Your Computer Has Been Blocked Virus Interface

The Your Computer Has Been Blocked virus or Everything On Your Computer Has Been Fully Encrypted ransonware is a member of the Trojan:Win32/Harasom.A Ransomware family of  infections. Once your computer has been compromised by this ransomware, it will prevent access to your Windows desktop, your applications and also your data files unless you pay the distributors of it a ransom of $300.00. It states that the payment must be made through MoneyPak, Vanilla Reload or REloadit within 72 hours. This particular ransomware is very malicious and can cause unsuspecting computer users a large amount of headaches, because it not only locks your screen and applications, but it also actually encrypts your data files. And if you attempt opening any of the modified files, your web browser will open and state that the files are encrypted.

The Everything On Your Computer Has Been Fully Encrypted ransonware doesn't encrypt all of your files. It appears to focus mainly on the most important user data files with the extensions of, docx, xlsm, ppsx, eml, dot, php, xla, gif, ppt, ico, mpg, lnk, docm, txt, sfx, zip, mdb, bkf, odp, eml, ppsx, ppsm, sldx and dwg. Fortunately, a specialized trojan removal and file decryption tool has been developed to combat this infection.

You'll need to download a few utilities to remove the infection from your computer. You should be able to download the files below on the compromised computer from "Safe Mode with Networking". If the trojan hinders your attempts at downloading the needed files, you'll need to download them on a clean computer, burn them to cd and then transfer them to the infected system.

You'll need to download:

How to remove the Your Computer Has Been Blocked Ransomware Technique 1

  1. First restart the infected computer into "Safe Mode with Networking"
  1. Once you're logged in, if you haven't already downloaded the needed files listed above, download them now.
  2. Once you have downloaded the files, execute the copy of "rKill". It will terminate any malicious processes that it finds loaded in your computer's memory and it may also cleanup various registry modification that were made by the ransomware.
  3. After "rKill" has completed, execute the copy of "Emsisoft Decrypter".

  1. Once it has completed examine the results and then close the application.
  2. At this point you need to carefully examine the files that were decrypted to make sure that they are usable and will open properly. After you have finished your check of the files and you're sure that they are okay, you can then delete the original files that were encrypted by the ransomware.
  3. Next, decompress the copy of "Emsisoft Emergency Kit" by double clicking on it's executable. And once it has been decompressed click on "Start" in it's folder, then update it and then afterwards run a deep scan of your entire system to remove any other possible trojan infections.

  1. Once the scan has been completed, quarantine any malicious files that the emergency kit finds on your computer and then reboot the computer normally.

At this point your computer should be clean of the ransomware, but if you had problems with performing the above techniques because the trojan hindered your attempts, proceed to the removal technique listed below.

Everything On Your Computer Has Been Fully Encrypted ransonware removal technique 2

Just like the approach above, you'll need access to the three utilities. And for this approach, if haven't already burned the needed files to a cd/dvd, you'll need to download them on a clean computer, burn them to cd and then transfer them to the infected computer.

You'll need to download:

Removal procedure:

  1. For this approach you'll need to restart the computer in "Safe Mode with Command Prompt" to start off with.

  1. At the login screen select the user account where you first experienced the screen locker ransomware or an account with administrative rights.
  2. Once you're logged in and the command prompt appears, navigate to the drive where you have the three needed removal utilities. If the files are on a cd/dvd, you'll type "D:" at the prompt or possibly "E:". It just depends on your system configuration.

  1. Next execute the copy of "rKill" by typing "rkill.exe" at the prompt while in the proper directory.

  1. Once "rKill' has completed, execute the "Emsisoft Decrypter" by typing "decrypt_harasom.exe" at the prompt. And keep the additional options unchecked just as we did before above.

  1. After the Emsisoft Decrypter has completed it's removal of any detected Harasom family files and also decrypted your files, check the recovered files and make sure that they open correctly and are intact. Once you're sure the files are good, you can then delete the original files that are still encrypted.
  2. Next, decompress the "Emsisoft Emergency Kit" by typing it's executable at the prompt. And then afterwards, start it by typing "start.exe" while in the kit's file folder.
  3. Next, update it and run a deep scan of your computer and then quarantine any malicious files that the scanner locates.

  1. Afterwards, reboot your computer normally.

 Your system should now be clear of the ransomware. If it still shows signs of an infection, you may need to contact a professional virus removal specialist to handle your situation.

Associated Everything on your computer has been fully encrypted ransomware Files and registry modifications:





%LocalAppData%\<Various Path Names>\

%LocalAppData%\<Various Path Names>\<Various File Names>.exe

%LocalAppData%\<Various Path Names>\<Number String>\

%LocalAppData%\<Various Path Names>\<Various String of characters

Associated registry modifications:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<Various Names>" = "%LocalAppData%\<Various Path Names>\<Various Names>.exe"

Smith Technical Resources makes no guarantees or claims that the information contained in this article will help you completely remove the above listed malicious program(s) from your computer.  There are several variations of each particular virus in the wild . And the procedure listed above may not be adequate for the specific version of the virus that your computer has been compromised by.

If you feel uncomfortable performing any of the procedures that we've listed on this page, please contact a professional computer repair company in your area and have them complete the needed repairs on your computer. Smith Technical Resources takes no responsibility for any possible damage that could result from your use of the above instructions.

© 2013 All Rights Reserved. Website Privacy Policy. Site Map

Emsisoft Decrypter Emsisoft Decrypter options Emsisoft Emergency Kit Start Screen Emsisoft Emergency Kit Scan PC Options Microsoft Windows advanced options menu Windows command prompt directory navigation example Windows command prompt application execution command example Emsisoft Decrypter Emsisoft Decrypter options Emsisoft Emergency Kit Start Screen Emsisoft Emergency Kit Scan PC Options
Share on Twitter Share on Stumble Upon Share on Digg Share on Delicious

Providing cost-effective local computer repair and network support in the middle Tennessee area

Phone (615)596-2592

Remote Access Portal

Remote Access Icon
Home About Us Onsite Services Online Services Self Help Pricing Blog Inquiries

Related Tutorials That May Be Of Interest To You

  1. FBI MoneyPak Virus Removal Tutorial
  2. Mandiant USA Cyber Security Ransomware Removal Tutorial

The FBI and Mandiant Logos are the property of their respective organizations.

Mandiant Logo FBI Logo