The is a nasty malware that is classified as a ransomware that has infected thousands of the windows based personal computers in the recent days. Once this malicious application gets inside the system, it blocks your computer completely, and you are unable to see your normal desktop. Instead of that, you are only able to see a full screen message that shows, your system is blocked by the law enforcing authorities on the charges of illegal online activities such as child pornography, or downloading copyrighted material. You will be asked to pay $300 within 48 hours in order to avoid further legal action. This is a total fake message that is used by the hackers to threaten the innocent computer users, and extort the money from their pockets. One thing which you need to keep in mind, that even if you pay your hard earned $300, your system will never unlock by these cyber crooks, instead of that, you will also lose your precious personal information while paying the so called fine amount. These types of ransomware are required to be removed from the system wisely, and by using the specialized tools that are designed specifically to get rid of these infections.


Removal of

After knowing that the is present inside the system, you have to plan how to remove this virus completely from your system in a way that it will never return back. There are some effective automatic tools available to remove this ransomware. However, the manual removal of this infection is also possible. The manual removal instructions are mentioned below:-


Change the Mode of Operation from Normal to Safe Mode

The manual removal process can be executed once you are able to access the infected machine in the safe mode. You just have to restart the computer,  and while the system is restarted, press the F8 key repeatedly to see the boot options menu screen. Select the safe mode option from the list, and press the Enter key to access the safe mode on your system.
End the Malicious Processes

Hold the Ctrl+Alt+Delete keys together to open the task manager window, and click on the processes tab to see the list of processes. You have to remove the following suspicious processes associated with this infection, and close the task manager:-


Remove the Associated Data

Open the system files folder through file explorer, and remove the following malicious files as quickly as possible:-

  • %Desktopdir%\
  • %Programs%\\

Reverse the Modification in the Windows Registry

Remove the fake entries created by this virus in the windows registry. In this regard, open the registry editor by running the Regedit command through the start menu. Once the registry editor is accessed, delete the following associated entries of the as soon as possible:-

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\\DisplayIcon %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe,0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\\UninstallString “%AppData%[RANDOM CHARACTERS][RANDOM CHARACTERS].exe” -u
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\[RANDOM CHARACTERS] %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\\ShortcutPath “%AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe” -u
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\\DisplayName

Close the registry editor before restarting the system in the normal mode. If the virus is removed successfully, run a complete system scan through your existing antivirus.

How to Remove
Tagged on:             

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>