Repair Design Furniture
Expand
home

Windows Unlock: How to remove the Windows lock banner? If you suddenly forgot your Windows password: We break the password! Virus computer lock

As a rule, this is a Trojan from the Winlock family. It is easy to determine it: if an image of a pornographic or, conversely, business character appears on the screen, and at the same time the computer stops responding to commands, this is our client.


At the same time, the banner often contains the message “Your computer is blocked” and an offer to send a paid SMS or deposit money to the specified account - supposedly only after that the harmful banner (and with it the PC blocking) will disappear. The image even has a field where you need to enter a special code that should come after the above requirements are met. The principle of operation of such malicious elements is reduced to the substitution of Shell parameters in the shell of the operating system and the leveling of Windows Explorer functions.

There are several generations of ransomware viruses. Some of them are neutralized in a couple of clicks, others require more serious manipulations. We will give methods by which you can deal with any Trojan of this kind.

Method number 1

Task Manager

This method will work against primitive trojans. Try calling the regular task manager (key combination CTRL+ALT+DEL or CTRL+SHIFT+ESC). If this succeeds, find in the list of processes what should not be running, and end it.

If the dispatcher is not called, you can still use the process manager via the Win + R keys. In the "Open" field, enter the word "notepad" and press ENTER, - thus, you will open the Notepad application. In the application window that opens, type arbitrary characters and briefly press the on / off button on your laptop or desktop PC. All processes, including the Trojan, will immediately end, but the computer will not turn off. While the virus is deactivated, you can find files related to it and eliminate them or perform an antivirus scan.

If you haven't had time to install antivirus software, you may ask: how can I remove ransomware from my computer? In most cases, the offspring of the evil Winlock family sneak into the directories of some temporary files or browser temporary files. First of all, check the paths:

C:\Documents and Settings\directory where the username is specified\and

C:\Users\username directory\AppData\Roaming\.

There, look for "ms.exe", as well as suspicious files with an arbitrary character set like "0.277949.exe" or "Hhcqcx.exe" and delete them.

Method number 2

Removing virus files in safe mode

If the first method did not work and Windows is blocked - what to do in this case? There is no need to worry here either. This means that we have encountered an advanced Trojan that replaces system components and blocks the launch of the Task Manager.

In this case, we will have to choose to work in safe mode. Restart your computer. Hold F8 while starting Windows. Select "Safe Mode with Command Line Support" from the menu that appears.

Further in the console you should write: "explorer" and press ENTER - you will start the explorer. After that, we write the word "regedit" in the command line and again press ENTER. So we will call the registry editor. In it, you can find the entries created by the Trojan, and also the place where its autorun comes from.

The paths to the files of the malicious component will most likely be in the Shell and Userinit keys (in the first one it is written explorer.exe, and in “Userinit” it can be easily identified by a comma). Further, the procedure is as follows: copy the full name of the detected virus file with the right button to the clipboard, write “del” on the command line, then put a space and paste the copied name. ENTER - and you're done. Now you know how to remove ransomware.

We do the same with other infectious files.

Method number 3

System Restore

We boot the system in safe mode, as described above. In the command line, write: "C:\WINDOWS\system32\Restore\rstrui.exe". Modern versions will understand and just "rstrui". And, of course, ENTER.

The System Restore window will pop up. Here you will need to select a restore point, or rather, the date before the virus hit the PC. It could be yesterday, or it could be a month ago. In short, choose the time when your computer was 100% clean and healthy. That's all unlocking Windows.

Method number 4.

emergency disk

This method assumes that you have time to download the software from another computer or go to a friend for it. Although, maybe you have prudently acquired it?

Special software for emergency treatment and system recovery is supplied by many developers directly in anti-virus packages. However, the rescue disk can also be downloaded separately - free of charge and without registration.

You can use ESET NOD32 LiveCD, Comodo Rescue Disk, or . All these applications work on the same principle and can be placed on a CD, DVD, or USB drive. They are automatically loaded along with the integrated OS (most often it is Linux), block the launch of Windows and, accordingly, malicious elements, scan the computer for viruses, remove dangerous software, and cure infected files.

What should I do if I forgot my computer password? This guide will tell you what to do if you forget your Windows password and how to solve this problem without reinstalling the operating system. In addition, we will look at other possible problems with passwords. The Windows 10 and Windows 7 operating systems have improved security features compared to earlier Windows XP/2000 systems.

By the way, perhaps one of the frequently used passwords is installed on your PC, see the full list of popular passwords -.

The latest versions of windows use a more efficient password system designed for business use so that no one without the necessary authority can access information on your computer. This is a double-edged sword. Most users forget some important password at least once. And then the user / owner of the information becomes the "enemy without access rights" for his computer.

Naturally, for every protection method there is a way to bypass it, especially if you have physical access to the computer.

In this article, we will look at various methods to protect your computer with a password and how to bypass them. We will start not with user account passwords, but with equally important passwords, such as BIOS passwords.

How to "bypass" the BIOS password?

BIOS password- one of the oldest ways to protect your computer from unauthorized access and one of the most common. Why? This is one of the most effective means if the user does not have access to the system unit. Otherwise, it's like locking the house with a lot of locks and leaving the window open.

The default BIOS settings on all motherboards do not store password information. So all that needs to be done to remove the BIOS password is to simply reset the current settings, restoring the default configuration. But remember that resetting the current BIOS settings will destroy not only the password, but also all those settings that you set yourself.

There are two ways to reset BIOS settings. Most motherboards have a special jumper to clear the CMOS (memory that stores BIOS settings). Usually this jumper is located near the battery on the motherboard, but to be sure, it is advisable to refer to the instructions from the motherboard. On some motherboards, instead of a jumper, there are simply two pins that need to be closed with a metal object, such as a screwdriver, to reset the CMOS.

If your board has a jumper, then to clear the CMOS, turn off the computer, install the jumper so that it closes the jumper contacts, and press the computer's power button. Your computer will not boot, but the CMOS settings will be reset. Remove the jumper and turn on the computer again. Most likely, you will see on the screen a request to press F1 to set the BIOS parameters. If you're happy with the default settings, press F1 and select 'Save and exit' from the BIOS menu. After that, the computer will boot as usual, except for the BIOS password.

If you don't know where the required jumper is located on your board, or there is none at all, which is quite possible, you will have to go the other way. Each system board has a battery that powers the CMOS memory, allowing information to be stored. As a rule, this is a standard CR2032 battery.

To clear the CMOS, turn off the computer and remove the battery (you may need a thin screwdriver). After 5-10 minutes, replace the battery and turn on the computer. The BIOS will be set to default settings and there will be no password. To continue loading, you will need to press the F1 key, and if you are satisfied with the default settings, select the 'Save and exit' item in the BIOS menu that appears.

As you can see, all this is very simple on a desktop computer, but with a laptop, the BIOS password can become a serious problem. Due to the frequent theft of laptops, manufacturers made sure that access without a password was almost impossible. So, if you forgot the BIOS password for your laptop, most likely you will have to contact the manufacturer's service center.

What to do if you forgot your Windows password?

If circumstances have developed in such a way that you have forgotten your Windows password, then we recommend that you reset it using a built-in account called Administrator. This is done in safe mode, while loading or restarting your PC.

To restore access to your computer, you will simply need to press F8 and in the menu that has already opened, in which some additional options for booting your operating system will be presented to your attention, you will have to select the aforementioned "Safe Mode". Next, you will need to select the built-in account, which, by the way, cannot be protected by any password by default.

If you did everything correctly, since you exactly followed the above sequence of actions while still on the Desktop, you should knock out a window with a message that Windows is working in the “Safe Mode” you need, which is as simplified as possible. You will need to click "Yes" and go to Control Panel - User Accounts, where the icon of the account is located, the password from which you yourself want to reset. On the left, you must select the “Change password” item and enter in the corresponding window, and then confirm the new password. Ultimately, for the aforementioned changes to take effect, you will need to restart your PC.

How to crack a Windows password on a computer or laptop?

In order to do this, you will have to follow the following sequence of actions:

  1. Prepare a CD or flash drive, which should contain a special set of resuscitation programs designed to restore Windows. You will need to insert it into the drive or into the appropriate port during the subsequent reboot of the computer. You can prepare this package of resuscitation programs yourself by downloading programs there that are intended for separating, saving and restoring data, or you can download some ready-made RBCD 10.0, for example;
  2. During PC startup, in order to enter the BIOS, press the "DELETE" button. There we will need to change the installation priority and assign the computer to boot from the CD-ROM. After that we visit our boot disk in the drive and restart the PC;
  3. Having entered the resuscitation disk in me, which should appear after the resuscitation software package has been loaded, we must select the edited copy of Windows and go to the “System Restore” mode - the section that will be at the very bottom of the page;
  4. We are looking for the command line and enter “regedit” there (we are looking for it in the dialog settings of the same window). We find, and then select the HKEY_LOCAL_MACHINE section, in which we need to select File, and then Load hive;
  5. Open the "SAM" file and select the section - HKEY_LOCAL_MACHINE\hive_name\SAM\Domains\Account\Users\000001F4. Double-click on the key F placed there and go to the very first value in the line, which we will need to replace with the number 10;
  6. In the same section, select "File", and after that "Load Hive". Click "Yes" to confirm the unloading of the hive. We close the registry editor, finish the installation process in this way, take out the USB flash drive or disk and restart the computer.

How to find out the password from the computer?

Question: how to crack a password on a computer remains relevant to this day. Unfortunately, it seems possible to really find out the password from a computer only by choosing it correctly manually. Therefore, if you are not ready to spend a few hours of your free time on this process, we strongly recommend that you just reset it and come up with some new one.

Again, it's much easier to just reset your password and come up with a new one after. Nevertheless, if you just need to find out the password, we recommend that you use a program for this purpose, which is called, from the image of which you will need to make a boot disk. Having correctly configured the BIOS to boot from the drive and installing this program, immediately upon entering the Desktop, you will see a window in which you can see the usernames, including the Administrator, as well as passwords from their accounts.

Asking the question: what to do if you forgot the password from your own PC, it is absolutely not necessary to use the above methods of recovering it. Resetting the password in the Windows 7 operating system can also be done using the Net User command. For this case, while restarting the PC, you will need to press F8. Thus, you can open a Menu that allows you to carry out additional boot options for this operating system, in which you will need to select not just "Safe Mode", but one that would also support the command line. While in it, you will need to select the built-in Administrator account and in the Command Interpreter window, immediately after that, the system prompts will appear, where you will need to enter net user "username" "password".


We assume that you yourself understand that instead of "username" you will need to enter the name of your local user account, and instead of "password" you will need a new password. If you did everything correctly, then in order to close the window, you will need to write on the command line: exit and restart the PC.

How to reset password on Windows 8?

In the case of this operating system, things are much simpler! Resetting the password on Windows 8 can be done as follows:

  • On the login screen, you will need to click on the special power icon, which is located in the lower right corner of your screen;
  • Next, you will need to press the Shift key and click "Reboot";
  • Click "Troubleshooting";
  • Click "Reset PC";
  • Click "Next" and the system will automatically reboot in order to start preparing for a password reset.

How to reset password on Windows 10?

It is not so difficult to reset the password for Windows 10 users, of course, provided that they have access to email, or to the phone to which their account was linked. Otherwise, you will have to reset the password from the flash drive, as described above.

How to reset the Windows 7 administrator password?

The best way to reset the Windows 7 administrator password is through the Windows Command Interpreter. Observe the following sequence of actions:

  1. First, run it. You can do this by adhering to the following path: Start - Run - Run the program - cmd. In the Command Interpreter menu that opens, you will need to enter: control userpasswords, after which you will have a window called "User Accounts";
  2. Select the account from which you want to reset the password and do not forget to uncheck their item "Require username and password";
  3. In the window that opens, you will be required to enter, and then confirm a new password. Next, in the command boot window, you will need to enter Exit and restart the PC as usual.

View passwords that Windows stores

In addition to access passwords for various users, Windows also stores a number of other equally important ones: the password for connecting to the Internet, passwords for mailboxes or access to websites. There are usually quite a lot of them, so it is quite natural that they are forgotten over time.

The operating system offers an "autofill" feature for passwords and other frequently entered information in browsers (Google Chrome, Yandex Browser, Opera (Blink), Firefox, Explorer 11, etc.). So it is not uncommon for a user to enter a password once, and after a few months, of course, he cannot remember it. Everyone understands that important passwords need to be written down, but not everyone does this. And if you no longer remember the password, how can you find it out, because it is displayed as a series of asterisks: ******?

The solution is offered by programs from different manufacturers that can get the password from this string of asterisks. There are quite a lot of freely distributed programs for decrypting Windows passwords or hidden passwords from input lines in various browsers.

We will use a program from Passware. It's an easy-to-use, free program that parses passwords hidden by asterisks and tells them to you. It is very easy to work with her. It is enough to highlight the line with the password and click the 'recover' button.


Of course, there are also commercial versions of programs, which, as a rule, have a large set of functions. For example, Password Recovery Toolbox scans the system and detects saved passwords, data saved for autofill, Outlook Express passwords, Internet connection passwords, etc. This information is then presented in a convenient form. A few more alternatives to the programs described above:, or Password Viewer.

Windows XP user passwords

Windows XP stores user passwords in a modified form. For example, the password "password" would be stored as a string like this: 'HT5E-23AE-8F98-NAQ9-83D4-9R89-MU4K'. This information is stored in a file called SAM in the C:\windows\system32\config folder.

This part of the SAM file is encrypted with the syskey system utility to improve password security. The data needed to decrypt the information after the syskey is stored in the system file in the same folder. But this folder is inaccessible to any of the users. Only the operating system itself has access to it during its operation. The SAM and system files can only be accessed by running a different operating system or by connecting the drive to another Windows computer.

All versions of Windows XP have an "administrator" account. This name gives the user full access to the system and the ability to reset the passwords of all other users. This can save you if for some reason you cannot log in with your regular user password. The specific use of the administrator password depends on the version of Windows XP: XP Professional.

The administrator password is set during the installation of the operating system. If you write it down or just hit enter and leave it blank, you can easily log in as an administrator and reset user passwords. To log in in administrator mode, press CTRL+ALT+DEL twice on the welcome screen, a window for entering the administrator password will appear.


When the computer boots, go to ‘start\control panel\user accounts’ (start\control panel\user accounts) and change the required password. Since you are already here, this is a good opportunity to correct your mistake if you left the administrator password blank. In addition, it is desirable to change the name of the 'adminisrator' account. This name is known to everyone and is the first one used to gain access to your computer. To change the account name, right-click on 'my computer' and select 'manage'. Expand 'local users and groups' and open the 'users' folder. Right click on the 'administrator' entry and edit it.
XP home.

This system will not let you just get access to the computer in administrator mode. First you need to boot your computer into failsafe mode. To do this: restart your computer; immediately after testing the BIOS, press F8 several times; in the menu that appears, select ‘start Windows XP in safe mode’ (boot Windows XP in failsafe mode). When the computer boots up, log in with the username ‘administrator’. There is no default password. You can now change user passwords by going to ‘start\control panel\user accounts’ (start\control panel\user accounts). When you're done, restart your computer in the usual way.
Create a password reset disk

Windows XP allows you to write information to a regular floppy disk that allows you to reset your password. Naturally, if you have already forgotten the password and cannot access the system, then you will not be able to create any disk, but it’s worth getting such a floppy disk in advance to protect yourself from such accidents.

To create a floppy: go to ‘start\control panel\user accounts’ (start\control panel\user accounts); select the name under which you are logged in; select ‘prevent a forgotten password’ from the related task menu; follow the instructions of the launched wizard.

To reset passwords using a floppy disk: if you enter the password incorrectly when logging in, the system will ask if you have not forgotten it; At this point, you will be able to use your floppy by following the operating system's step-by-step instructions.

Be careful: if you used the built-in Windows file and folder encryption capabilities, but did not install the operating system update (service pack 1), deleting the password will result in the loss of encrypted information.

Utilities for changing passwords Windows XP/7/8/10

There are special utilities that allow you to edit or reset passwords for Windows XP/7/8/10 users. Most of them work by loading a minimal version of an alternative operating system, such as DOS or Linux, under which you can access files with passwords.

An example of such a utility can be found at this address: http://home.eunet.no/~pnordahl/ntpasswd/ Operating instructions, as well as files for creating a Linux boot disk, are available on the same site.

Please note that if you have used the file and folder encryption functions of the operating system by changing the password using any program, you will lose access to encrypted data. In this case, the following method can help, which allows you not to replace the forgotten password with a new one, but to find out the old one.

Selection and decryption of passwords

If nothing else helps, but you have physical access to the computer, then all is not lost. You can overwrite the config and SAM files and try to decrypt the passwords stored in them using special third-party utilities. As we have already said, this will have to use an alternative operating system, such as DOS or Linux. And when the files are at your disposal, you can use one of the password decryption programs, for example, LC4 or .

You will need:

  1. Access to another computer.
  2. At least two blank floppy disks.
  3. An archiver designed to work with the command line, for example, RAR.
  4. A DOS or Windows 98 boot disk (obtain an image of the required disk at http://www.bootdisk.com/) or a minimal version of Linux (such as Knoppix). There is no need for boot disks if you can simply connect your hard drive to another computer. If you are using a DOS boot disk and the partitions on your hard disk use the NTFS file system, you will need a program that allows DOS to view NTFS partitions, such as NTFSDOS, to access them.
  5. Program for obtaining passwords. We recommend using , since the beta version of this program is free, and the free version of LC4 is very limited.

Using a bootable flash drive:

  1. If your hard drive has NTFS partitions, copy the NTFSDOS file to your bootable flash drive.
  2. Copy the archiver (RAR) to a bootable USB flash drive.
  3. Boot your computer from this flash drive. If there are partitions with NTFS, type the NTFSDOS command, this program will show which letter is assigned to your system drive, and you will need to use it instead of the letter C in the next paragraph.
  4. Place the system files with passwords in the archive. For example, if you use the rar32 archiver, the corresponding command will look like this: Rar32 a -va:\systemandsam c:\windows\system32\config\system c:\windows\system32\config\sam will ask you to insert the second one.

Password cracking

Each of the programs you select will list the accounts found in the SAM file. Select those for which you need to define passwords. If you are using , select Attack type: Brute-force. If you used only numbers in your password, check the box ‘all digits (0-9)’. Start the password guessing process using the command from the Recovery menu.

Password guessing can last from 10 minutes to several hours, or even several days, and may fail. Especially if the password uses mixed case letters, numbers and special characters.

This is a good way to check the strength of your passwords. If you just want to check your password, follow the steps above and see how long it takes to guess.

Programs for cracking a password in Windows

There are a huge number of software tools that can help you crack a password in Windows. In addition to the above program, there is also a Windows Admin Password Hack. But, unfortunately, it is no longer possible to call it relevant, since it only works in Windows 2000/XP. Its closest replacement is MultiBoot 2k10, which is essentially a feature rich boot disk.

conclusions

In any case, if one of your loved ones forgot the password on Windows 7, well, or you yourself were forced to face this - do not despair, there are a lot of solutions to this problem. Well, in order for you to no longer have questions: how to crack a password on a laptop, we strongly recommend that you save them somewhere, in notes inside your own smartphone, for example.

We hope that you will not have to resort to the methods we have described. To avoid such a need, remember that all important passwords must be recorded. And if there is a real need to protect information on your computer, then use passwords from characters in both cases and numbers and do not use ordinary words. In this case, your passwords will be very difficult to crack.

3 more helpful articles:

    A program that checks the strength of system user passwords. This utility is used by network administrators to calculate users with ...

    A simple utility that allows you to display hidden passwords with asterisks. Compatible with all browsers, including…

    Windows Repair is a rare type of program that can rid your personal computer of almost all…

Greetings, dear visitor of the PenserMan blog. Surely, you have heard, and maybe even found yourself in a situation where, after some file or visiting a dubious site on the Internet, the PC suddenly became uncontrollable. And even a banner appeared with the requirement to enter the code in order to unlock computer, which can be received by sending SMS or replenishing the account of the specified phone for a certain amount.

What to do in this case? Submit to extortionists or still there is a chance how to unlock computer without sms? Let's look at a few options for our actions in order not to become a "cash cow"" for.

After all, after replenishing the account, they will already know your phone number and most likely will be able to log in with your mobile operator. This means that it will not be difficult for them to withdraw money from your phone. But let's not despair and first try to deal with the problem on our own. So how?

Trying to unlock from the banner through the task manager

This is one of the simplest methods. Who knows, maybe the scammers are not so literate and are just bluffing? So, we call the task manager and remove the task performed by our browser. To do this, press the Ctrl + Alt + Del keys at the same time (we do not press the plus signs, of course). Then, in the window that opens, click "Start Dispatcher":

This window may have different views, depending on the operating system, but I hope the essence is clear. Next comes the task manager. This is where we have to remove the task of our browser. We click on the line with the browser and then on the button “End task”:


By the way, this method is applicable both for this and for any other task. To close a hung , for example. I must say that it is not always possible to do this on the first try, sometimes the task manager window blinks and disappears again. In such cases, it happens that pressing Ctrl + Alt + Del again and repeatedly, and up to 10 times in a row, helps! More than that probably doesn't make sense. It turned out - well. No, let's move on.

Trying to unlock the computer through the registry

Now we try the next option - more difficult. We put the cursor in the code entry field, press Ctrl + Alt + Del and carefully look at the banner. Of course, it will not necessarily be the same as mine, but the offer to send SMS or replenish the number and the line for entering the code or must be present. If, as a result of our actions, the cursor disappeared, then the attention of the keyboard switched to the task manager:


Now you can press Tab, and then Enter, and an empty desktop should open in front of you, most likely even without “Start”. If this happened, now in order to “unblock our prisoner” you need to go to the registry, since viruses are usually registered there.

Press Ctrl+Alt+Del. Then "Start Task Manager". In the new window that appears - “File”, then in the drop-down menu “New task (Run ...)”:



In the following, we write the command “regedit” and then click “OK”:


The “Run” command can be called even easier if, of course, it works out by pressing the Win + R buttons on the keyboard. For those who don't know, Win is the Windows picture key, usually at the bottom left end of the keyboard. If everything worked out, we will be in. Here, be very careful and cautious. Don't touch anything else. Because wrong actions can lead to unpleasant, and sometimes unpredictable consequences in the computer.

So we need to get here: HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon. I will show you two windows so that it is clear where and what to press to carry out this undertaking. In the first window, find the line with the inscription “HKEY_LOCAL_MACHINE” and click on the triangle to the left of it:


The list under this line will expand. There you need to find the line “SOFTWARE” and also click on the triangle:

Do not be afraid, the lists there are very large, about the bottom slider - move it to see the inscriptions in full. When you reach Winlogon in this way, you no longer click on the triangle on the left, but on the word “Winlogon” itself. Then move your eyes to the right panel, where you will need to check the parameters: “Shell” and “Userinit” (If it’s hard to see, click on the picture - it will enlarge):

We look at the Shell parameter - its value is only explorer.exe. ""Userinit"" should look like this: C:\WINDOW\Ssystem32\userinit.exe, . Please note that there is a comma at the end after “exe”! If there are any other values, then we correct them to the ones indicated above. To do this, just click on ""Shell"" or ""Userinit"" with the right mouse button, click "Edit", write the desired value in the pop-up window. This, I think, will not cause you much difficulty.

Final work and actions in case of failure

In some cases, it happens that these parameters are in order. Then we find this section: HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows NT / CurrentVersion / Image File Execution Options and deploy it. If there is a subsection explorer.exe, delete it without regret. Well, we did everything in order to unlock our “prisoner”.

Now you can restart your computer. If the virus is no more insidious, everything should

14.04.2016

Currently, there are a huge number of viruses, fortunately, modern antivirus software is able to cope with most of the "pests". Conventionally, viruses can be divided into several groups, but the most common are spyware, adware and trojans, which include ransomware viruses. It is the latter that will be discussed in this article.

Recognize the computer infected with ransomware pretty simple. An image of a business, pornographic or other nature appears and hangs on the screen. In this case, the computer either does not respond to commands at all, or responds, but the picture occupies almost the entire visible area. This is our client trojan familywinlock or, to put it simply, .

The banner on the screen has the following content: Your computer is locked, send money to an account or paid SMS. After that, the banner, along with blocking the computer, promises to disappear. Also on the picture there is a field in which you should enter the code that you supposedly receive after payment. Do not panic and rush to part with money. We will tell you.

The virus in question has several varieties, depending on the generation. Older ones can be neutralized with a couple of mouse clicks. Others will require much more serious preparation. Don't worry, we will give you all the options for getting out of such a difficult situation, which will definitely help you remove any such Trojan.

Method #1 - Task Manager

This method will help in the fight against old, primitive Trojans. Call the task manager ( Ctrl+Shift+Esc on Windows 10 or Ctrl+Alt+Del on older versions of Windows). If the dispatcher starts, try to find a suspicious item in the list of processes. Complete this process.

If the dispatcher does not start, try starting the process manager (keys Win+ R). Enter the command " notepad" in field " Open". This should open Notepad. Type arbitrary characters in the window that opens and press briefly (sharply) the power button on your PC or laptop. All processes along with the Trojan should automatically exit. The computer will remain on.

Now is the time to remove all infected files. You need to find them and delete or scan the disks .

Suppose that, by a ridiculous accident, you did not install an antivirus on your computer in advance. How to be? offspring winlock are usually taken into temporary files, including browser files. Try checking the following paths:

C:\Users\username folder\App Data \ Roaming \

C:\ Documents and Settings \directory with username\

Find " ms.exe" or other suspicious files, for example, with an arbitrary combination of characters like " 89sdfh2398.exe" or " Hgb.hd.exe". Delete them.

Method #2 - Safe Mode

The first way failed and you still don't understand how to unlock computer from ransomware virus? It's not worth getting upset. It's just that our Trojan is more advanced. He changed the system components and set the task manager to block the launch.

To resolve the issue, restart your computer by holding down the F8 key as the system starts. From the displayed menu, select " Safe mode with command line support».

Then type " explorer” in the console and press Enter. This manipulation will launch the explorer. We write down the word " regedit” on the command line, press again Enter. This will launch the Registry Editor. Here you will find the place where the virus autoruns from, and also the entries it created.

Look for ransomware virus components in keys userinit And Shell. In the first one, it is easy to find it by comma, in Shell it is spelled as explorer. exe. Copy the full name of the dangerous file we found to the clipboard using the right mouse button. We write " del” on the command line, then a space, and then paste the name you copied earlier. Click Enter and enjoy the result of your manipulations. Now you know how to unlock computer from ransomware virus. We perform this operation with all suspicious files.

Method #3 - System Restore

After the manipulations have been done, you must enter again using the method described in method number 2. Write the following on the command line: C:\WINDOWS\system32\ restore \rstrui.exe ” or in modern versions laconic “ rstrui”, then press Enter. The window “ System Restore”.

You should choose a date that precedes the appearance of the virus. This date is called the restore point. This may be a year or just a day before the ill-fated date when your PC was attacked by a virus. In other words, pick a date on which your computer was healthy and 100% clean. This completes the unlock.

Method #4 - Rescue Disk

For this method, you need to download the necessary software in advance, use a second computer, or visit a friend for this purpose. Software for system recovery and treatment is usually built into anti-virus programs. However, they can be downloaded for free, separately, without registration.

That's all, now you know how to unlock computer from ransomware virus. Henceforth, be careful.

Hello my readers! It is unlikely that an ordinary user of the windows operating system can be surprised by extortion of money using malicious Winlock trojans, more commonly known as the “Windows blocker”.

And it is not surprising, because every second inexperienced user, ignoring the importance of the security of his computer, automatically sent himself to the white list of scammers, who, as practice shows, are quite clever at “moneying” frightened and confused newbies who do not know how to react to such a situation.

Therefore, answering the questions: how not to become a victim of deception? and what to do if windows is blocked? I suggest that you carefully study the material below, which guarantees getting rid of the problem with a few clicks of the mouse.

Where does it all start

One evening, as usual, browsing the Internet for various sites, reading the news feed, your computer may freeze. And a terrifying banner may appear in the center of the screen, which obscures almost the entire desktop and asks you to send SMS (which, obviously, is not free) or asks you to replenish your account to the mobile number specified in the requirement. Otherwise, all materials from the computer will be automatically destroyed.

I will give you some practical advice on what to do if Windows is locked and asks for a code. I will give the best options for unlocking the system.

No extra moves

Fortunately, for some Trojans, it is indeed possible to pick up an unlock code, which, although rarely, completely destroys the virus from the system.

You can select the necessary code using well-known anti-virus databases (more specifically, in a couple of minutes you can find key data on their main pages).

Windows unlock service is available from the company:

  • "Doctor Web "
  • « Kaspersky Lab»

You can open the required page if your system is blocked from any other PC, tablet or phone.

Important ! Having unlocked access to the system, do not rejoice prematurely. The next step is to check the disk using any antivirus program.

System Restore

Before moving on to the complex and tricky methods of special software, I suggest trying to eradicate the problem with the tools at hand, or rather, call the task manager in your usual way (usually Ctrl + alt + Del).

Happened? Then congratulations, you are dealing with an ordinary and simple Trojan that can be removed easily and quickly.

  • We find a suspicious foreign process in the list of processes.
  • We force it to end.

An example of what your virus might look like.

Often, a third-party process has an indistinct name and is displayed without a description. Find those in the list and force them to end. I advise you to do this slowly and alternately until the banner disappears.

If the miracle did not happen, and the task manager is not called, then I propose to proceed to the stage of using the third-party process manager Explorer.exe, which can be downloaded from the link. The program can be launched using the "Run" command (press Win + R).

It is very easy to identify a suspicious process in the explorer.exe directive.

military strategy

Another way to deal with a virus is to use some standard programs, including an ordinary notepad or wordpad.

To do this, you “blindly” (because you still can’t close or hide the banner) will need:

  1. Launch the Run utility (Win+R)
  2. Write in it "notepad" and click on the "Enter" key.
  3. Ideally, a new text file will start under the banner window, in which you will type any (no matter what) text and press the power off button on the system unit.
  4. Next, all processes running on the system will begin to terminate, except for notepad, which will ask you to “save” or “close without saving” the document (which we, of course, leave unchanged for now).
  5. After deactivating the virus, as in the previous method, find the location of the Trojan and destroy it.

More advanced way

For hacker viruses, "unrealistically complex" Trojans, the way to counter the task manager or other system components will not help.

Therefore, it's time to move on to heavy artillery, or rather to a safe mode.

Step-by-step instruction:

  1. We restart the computer, and at the time of loading the operating system, hold down the F8 key (sometimes the button is different, it depends on your PC).
  2. In a new window (assuming a choice of boot method), select "Safe Mode + Command Prompt".
  3. After downloading, type regedit on the command line, press enter and launch the registry editor.
  4. We analyze the registry editor of running applications on a PC.
    Most likely you will see the full path to the Trojan files located in the Shell key and in the Userinit branch. In "Shell" the virus is written instead of explorer.exe, and in "userinit" it is indicated after a comma.
  5. Copy the full name of the virus to the clipboard.
  6. We write “del” on the command line, press the spacebar and right-click to call up the context menu.
  7. In the menu window, select the "Paste" command and press Enter.

Voila, the first Trojan file has been successfully destroyed. We carry out a similar operation with the second and subsequent ones (if any).

Well, that's all, I have prescribed the main effective ways to restore access to data. If all the above actions are difficult for you due to ignorance and fear of making things worse, I recommend that you take a training course " computer genius". It will help you gain courage and understand the basics of owning a PC.

I hope now I can be calm for you and for the safety of your information. Be sure to share this useful information with your friends on social media. networks, they, for sure, this material will also come in handy. Don't forget to subscribe to blog updates and install a reliable antivirus! See you soon!

Sincerely! Abdullin Ruslan

Did not find an answer to your question? Look at here
Actions of the lender if the debt is not returnedActions of the lender if the debt is not returned
Why did Lera Kudryavtseva and Sergey Lazarev break up?Why did Lera Kudryavtseva and Sergey Lazarev break up?
IQ test result: what do the scores mean?IQ test result: what do the scores mean?