Ransomware SMS Virus Trojan.Winlock.3252 Removal by Britec

Ransomware SMS Virus Trojan.Winlock.3252 Removal Computer is Blocked! Your computer is blocked for viewing, copying and dissemination of video materials containing elements of pedophilia and rape of children. In order to remove the block You are required to pay a fine in the amount of 500 rubles to the (telephone) number 8-965-265-90-84. In case of payment of the sum equal to or greater the amount fine there will be an unblock code on the receipt. You'll need to enter the code in the lower portion of the window and press the "unblock" button. Once the block is removed you must delete all materials containing elements of rape and pedophilia. If you do not pay the fine within 12 hours, all information on your personal computer will be permanently deleted and the case will be sent to court for investigation in accordance to chapter 242 part 1 of the Penal Code of Russian Federation. Rebooting or turning off of the computer will lead to prompt removal of all data, including the operating system and BIOS, without ability of further restoration.

It also brought along a friend: A ransomware application which hijacks the desktop with an all-black screen (hiding the desktop icons), kills Explorer, and makes a demand for payment of 500 rubles in a window that looks like a Windows BSOD screen.
-----------------------------------------------------------
Need help with your computer problems?
http://www.briteccomputers.co.uk/forum

---

Closed Caption:

what you guys in this video be taking a
look at ransomware and Harry affects
your system and they can go about
removing it now ransomware is on the
comeback and is quite lovely about the
internet a moment and it's infecting
people pretty rapidly and some of them
what they're doing is a called master
boot record locks and what happens is
you get infected with it you'll go to
reboot the system and it will lock you
out automatically shut the system down
and then it will lock you out of your
system
there's also these types which we've got
here which friend you and all sorts of
stuff that is a particular point site
here from Russia as you can see people
in browsing the internet looking at porn
and what they want to do is they want to
see the images of these images here
don't see the videos of these images so
they go scrolling through and all of a
sudden they click on one of these which
may be the case that may find that they
like thinking like this one click on
that and what's gonna happen is a pops a
little work codec that says you need to
be a obviously looking at using this to
view the videos
he didn't click on this and then it will
click run
you're not going to get any video what
you're going to get is an infection and
this is a typical we're getting
infections young youngsters or other
people look at porn and other see if
it's a non-profitable . so if there's
ever a record born so you'll get
infected
so what we're gonna do here is have a
look at what's happened now is blocked
us right out
so the desktops completely gone and this
is the box with God now you can't put
codes in here now will actually convert
this text this Russian texts into
English for you so you can see what its
side is facing friend you saying you
need to pay such and such and get
unlocked basic unlock your computer so
when you reboot the system with this
particular virus it's gonna do the same
in safe mode you can get into safe mode
in lakhs you completely app so what
we'll do is I'll show you how to remove
that i'm going to show you the same
thing in vista XP as well it does do
invest ourselves just show you XP and
windows seven this is windows 7 and i'll
show you what it looks like in windows
XP pretty much same thing and will
reboot and i'll show you how to remove
it
ok so this boot the system up into XP
and show you what it looks like
ok so we load up quickly XP here and
I'll quickly show you in safe mode to
it's the same for windows XP is windows
7i have found with windows 7 64-bit the
actual virus doesn't always work
properly and you may be able to get to
safe mode that saying that it doesn't do
that with XP at all it will lock you out
both ways so as you get your desktop it
should lock you out
and there we have windows XP locked as
well will quickly reboot into safe mode
and show you the same thing in safe mode
ok will be tapping f8 on the keyboard
here to enter safe mode with networking
or safe mode even one of these two it
doesn't really matter because you're not
going to do anything including command
prompt it won't let you in there at all
so we'll just boot this up supper up and
see what happens
I know that once we get to safe mode is
just going to block this out
about what count you go into here it
will do the same will be administrator
albrighton both administrator and it
will lock you out full screen like that
exactly as it happens there you can't do
anything
ok so let me show you how to get around
that they may be thinking use a boot CD
like kaspersky or one of those types of
cds like oh that's web security and
stuff like that they don't work it won't
clear this the only way I found claiming
it is using that creates the environment
and then removing it from there and
editing the registry because you're
delete the file and what happens is when
you delete that file there's a user in
it folder is created and it will
recreate itself so keep happening over
and over again and it could be quite
frustrating if you don't have to do it
this reboot system into a boot CD for
windows and i'll show you how to remove
it
ok so got my CD in here i'm going to
boot to the CD that this is all my boot
CD for windows
ok so that's certainly one floated in
now so we're going to do here is just
say no to the networking side of things
we don't need at the moment
ok so what we're gonna do is have a look
at my computer first and i want to
actually find the file that's causing
the problem
this is the windows XP version but it
will be the same 1007 a slightly
different where the files located at
someone's going to the c drive here and
also want to go into documents and
settings here
now for windows XP is not in the actual
account is hatching all users and then
is all is in application data but if you
see it there that's where is if you look
inside
Crytek here which is the account that i
was using at the time there's no file
dare
so you may find it a bit peculiar so I'm
looking all uses application
females plan up ok so that's now deleted
and then I want to go into windows
they come down to
ok
that's a system 32
now witness see directory here of our
operating system and you can see this
file here
ok that's the user in it log on
application is the microsoft one what is
status is renamed that file
ok you can see that by looking at the
screen there so what I want to do first
they're so as you can see that is the
culprit there that's been a changed so
what we're gonna do is delete this file
and we're going to go back up to that
file
and then rename that use in it is that
file
okay so there we have for the
separate here is just spazzing out on me
ok so we're going to change that to use
in it
like so
ok and then what we want to do now is
come out this area
ok so we want to do here is go to the
program's registry tools and I want to
click on register 'edit remote okay and
that's going to allow me to edit the
registry of my C Drive now want to go
into bright up here click OK
now this is important because if you
don't do this what's gonna happen is you
know that may be so about it
so you want to go into H key local
machine here and then software and you
want to come down to Microsoft then you
want to scroll down
two windows NT and then current version
and then you want to go to and just put
that to the side there so you can see
we log on
I want you inside here you want to go to
the right-hand pane where okay we'll
come back to shell here you can see
she'll want to click on that and as you
can see it's been changed
ok so we want to do here is you want to
type in there
explorer.exe
like so and then you want to check the
or use in it
file ok so let's just check that
you want to make sure that it's got
comma and everything's looking okay and
that's how it should look that sometimes
gets changed as well but in this case it
hasn't so that's good i'm pretty much
now what we'll do now is reboot the
system and we'll see how it goes from
there so I'm just going to quickly
reboot
okay Swilley this reboot now and
hopefully the infection should be gone
and then once we get to their stop i
would suggest you run malwarebytes to
tidy up and then we have the desktop
back to normal didn't pay no ransom fee
and you should be up and running now I
hope you appreciate them at the time
this text is actually work out of click
kill somebody viruses and if you do then
please hit that subscribe button also
she supported guys favorite and write my
videos
okay so we're gonna win 27 boot up now
and as we can see we're just going to go
into this into the c drive or LBD on the
google CD but is the C Drive of windows
seven and we want to go for here is the
programs that serve our data file inside
there you'll see the file there and you
just want to believe that file and go
for the same process if it if it needs
to be done
okay guys I'm out of here so thanks
again for watching guys and he's brought
from bratok kody kay bye for now