The message titled as “Attenzione! Per motivi di sicurezza sistema di windows è stato bloccato” is another sample or ransomware program that is designed by hackers specifically to target computers located in Italy. It is obvious that today the malware business experiences some kind of shift from rogues to ransomware applications. Regretfully, some people have already become the victims of malware developers and of this virus in particular. When this threat attacks computers it hijacks the desktop immediately and completely locks the infected workstation. Users would not be able to enjoy the benefits of their computers as their normally do. Restarting / rebooting the PC would not help either, no matter how many times the restart attempt is undertaken. The same scary warning would appear one after another.

What is the aim or malware developers who launched this virus attack? Well, money is the only thing they think about. They invented this ransomware program in order to accuse users of committing many crimes, particularly having to do with watching, spreading and promoting illegal content over the Internet. The innocent people are also being accused of spreading spam and even promoting terrorist activities. It is amazing how instrumental the cyber crooks are while trying to achieve their goals. Then the ransomware program instructs users to effect the payment for ransom in order to unlock the infected computer. Otherwise, the ransomware says, these innocent users would be reported to the police. No doubt, to receive such strange and unexpected notification allegedly from Italian police might be scary. However, you haven’t committed those crimes you are accused of by the virus, so there is nothing to worry about. The worst thing is when people actually effect the payment in favor of these cyber frauds. Do not ever buy those Ukash vouchers or Paysafecard PIN codes in order to tell their details to malware makers. Ignore this scary message you’ve encountered and follow the removal guide to delete this virus from your infected computer.

Ransomware removal sequence of steps:

1. Restart your system into Safe Mode with Command Prompt. While your PC is booting hit “F8 key” on your keyboard repeatedly. This will lead you to “Windows Advanced Options Menu” as depicted below. Apply your arrow keys to go to Safe Mode with Command Prompt and then hit Enter key. Important! You need to login as the same user you were previously logged in with in the normal Windows mode. Please find more detailed information on rebooting into safe mode in this guide.



2. While Windows boots the Windows command prompt will appear as depicted in the screenshot below. In the command prompt you need to type “regedit” (without quotation marks) and hit Enter. The Registry Editor window comes up.



3. Find the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

In the righthand panel select the registry key named Shell. Right click on this registry key and select Modify.



The default value is Explorer.exe.



Now you must amend the value data to iexplore.exe. Click OK to save your changes and now quit (shut down) the Registry editor.



Now return to “Normal Mode“. In order to reboot your PC, at the command prompt, type “shutdown /r /t 0” (without quotation marks) and hit Enter.



4. Once Windows OS boots you will not see any desktop icons. Do not panic, this problem will be resolved soon. First of all, use the key combination “Ctrl+Alt+Del” or “Ctrl+Shift+Esc” (recommended) and launch Task Manager. Click File → New Task (Run…)



Type in iexplore and hit OK or click Enter keyboard button.



5. This would open Internet Explorer broswer. Now you must download clean explorer.exe file and over-write the existing one which is infected. Please make sure you download the correct file for your version of Windows OS:
• Windows XP SP2
• Windows XP SP3
• Windows Vista SP2
• Windows 7 SP1

Click on the link to download the file. Select Save. Then go to C:\Windows folder and select available explorer.exe file. Click Save to overwrite the malicious explorer.exe file.



6. Open up Task Manager once again. For this purpose click File → New Task (Run…) as you made in previous steps.



7. Type in regedit and click OK to open Registry Editor.



Find the same registry entry referred to in the step 3 of this tutorial.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

In the righthand panel choose the registry entry with the name Shell. Right click on this registry entry and select Modify. Delete iexplore.exe and type in Explorer.exe as it was initially. Click OK to save performed amendments.



Shut down Registry Editor and reboot your PC now. This should reslove your problem. The last but not the least – make sure to scan your PC with reliable and powerful anti-virus software.

Important! If this ransomware removal solution did not help you please consider another similar guide available here.

• Previous Entry: Attention! Pour des raisons de sécurité windows a été bloqué virus
• Next Entry: Atenção!!! Foi detectado um caso de atividade illegal virus