Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert
This is the ransomware program developed by cyber hackers for the purpose of stealing funds from unwary users. It actually says that due to security reasons your Windows operating system has been locked. You are being falsely accused of watching illegal content and performing same illegal actions resulting in such blockage. The virus tells you that because of this behavior on your part your computer may crash. It then instructs you to download additional updates for your security system in order to restore it to back normal mode. The malware deceives you by saying that such update is common to most infected Windows operating systems. The ransomware misleads you when it says that the update can protect your system from viruses and harmful software by stabilizing your PC and preventing data loss. Then the virus instructs you to effect the payment in order to allow you to install and run this update. It recommends you to select the desired payment method from among Ukash and Paysafecard payment systems. The amount of the ransom is 50 € and you are told by the virus to indicate the special Ukash or Paysafecard code to be able to install the fake security update and thus allegedly to unlock your system. The malware promises you that immediately after this fictitious update is installed your computer will be fully protected and all Trojans and viruses will be removed.
Quotes of ransomware fake notifications:
Achtung!
Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert
Durch das Besuchen von Seiten mit infizierten und pornografischen Inhalten ist das Computersystem an eine kritische Grenze angekommen, nach der das System zusammenbrechen und die ganzen Dateien verloren gehen können. Um das System wiederherstellen zu können, müssen Sie ein zusätzliches Sicherheitsupdate herunterladen.
Dieses Update ist ein kostenpflichtiges Upgrade für besonders infizierte Windowssysteme. Es beschützt das System vollständig von Virus und Schadprogrammen, stabilisiert Ihr Computersystem und verhindert den Datenverlust.
Wählen Sie Ihre bevorzugte Zahlart.
Damit Ihr Computersystem schnellstens verbessert wird, geben Sie bitte weiter unten einen Code für 50 Euro Ukash oder Paysafe ein. Diese können Sie an fast jeder Tankstelle oder einen Kiosk in Ihrer Nähe kaufen. Diese Codes gibts auch überall da, wo Sie Handyaufladekarte erwerben können. Sofort nach der Eingabe und der Gültigkeitsprüfung wird Ihr Computer komplett aktualisiert und gesichert – alle Trojaner und Viren werden gelöscht.
Nothing mentioned by this ransomware program should be trusted. The virus wants you to effect the payment in favor of crooks that developed it. We hope you will be wise not to donate any funds for the criminals who elaborated this malware sample. Unfortunately, some users have made this tragic mistake of paying for the ransom. There are ways how to remove this virus quickly, effectively and for free. Please find the removal instructions to unlock your PC described below.
Ransomware removal sequence of steps:
- Restart your system into Safe Mode with Command Prompt. While your PC is booting hit “F8 key” on your keyboard repeatedly. This will lead you to “Windows Advanced Options Menu” as depicted below. Apply your arrow keys to go to Safe Mode with Command Prompt and then hit Enter key. Important! You need to login as the same user you were previously logged in with in the normal Windows mode. Please find more detailed information on rebooting into safe mode in this guide.
- While Windows boots the Windows command prompt will appear as depicted in the screenshot below. In the command prompt you need to type “regedit” (without quotation marks) and hit Enter. The Registry Editor window comes up.
- Find the following registry entry:
- Once Windows OS boots you will not see any desktop icons. Do not panic, this problem will be resolved soon. First of all, use the key combination “Ctrl+Alt+Del” or “Ctrl+Shift+Esc” (recommended) and launch Task Manager. Click File → New Task (Run…)
- This would open Internet Explorer broswer. Now you must download clean explorer.exe file and over-write the existing one which is infected. Please make sure you download the correct file for your version of Windows OS:
- Important! At this stage it is also strongly recommended that you download and scan your PC with realiable anti-virus software.
- Remove all detected infections but do not reboot PC yet.
- Open up Task Manager once again. For this purpose click File → New Task (Run…) as you made in previous steps.
- Type in regedit and click OK to open Registry Editor.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
In the righthand panel select the registry key named Shell. Right click on this registry key and select Modify.
The default value is Explorer.exe.
Now you must amend the value data to iexplore.exe. Click OK to save your changes and now quit (shut down) the Registry editor.
Now return to “Normal Mode“. In order to reboot your PC, at the command prompt, type “shutdown /r /t 0” (without quotation marks) and hit Enter.
Type in iexplore and hit OK or click Enter keyboard button.
Click on the link to download the file. Select Save. Then go to C:\Windows folder and select available explorer.exe file. Click Save to overwrite the malicious explorer.exe file.
Find the same registry entry referred to in the step 3 of this tutorial.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
In the righthand panel choose the registry entry with the name Shell. Right click on this registry entry and select Modify. Delete iexplore.exe and type in Explorer.exe as it was initially. Click OK to save performed amendments.
Shut down Registry Editor and reboot your PC now. This should reslove your problem. The last but not the least – make sure to scan your PC with reliable and powerful anti-virus software.
Important! If this ransomware removal solution did not help you please consider another similar guide available here.
