Achtung! Ihr Computer wurde gesperrt ransomware

The above-mentioned warning is originated by ransomware virus application. It has nothing to do with Microsoft Corporation headquartered in the US. The ransomware hijacks your desktop completely and does not let you do anything with your computer. Restarting the system would not benefit, the locked status of your system will remain. This malware tries to scare you into effecting the payment (ransom) as the supposed fine or penalty for using Microsoft software that was not licensed. The ransomware program tells that during your Windows operating system authenticity validation non-licensed software was allegedly detected on your computer. This malware tries to act like the supposed agent or representative of Microsoft Company when it tells you that Microsoft Inc. directly forbids using the software that was not licensed by it.

The malware program reminds users what they know already, saying that using non-licensed software is illegal according to the German laws and will be thus prosecuted. However, here is the true plot of the above-mentioned ransomware. It says that in order to unlock your computer you must pay the fine within 24 hours after the locked status was set up for your software. The malware says that the cost of the license amounts to 100 Euro! It scares you with another warning when it tells that if you do not effect the payment all data will be removed from your computer and that all your personal information will be disclosed to the court. The scareware application instructs you to effect the payment using two payment methods. One is via Ukash voucher (coupon) whereas the other is by means of indicating the Paysafecard PIN-code. The malware promises that the request to unlock will be processed within 24 hours. Below please find some quotations in German from what the malware accuses users of:

Achtung! Ihr Computer wurde gesperrt!!!
Bei der Überprüfung der Echtheit von Windows wurde festgestellt, dass auf Ihrem Computer nicht lizensierte Software installiert wurde! Die Microsoft – Corporation verbietet es ausdrücklich, unlizenzierte Software zu benutzen.
Das Benutzen von nicht lizensierter Software ist in Deutschlang gesetzeswidrig und wird
strafrechtlich verfolgt!
Um Ihren Computer zu entsperren, müssen Sie innerhalb von 24 Stunden nach der Sperrung die Lizenz für Ihre Software bezahlen!
Die Kosten für die Lizenz betragen 100 Euro!
Sollten Sie nicht bezahlen, werden alle Daten von Ihrem Computer gelöscht und Ihre persönlichen Daten werden an das Gericht weitergegeben!!!
Die Lizenz können Sie auf zwei Arten bezahlen:
1) Sie können den Ukash Coupon für 100 Euro erwerben. Die Nummer des Ukash Coupons müssen Sie in das Bezahlung-Feld eingeben und auf OK drücken.
2) Sie können die Strafe mit Hilfe der Paysafecard bezahlen. Sie müssen eine Paysafecard für 100 Euro kaufen und den PIN-Code von der Quittung in das Bezahlung-Feld eingeben und OK drücken.
Nach der Bezahlung wird Ihre Anfrage innerhalb von 24 Stunden bearbeitet!
Achtung! Innerhalb von 24 Stunden (Bearbeitungszeit Ihrer Anfrage) sollten Sie keine Operationen mit der Quittung oder dem Coupon durchführen!

No doubt, using the legitimate software that was not licensed is illegal. We hope that this is not the case with the visitors of this blog. However, developing and spreading the ransomware programs like the one described above is the same crime. You need to understand that you are simply being tricked, fooled and deceived by cyber hackers who want to become richer with the help of their fraudulent and deceitful methods of scaring you. Do not pay the ransom, fine or penalty as instructed by the malware developers. In order to remove this virus and to unlock your system (computer) please be so kind to carefully follow the guidelines provided below. They should work well for you to help you restore your computer to the normal condition. So, take your time and carefully read this useful portion of information. Share it with your friends who might have the same problem.

Ransomware virus removal sequence of steps:

1. Restart your system into Safe Mode with Command Prompt. While your PC is booting hit “F8 key” on your keyboard repeatedly. This will lead you to “Windows Advanced Options Menu” as depicted below. Apply your arrow keys to go to Safe Mode with Command Prompt and then hit Enter key. Important! You need to login as the same user you were previously logged in with in the normal Windows mode. Please find more detailed information on rebooting into safe mode in this guide.



2. While Windows boots the Windows command prompt will appear as depicted in the screenshot below. In the command prompt you need to type “regedit” (without quotation marks) and hit Enter. The Registry Editor window comes up.



3. Find the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

In the righthand panel select the registry key named Shell. Right click on this registry key and select Modify.



The default value is Explorer.exe.



Now you must amend the value data to iexplore.exe. Click OK to save your changes and now quit (shut down) the Registry editor.



Now return to “Normal Mode“. In order to reboot your PC, at the command prompt, type “shutdown /r /t 0” (without quotation marks) and hit Enter.



4. Once Windows OS boots you will not see any desktop icons. Do not panic, this problem will be resolved soon. First of all, use the key combination “Ctrl+Alt+Del” or “Ctrl+Shift+Esc” (recommended) and launch Task Manager. Click File → New Task (Run…)



Type in iexplore and hit OK or click Enter keyboard button.



5. This would open Internet Explorer browser window. Go to www.deletevirus.net and from the right sidebar download recommended anti-virus software. So, download, install, update and run the program. Once the download has started click “Run” instead of saving this installer to your hard drive. As we’ve mentioned already, run the installer, install, update the softare and run the scan with it. Please remove all items detected by antivirus.
6. If the program asks you to reboot your PC click “Cancel“. There is something else that must be done by you before rebooting.
7. Open up Task Manager using the key combination “Ctrl+Alt+Del” or “Ctrl+Shift+Esc” (recommended).
8. Locate the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

In the righthand panel select the registry key named Shell. Right click on this registry key and select Modify.



Return its default value back to Explorer.exe.



9. Open up Task Manager once again using the key combination “Ctrl+Alt+Del” or “Ctrl+Shift+Esc” (recommended). Choose the tab “Shut Down” and reboot your computer. The virus should be gone by this time.

Important! If this ransomware removal solution did not help you please consider another similar guide available here.

• Previous Entry: Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert virus
• Next Entry: Drive C initializing error. Fake HDD problem