due to lack of activation;
  • access to programs is limited by the security system or administrator;
  • The system is blocked by ransomware viruses.

What to do if Windows 7 is locked after installation?

It is no secret that for all systems of this family, including the previously freely distributed tenth modification, a special license key must be entered during the installation process. However, in any installer you can skip this step, postponing activation of the operating system until later. The system will work, but its use is usually limited to thirty days.

If you do not enter the activation code during this time, a constantly hanging notification will appear on the screen in the system tray stating that, for example, Windows 7 is blocked. In other words, it will be impossible to use it fully. As is already clear, to correct the situation it is necessary to carry out activation. After the procedure is successfully completed and rebooted, the system notification that the Windows system is locked will disappear. Many users, unfortunately, constantly postpone registration, leaving this procedure for later, and do not at all monitor the expiration dates of the trial period. Thus, ordinary inattention leads to the fact that the entire system at one point stops working.

Using the activator

However, not all users strive to purchase official copies of the system and do not always have the necessary activation keys available. It is clear that in this case a message will again be displayed stating that Windows is blocked. What to do in such a situation?

There is a solution, although it can be attributed to some illegal actions on the part of the user that violate international law. However, this never stopped our user. If you want to activate the system without a key, just use utilities like KMSAuto Net, which perform this procedure automatically. The only thing you should pay attention to is the agreement to enter the reactivation process into the “Task Scheduler” (re-registration will be carried out every ten days). In addition, the file itself cannot be deleted. If an antivirus or the protection system of the OS itself (Defender and firewall) is triggered, the object must be added to the exclusion lists of all tools that monitor system security. In the firewall, you can immediately add a program to the list of allowed ones or create a new rule to run it. Exactly the same actions are performed in antiviruses.

Administrator rights

But both the computer administrator and the system administrator can block access to Windows if network modifications are used. In this case, we are talking not only about limiting the use of programs or system tools, but even about the fact that logging in at the registered user level will simply be impossible.

So, if the administrator has blocked Windows 10 from logging in, the solution is obvious - you need to contact him to restore access. If you know the administrator username and password, the solution looks even simpler. Simply log in as an administrator, go to account management, select your registration and set the necessary rights or remove the lock. By the way, setting the appropriate rights to change system parameters or disabling control of “accounts” can also be useful if Windows 10 blocked the program, considering it unreliable when trying to install or when starting after its installation.

The simplest solution seems to be one that can be accessed through the Windows search engine (so as not to rummage through various menus for a long time). In the settings window, you just need to move the slider to the lowest position, save the settings and restart. You can also disable the firewall and the TrustedInstaller service. If some applet has blocked Windows, you can unblock it, but by setting it to always run as administrator. To do this, use the properties section of the executable file or its shortcut with a check mark on the corresponding line so that the application always starts with the rights the user needs, and the system does not issue constant requests for trust. By the way, the same applies to the TrustedInstaller service, which can be disabled in the simplest way through the services section, where in the parameters it is first deactivated, and then the disabled start option is set for it in the startup type.

Blocking by viruses: options to correct the situation

Finally, one of the most common situations is the inability to log into the system, when a constantly hanging banner appears on the screen during the loading process notifying that the computer is blocked (Windows is blocked) due to visits to some dubious sites on the Internet or the distribution of unwanted content, which allegedly originates from your address.

In fact, the operating system itself does not provide for such a blocking, and the user is dealing with an ordinary ransomware virus, which, in addition to everything, also issues a requirement to pay a certain amount, after which the system should seem to return to normal. Do not even think about transferring anything to the specified details. You can get rid of this kind of virus using simpler methods:

  • restore the system from a checkpoint;
  • remove virus keys from the system registry;
  • use antivirus software.

System Restore

Let's consider a situation where, for example, Windows XP is blocked. The system does not start, and at the stage of loading the “Desktop” the above banner appears.

To begin with, you can try to forcefully turn off your computer or laptop, then turn it on again and see if automatic recovery starts. If for some reason this does not work, turning it on and off will need to be done several times for the system itself to determine that an incorrect shutdown was performed.

If the recovery still does not work, the system does not boot, or at startup it turns out that the Windows account is blocked, you can use the classic method of selecting the boot type by pressing the F8 key at startup (in Windows 10 this option does not work, and you can use removable media). Here you simply choose to load the last working configuration and see how the system behaves.

If this does not help, try starting in safe mode, and then entering the system recovery settings through the “Control Panel” and performing a rollback using the checkpoint that preceded the virus’s penetration into the system (if there is no such point, click on link to show other points).

Using Registry Editor in Safe Mode

But let's assume that this had no effect. Again we see a situation where Windows is blocked by a virus application. What to do in this case?

First, you should boot into safe mode with command line support, and then call the registry editor through the console (regedit command). Now comes the most important part.

First of all, you need to find the Shell and Userinit keys in the HKLM branch, which are located in the Winlogon directory. For the first entry (without options), the value explorer.exe must be specified, and for the second, the full path to the executable file userinit.exe, which is located in the System32 system folder of the Windows root directory in the system partition (usually on drive C).

After that, you should check the similar section in the HKCU branch. Here in the same directory the above keys should not exist at all. If they are present, they must be removed. Then, to be sure, you need to check the Run and RunOnce directories in the HKLM and HKCU branches. In these sections you need to get rid of all suspicious entries in which the current values ​​are set to links to executable EXE files, the names of which consist of a meaningless set of characters (if for some reason you doubt whether to delete a certain key, just go to edit parameters by double-clicking and set the value to one - this will allow you to disable the execution of the application, and if necessary, the value can be returned to its previous state after eliminating the main problems with the operating system itself, but after it has been restarted in working order).

The next step if your Windows drive is locked is to clean it up. To do this, the same command line is used, but the abbreviation cleanmgr is written in it. In the window that appears, you need to check the boxes on all the lines that are present in the list, with the exception of the item for deleting backup files.

After editing the registry and the cleaning procedure, you can restart the computer and see how the boot will proceed. If for some reason starting is impossible again, enter explorer.exe in the command console, go to the Users folder, in your directory go to the AppData folder and in subdirectories delete files with the names that you got rid of in the registry.

If, when performing the specified actions with the registry and system partition, it is not possible to call the command line via start in safe mode, you will have to boot from removable media (installation or recovery disk/flash drive) and then perform similar procedures. The command console in this case can be activated in the fastest way through the combination Shift + F10.

AntiWinLocker application

But what should you do if even after this it turns out that your Windows computer is blocked by a viral application? This is where specialized utilities will come to the rescue. One of the most interesting is the described boot program, which allows you to start by being recorded on an optical or USB drive.

After starting the program, you must accept the license agreement and select automatic launch. Next, this tool will perform a full scan of the computer system and indicate where exactly the viruses are located. You can delete them immediately or leave such actions for later, but after the restart you will additionally need to launch some kind of anti-virus scanner. In theory, the system should boot in normal mode.

If the previous solution did not help, and again it turns out that your Windows computer is locked, you can use the equally effective Kaspersky Rescue Disk utility, which also starts from removable media.

After launching the utility, you first need to select the language and preferred interface (graphical is best). After this, you can either scan for viruses or go directly to unlocking the system. For the first option, all disks and partitions are marked, after which the scanning process starts.

For the second option, use the terminal line, called through the main menu button (like “Start” in Windows), and enter the line windowsunlocker in the console that appears. After this, a black window similar to a command console will appear, where three options will be offered. To instantly unlock, enter one, after which all you have to do is wait for the process to complete. However, even if an immediate scan is carried out and a virus is detected and it is removed or neutralized, starting the operating system will be possible. By the way, this particular program allows you to detect and eliminate almost all known threats, so its use in case of deep infection is as effective as possible.

AVZ program

Now there is another situation in which it turns out that Windows is locked. The AVZ program or some kind of portable scanner can be used, so to speak, for a control shot - checking the system and/or restoring it and eliminating detected problems.

The application starts when the system starts from removable media or in safe mode, after which the recovery option is selected from the file menu. Mark everything you need and click the button to perform the selected actions. But it’s too early to rejoice. Next, you need to go to the built-in “Troubleshoot Wizard”, select system problems and the “All” item, mark all the lines and perform the necessary steps to scan and fix the faults found. After this, you need to use the browser settings and tweaks section in the same way, and then through the service menu go to the Explorer extensions editor, where you uncheck all the items marked in black. Next, through the same service menu, you need to go to the Internet Explorer extension manager and delete all the lines that appear in the settings window.

When your Windows computer is locked, running this application in Safe Mode may not work. If you want to use this particular option for starting the utility, you can use the system boot menu (F8) and select to first launch the recovery tool, and then use the command line, from which you need to launch standard Notepad by entering the notepad command. In this program, you should open the AVZ.exe file, selecting “All” in the file type, and run the antivirus executable file through RMB with the selection of the line “Open” and not “Select”, since using the second item will only lead to a text representation of the compiled file will be shown, rather than starting it as an executable applet.

What to do if nothing helps?

As is already clear, viruses can block access to Windows quite simply. Typically, such situations are associated with outdated versions of XP, but it is far from a fact that later modifications cannot be subject to such effects.

However, returning to the main question, we can assume that none of the above solutions gave a positive result. What to do in such a situation? Here, as a last option, you can suggest removing the hard drive with the infected system, connecting it to an uninfected computer terminal and checking it for viruses using a portable antivirus launched from the computer to which your hard drive is connected. What to use? In principle, utilities like Dr. are a good idea. Web CureIt or KVRT from Kaspersky Lab. True, it will not be possible to mark the boot or hidden areas of the connected HDD in them, however, it is possible to use such a solution as a last option (of course, provided that no other measures help).

Instead of a total

That, in fact, is all that concerns the occurrence of problems when the system or some of its functions are blocked. If the operating system starts, you can immediately conclude that the bans are imposed due to lack of activation or represent security measures on the part of the system itself or the computer administrator. But in the case of messages appearing in the form of banners, this is a clear sign of viral influence.

As for eliminating problems and bringing the system into a normal working state, it is best to use KMSAuto Net for activation (the program is portable and does not require installation); to eliminate problems with prohibitions from the OS itself, disabling UAC control or granting yourself extended rights to change the system configuration or access to blocked programs. Well, in this case it can be impossible to fight viruses without utilities that start even before the main Windows modules are loaded.

Yes, and here's another thing. Even if the operating system starts in safe mode, under no circumstances is it recommended to use supposedly anti-virus programs like SpyHunter, since threats may be detected and will be, but it will be impossible to remove them or neutralize them without purchasing the main application. In addition, then getting rid of anti-virus applets of this type will be much more difficult than removing threats detected by other applications, for example, programs from Kaspersky Lab. So, if you are asked to download and install such utilities, it is better, as they say, not to take risks.