How to get rid of the virus, blocking Windows?

How to get rid of the virus? Fraud on the Internet almost no offense. Therefore, when the user switches on his computer system and instead sees the welcome window which reports the presence of the virus, it is, in fact, left alone with his problem. And not every provider is ready to provide all necessary assistance. Therefore, we will cope on their own.

If nothing with you affected system, the easier it will be reinstalled. However, Murphy's Law still has not been canceled. Sometimes, it is vital to restore the data from the infected system. Universal tip for beginners. First of all, do not panic. Much can solve yourself. And in the case of a virus winlock rectify the situation is not as difficult as it may seem. However, it takes a little extra time.

First you need to do everything in order to boot the system. About it now and we'll talk. Next time will come material, entirely dedicated to the treatment of the affected system. And at this stage we have a task to bring our feelings in OSes.

Firstly, do not even think to send any messages. This is completely a waste of money. Write off from the account of all that is. And after the code to unlock the payment you are likely to get. But even if it will get, it will not solve all problems. It is obvious that the Trojan will remain on your computer and will continue to spoil your life.

method №1

The same goes for free unlock codes, which can be taken on site laboratory Kaspersky, Dr. Web or Nod 32. In most cases, they are useless, just the same as sending a message. The resulting code is theoretically able to cope with the inscription that appears instead of booting the system. But, as practice shows, this is not enough. In the best case, this code will unlock the system. It will be run. Maybe even without any additional problems. However, this happens very rarely.

Most likely, only to load the desktop and nothing else. Here you can try to call the task manager known combination (Ctrl + Alt + Del). This is unlikely to succeed. Then on the screen the words "Task Manager disabled by your administrator" appears. But still worth a try. If by some miracle the task manager yet started, then the system is to do the treatment. This is what we discuss in detail in next time.

Sposob№2

However, most often neither these nor any other combination does not work. Then try to boot the system in safe mode. Again, the chances are slim, but they are. To start the safe mode at boot time, press F8. In case of failure, instead of downloading will be visible only a black screen. If the choice of boot options still appear, you will need to select "Safe Mode with network drivers." After loading the system it will need treatment.

method №3

In most cases, an infected system does not work. But before it can be reached by an external carrier. Whether it's USB flash drive or CD, it does not matter, it is necessary to burn the backup to a disk image of a bootable OS Windows PE, a program for recording. This same media need to put an alternative registry editor and Norton Commander utility.

After successful entries have to restart the computer and run the Bios. With it, the first device to boot expose the CD-Rom or USB. Depending on where the image is placed as described above. Then, connect the selected carrier and restart the computer. During the boot menu appears, where you choose Windows PE. After some time, the system will start. From there we open the registry editor. Apart from external storage system therein will be visible and the infected recording OSes. You need to go to the following address among all this splendor: HKEY_CURRENT_USER \ Software \ Windows NT \ Microsoft \ Windows \ CurrentVersion \ Winlogon. There, easily find the section "Shell"With the value"explorer.exe"And the section"usernit"Which should be spelled out as follows:"C: \ WINDOWS \ system32 \ userinit.exe,"(This is not a typo, the string must end with just a comma). If the data sections have any changes, they should be corrected (correct values ​​are specified above). After that you can close the Registry Editor.

Now Norton Commander connects to the operation. With it, find the folder windows / system. It can be a file user32.exe. It should not be there, but if there is - to remove. Then check the root sections of all drives that are available. In each of them you want to delete the file "autorun.inf"And any extraneous files c extension« .exe ».

Then load Kaspersky removal tool and dr.web cureit. They both include a check of the infected system. Then restart your computer, and return the standard Bios settings. Winlock almost neutralized. It remains only to cure precious system.