注意!!! Vorgang illegaler Aktivitaten wurde erkannt. Schweizerische Eidgenossenschaft. 病毒清除指南

1 Star2 Stars3 Stars4 Stars5 Stars (尚无评分)
加载。.

最近, the new threat has been spreading through the Internet, saying “;注意!!! Vorgang illegaler Aktivitaten wurde erkannt. Schweizerische Eidgenossenschaft;. This virus threat belongs to the group that gave origin for 大都会警察 and La Policia Espanola viruses. This message can pop in front of you at any time. It wants you to pay 150 Swiss francs (about $160). 这是什么意思? It actually says that users have spread some illegal content inside the web and now they should pay for that. It’;s not only the illegal content but spam as well. 所以, if the person does not pay this money his/her computer’;s every single piece of information will be eliminated within 24 小时. But the most important part about all this is that this warning message “;注意!!! Vorgang illegaler Aktivitaten wurde erkannt. Schweizerische Eidgenossenschaft”; tries to fool you by asking you to pay. It is completely fake. Do not do anything about it except removing, 答案是肯定的. If you pay you will just lose your money and nothing else. You still can have your computer in a good state if you follow our instructions. After you’;ve performed our recommendation nothing will be blocked or damaged, so you need to remove this virus at once. You can easily do it with our help. Follow all the steps and soon the problem will be solved.

Ransomware
勒索

Important removal milestones:

  1. Restart your system into “;Safe Mode with Command Prompt”;. While the PC is booting press the “;F8 key”; 不断, which should present the “;Windows Advanced Options Menu”; 如下图所示. Apply the arrow keys in order to move to “;Safe Mode with Command Prompt”; 并命中键盘上的 Enter 键. 在正常的 Windows 模式下登录为以前登录的用户.
  2. Safe Mode with command prompt
    带命令提示符的安全模式
  3. 一旦 Windows 成功启动, 窗口命令提示符将显示在下面的截图中. 在命令提示符处, type-in the word “;explorer”;, 并按 Enter. Windows 资源管理器应打开. 请不要关闭它. 您可以将它最小化一段时间.
  4. 之后, 通过应用相同的 Windows 命令提示符打开注册表编辑器. Type-in the word “;regedit”; 并按键盘上的 Enter 键. 注册表编辑器应打开.
  5. 你知道它通常看起来像, don’;t 你? 以及, 这里是它的截图:

  6. 查找以下注册表项:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

    在右侧面板中选择名为 Shell 的注册表项. Right click on this registry key and select “;Modify”; 选项. Its default value should be “;Explorer.exe”;. 然而, the virus did its job, and so after you click “;Modify”; 您将看到此注册表项的完全不同的值.

  7. 将 above-mentioned 注册表项的修改值的位置复制到一张纸上或记住它的位置. It shows where exactly the main executable of this virus is located.
  8. Modify the value of the registry entry back to “;explorer.exe”; 并保存注册表编辑器的设置.
  9. 转到修改后的注册表项值中指定的位置. 删除恶意文件. 使用您复制到纸上的文件位置, 或在上一步中的步骤中记下. 在我们的情况下, the virus file was located and running from the Desktop. There was a file called “;contacts.exe”;, 但它可能有不同的 (随机) 名称.
  10. Get back to “;Normal Mode”;. 为了重新启动您的 PC, 在命令提示符下, type-in the following phrase “;shutdown /r /t 0”; (没有引号) 和点击进入按钮.
  11. 病毒应该消失了. 然而, 为了清理你的电脑从其他可能的病毒威胁和恶意软件残留, 确保下载并运行 GridinSoft 特洛伊木马杀手下载通过下面的按钮.

要删除的相关病毒文件:

[random].exe

要删除的相关病毒注册表项:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[random].exe"

(Visited 295 时间, 1 visits today)

相关职位:

5 关于思考 & ldquo;注意!!! Vorgang illegaler Aktivitaten wurde erkannt. Schweizerische Eidgenossenschaft. 病毒清除指南& rdquo;

  1. I have had this virus on my computer for over a week…;. annoying! I tried to remove it with the above steps, but when i click on modify, it remains at “;explorer.exe”; so i have no files to delete. Does anyone have an Idea what else i can try??

    thanks so much for your help,
    Nadja

  2. Nadja,

    Did you get a solution? I have the exact same problem as you.

    Thanks you very much for your help.
    杰西卡

  3. I used System Restore to restore my computer to an earlier date, which removed the ransomware/virus completely.

留下你的评论

*