- Slow Computer
- System crashes
- Connects to the internet without permission
- Installs itself without permissions
- Can't be uninstalled via Control Panel
A new ransomware has recently started to wreak havoc in Eastern Europe. It is called Windows заблокирова, and it is a type of Trojan known as ransomware. You have to remove it from your PC if you want to use it because unlike most ransomware that encrypts files, this one locks the desktop and prevents applications from running, thus denying normal use of the computer, rendering it useless. In this article, we are going to talk about how this infection works, where it comes from, and, most importantly, how to get rid of it. Windows заблокирова demands that you pay a ransom for it to unlock your PC and let you use it.
If your computer becomes infected with this ransomware, then it will launch a full screen with a message in Russian that says “Attention! Any attempt to undermine the system will result in damage to your computer and lead to the loss of important data.” This lock screen will prevent you accessing the Taskbar and everything that is on your desktop. Not only that, but it will also stop most programs from running. This ransomware was developed by cyber crooks that want to trick you into paying a ransom in return for unlocking your computer and allowing its applications to run.
However, testing has shown that you can get rid of this infection rather easily. The only problem is that all of its files get random names with each infection, so there is no way to determine the exact names of those files. However, we know the location where these files get dropped. The sample we have tested dropped the files either to %TEMP% or %USERPROFILE%\Downloads when running the infection tests several times. Therefore, you can delete its files manually, but you have to identify the malicious files. Take note that one of them is always an executable file that runs in the background constantly. In order to access the aforementioned locations, you have to boot your PC in Safe Mode. Running the computer in Safe Mode will not launch Windows заблокирова on Windows startup because while in Safe Modeo, Windows only runs core processes. As a result, you have access to this ransomware’s files, and you can delete them. However, if you cannot find the files, then we suggest using our recommended antimalware application called SpyHunter that has to be installed in Safe Mode with Networking.
Due to the fact that this ransomware is new, we do not know much about its dissemination methods. It might be distributed via email spam that contains attachments that when run, drop Windows заблокирова’s files into one of the two locations mentioned above. Also, it could come bundled with software cracks hosted on piracy websites popular in Eastern Europe. So, one way to avoid this infection is to opt for safe browsing practices. However, given that this ransomware is exclusively in the Russian language, so we do not think that you can encounter it outside of websites based in Eastern Europe. Hence, it is developed with Russian-speaking PC users in mind.
As you can see, Windows заблокирова is a severe infection, but you can get away without paying the ransom to re-assume control of your computer. As mentioned, it was not designed to encrypt files, but to lock your computer’s screen. Please follow the instructions on how to boot your PC in Safe Mode with Networking to remove it manually or install our recommended antimalware program that can eradicate this infection for you.
Boot Windows in Safe Mode with Networking
Windows 7 and Vista
Windows 8 and 8.1
Delete Windows заблокирова