Many computers in France today are being massively attacked with another sample of ransomware-type virus, similar to the one previously described by us. This program hijacks your desktop without actually allowing users to hardly do anything with the infected computer. Attempts to restart the computer would have the same outcome. The ransomware described above would appear anyway, accusing you of doing many things forbidden by the available French legislation and by the common law. Users who don’t realize that this warning is not originated by Gendarmerie nationale are more likely to become the victims of this scareware tool. It was designed by hackers specifically to deceive and to trick users into effecting the payment via Ukash or Paysafecard vouchers in their favor. The ransom price instructed to be paid by this specific malady makers amounts to 200 €. If your computer has been hijacked with this serious computer virus there is a remedy to fix it, without the need to effect the payment in favor of the crooks that developed it. Please follow the removal guidelines to remove this particular type of ransomware infection targeting French-speaking countries primarily.
Quotation from the above-mentioned French ransomware program:
Votre ordinateur a été bloqué pour violation de la loi Française
Les infractions suivantes ont été détectées:
- Le fait, en vue de sa diffusion, de fixer, d’enregistrer ou de transmettre des matériels pornographique impliquant des mineurs.
- Utilisation des logiciels en infraction avec les droits d’auteur.
- Partager des fichiers multimédia en infraction avec les droits d’auteur.
Pour débloquer votre ordinateur, vous devez payer 200 € dans les 3 jours prochaines. Si vous ne payez pas dans le délai précisé, votre ordinateur sera confisqués et votre cas sera soumis au tribunal.
Vous pouvez payer l’amende avec l’aide des vouchers Ukash ou Paysafecard. Acheter les vouchers par Ukash ou Paysafecard de 200 €. Ensuite, ouvrez le tab «Payer amende», remplir le forme avec les codes et valuers des vouchers, et clique sur le bouton «Payer amende». Votre ordinateur sera débloqué dans les 24 heures suivantes.
French ransomware virus removal sequence of steps:
- Restart your system into Safe Mode with Command Prompt. While your PC is booting hit “F8 key” on your keyboard repeatedly. This will lead you to “Windows Advanced Options Menu” as depicted below. Apply your arrow keys to go to Safe Mode with Command Prompt and then hit Enter key. Important! You need to login as the same user you were previously logged in with in the normal Windows mode. Please find more detailed information on rebooting into safe mode in this guide.
- While Windows boots the Windows command prompt will appear as depicted in the screenshot below. In the command prompt you need to type “regedit” (without quotation marks) and hit Enter. The Registry Editor window comes up.
- Find the following registry entry:
- Once Windows OS boots you will not see any desktop icons. Do not panic, this problem will be resolved soon. First of all, use the key combination “Ctrl+Alt+Del” or “Ctrl+Shift+Esc” (recommended) and launch Task Manager. Click File → New Task (Run…)
- This would open Internet Explorer broswer. Now you must download clean explorer.exe file and over-write the existing one which is infected. Please make sure you download the correct file for your version of Windows OS:
In the righthand panel select the registry key named Shell. Right click on this registry key and select Modify.
The default value is Explorer.exe.
Now you must amend the value data to iexplore.exe. Click OK to save your changes and now quit (shut down) the Registry editor.
Now return to “Normal Mode“. In order to reboot your PC, at the command prompt, type “shutdown /r /t 0” (without quotation marks) and hit Enter.
Type in iexplore and hit OK or click Enter keyboard button.
Click on the link to download the file. Select Save. Then go to C:\Windows folder and select available explorer.exe file. Click Save to overwrite the malicious explorer.exe file.
Find the same registry entry referred to in the step 3 of this tutorial.
In the righthand panel choose the registry entry with the name Shell. Right click on this registry entry and select Modify. Delete iexplore.exe and type in Explorer.exe as it was initially. Click OK to save performed amendments.
Shut down Registry Editor and reboot your PC now. This should reslove your problem. The last but not the least – make sure to scan your PC with reliable and powerful anti-virus software.
Important! If this ransomware removal solution did not help you please consider another similar guide available here.