You start the computer as usual and then feel surprised to see that the computer is blocked by Decrypt Protect Virus (also called MBL Advisory Virus) which claims that you have broken laws and asks for a fine of $300 within 48 hours? Will the computer be unlocked and will the files be decrypted if you pay the required fine? How to remove the Decrypt Protect Virus in the case that you cannot access anything including desktop or task manager? Please read the post to acquire more detailed information about Decrypt Protect Virus.
Decrypt Protect Virus (MBL Advisory Virus) is a newly released ransomware that blocks user’s computer and encrypts files in the computer with the purpose of obtaining money. The appearance of this virus looks legit and professional, but it is just a virus designed by cyber criminals and has nothing to do with any legit organization. It can intrude computers worldwide and declares that it is working to protect Internet network worldwide to cheat users. Please be more careful when surfing the Internet if you want to stay away from this malicious virus.
Being different from FBI Moneypak Virus and Australian Federal Police Ukash Virus, Decrypt Protect Virus is able to encrypt and damage files in the computer except blocking the computer. You will find that the extensions of all files have become .html. When you try to double click files with extensions such as doc/docx, xls/xlsx, jpg and bmp, you are always redirected to http:mblpcblock.in/index.php instead of opening them normally. Once Decrypt Protect Virus infiltrates into the computer successfully, it will block the computer immediately, simultaneously displaying a message showing that your computer is blocked because you were spreading the malware (viruses, Trojans, worms) and are breaking numerous international and USA laws. You only have 48 hours to pay a $300 fine to get back the control of the computer and files or you will never be able to unlocked the computer and decrypt the files. To further convince you, Decrypt Protect Virus will also provide an Order number, your IP address, the time of tracking your online behaviors, the name of responsible agent and their location. In addition, the payment is made by Green Dot MoneyPak, which is a kind of prepaid payment and can be purchased conveniently at many stores including Wal-Mart, Walgreens and Kmart. Inexperienced computer users may choose to pay for they are scared to bear legal consequences and don’t want to lose their files. Actually, nothing is going to change after you finish the money transfer because it is a fraud. What the cyber criminals want is more and more money. There is no way to get your money back even though you know it is a scam finally. Therefore, Decrypt Protect Virus cannot be trusted and needs to be removed without hesitation and delay.
Decrypt Protect Virus can modify system settings to root itself deep in the system. The antivirus programs installed in the infected computer cannot handle it completely and even can be disabled by it. Whenever you start the computer, Decrypt Protect Virus can be activated immediately. It is impossible to close or minimize the warning message. Manual removal is suggested to get rid of the virus and recover the files safely. Please review the following steps to process the removal of Decrypt Protect Virus
Victim said: My husband was on the Internet earlier and he stumbled into the Decrypt Protect lock down screen. He wasn’t even watching porn or doing anything illegal!!! It said he had to pay $300 and then the computer would be unlocked. Well he paid it and now we found out this was a scam. His computer is still blocked. What do we do and how can we get our $300 back ?? Help..
Open spam email and click the strange links attached or download the attachment which contains the virus.
Visit malicious websites or click on unknown links.
Download or install some free applications and movies from hacked sources.
1. Access Safe Mode with Networking
Restart your computer, immediately, quickly and repeatedly hit F8 key before the Windows start-up screen shows. Select “Safe Mode with Networking”, and then press Enter key.
2. End the virus processes
Press Ctrl+Alt+Del keys together and end the virus processes in the Processes tab of Windows Task Manager.
Random.exe (The names of the virus processes may be different all the time)
3. Show hidden files
(1). Click on the Start button and then on Control Panel
(2). Click on the Appearance and Personalization link
(3). Click on the Folder Options link
(4). Click on the View tab in the Folder Options window
(5). Choose the Show hidden files, folders, and drives under the Hidden files and folders category
(6). Click OK at the bottom of the Folder Options window.
4. Delete virus files
(1). Delete the related registry entries through Registry Edit
Guides to open registry editor: Click “Start” menu, hit “Run”, then type “regedit”, click “OK”
While the Registry Editor is open, search and delete the following registry entries listed below:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[RANDOM CHARACTERS].exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Random
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\Random.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = Random
(2). Find out and remove the associated files of this virus.
%AllUsersProfile%\random.exe
%Temp%\random.exe
%AppData%\Random
%AllUsersProfile%\Application Data\.dll HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Random “.exe”
5. Restart the computer to normal mode after the above steps are done.
In a word, Decrypt Protect Virus is a nasty scam created by cyber criminals in 2013 which is quite rampant. It can block user’s computer as well as encrypting files right away once it finishes its installation in the computer. It also displays a message saying that you have violated laws and asks for a fine of $300. The payment must be processed within 48 hours or you will be in legal trouble and never be able to get back your computer and files. But if you pay, you will lose your money and nothing in your computer is going to change. It is indeed a fraud. Please don’t be taken in. You shall take actions to remove it as soon as possible.
If you have no idea of how to do that, please contact experts from YooCare Online Tech Support for further help.
Published by on May 23, 2013 10:07 am, last updated on May 23, 2013 10:07 am
Leave a Reply
You must be logged in to post a comment.