Your computer is locked for violating the Law of Great Britain.

admin | September 12, 2012

If you turn on your PC and discover that your computer is locked for violating the Law of Great Britain, do not panic. This warning alert has nothing to do with the good organisation of West Yorkshire Police. It is a handiwork of cyber criminals. This notification is fake one. This trick is used to enrich in unfair methods. You are told that your computer will be totally damaged and unusable. You are blamed in visiting pornographic Web sites. Your IP address will be stored in their database and if you visit such pages again your data will be transferred to a special department for a further investigation. In order to unlock your computer you should pay a fine in amount of 100 pounds. In fact it is outrageous lie. You should not effect any payments in such case. You should unlock your PC and remove the virus


Your computer is locked for violating the Law of Great  Britain.

Your computer is locked for violating the Law of Great Britain.

1. This ransomware creates the files:

%LOCALAPPDATA%[random].exe
%COMMONAPPDATA%[random].exe

If you have Windows XP OS, you should for look the next files:
%LOCALAPPDATA% = %USERPROFILE%Local SettingsApplication Data
%COMMONAPPDATA% = %ALLUSERSPROFILE%Application Data
If you have Windows Windows 7 OS, you should look for the next files:
%LOCALAPPDATA% = %USERPROFILE%AppDataLocal
%COMMONAPPDATA% = %ALLUSERSPROFILE%Application Data

2. This ransomware creates the registry entries:

2.1. It creates the parameter AutoRun in the registry key HKCUSoftwareMicrosoftCommand Processor
2.2. Change the parameter value Shell in the registry key HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon
2.3. Change the parameter value DisableTaskMgr into 1 (or creates the parameter with value 1)
in the registry key HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

To unblock your PC the next steps are recommended:

1. Launch your PC in Directory Services Restore Mode or Debugging Mode.
2. Remove the parameter AutoRun in the registry key HKCUSoftwareMicrosoftCommand Processor
3. Change the parameter value Shell in the registry key HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon на Explorer.exe
4. Remove the parameter value DisableTaskMgr in the registry key HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
5. Reboot your PC in the normal mode.
6. Launch the reputable anti-virus solution to clean your computer from potentially insecure malicious objects.

Leave a comment

*