The Your Computer Has Been Blocked virus or Everything On Your Computer Has Been Fully Encrypted ransonware is a member of the Trojan:Win32/Harasom.A Ransomware family of infections. Once your computer has been compromised by this ransomware, it will prevent access to your Windows desktop, your applications and also your data files unless you pay the distributors of it a ransom of $300.00. It states that the payment must be made through MoneyPak, Vanilla Reload or REloadit within 72 hours. This particular ransomware is very malicious and can cause unsuspecting computer users a large amount of headaches, because it not only locks your screen and applications, but it also actually encrypts your data files. And if you attempt opening any of the modified files, your web browser will open and state that the files are encrypted.
The Everything On Your Computer Has Been Fully Encrypted ransonware doesn't encrypt all of your files. It appears to focus mainly on the most important user data files with the extensions of, docx, xlsm, ppsx, eml, dot, php, xla, gif, ppt, ico, mpg, lnk, docm, txt, sfx, zip, mdb, bkf, odp, eml, ppsx, ppsm, sldx and dwg. Fortunately, a specialized trojan removal and file decryption tool has been developed to combat this infection.
You'll need to download a few utilities to remove the infection from your computer. You should be able to download the files below on the compromised computer from "Safe Mode with Networking". If the trojan hinders your attempts at downloading the needed files, you'll need to download them on a clean computer, burn them to cd and then transfer them to the infected system.
You'll need to download:
At this point your computer should be clean of the ransomware, but if you had problems with performing the above techniques because the trojan hindered your attempts, proceed to the removal technique listed below.
Just like the approach above, you'll need access to the three utilities. And for this approach, if haven't already burned the needed files to a cd/dvd, you'll need to download them on a clean computer, burn them to cd and then transfer them to the infected computer.
You'll need to download:
Your system should now be clear of the ransomware. If it still shows signs of an infection, you may need to contact a professional virus removal specialist to handle your situation.
Associated Everything on your computer has been fully encrypted ransomware Files and registry modifications:
%LocalAppData%\<Various Path Names>\
%LocalAppData%\<Various Path Names>\<Various File Names>.exe
%LocalAppData%\<Various Path Names>\<Number String>\
%LocalAppData%\<Various Path Names>\<Various String of characters
Associated registry modifications:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<Various Names>" = "%LocalAppData%\<Various Path Names>\<Various Names>.exe"
Smith Technical Resources makes no guarantees or claims that the information contained in this article will help you completely remove the above listed malicious program(s) from your computer. There are several variations of each particular virus in the wild . And the procedure listed above may not be adequate for the specific version of the virus that your computer has been compromised by.
If you feel uncomfortable performing any of the procedures that we've listed on this page, please contact a professional computer repair company in your area and have them complete the needed repairs on your computer. Smith Technical Resources takes no responsibility for any possible damage that could result from your use of the above instructions.