If, some time after the system boots, a blue banner pops up on the screen with an accusation of any sins and a message about blocking the computer, this means that now you are familiar with the Trojan. Winlock class of viruses. The virus offers to get absolution and an unlock code for 300-500 rubles by transferring money to a mobile phone account. When you reboot, the classification of your sin, the sum of its assessment and the phone number may change.
Instructions
Step 1
Use some other computer to create a bootable disk with a set of programs required to disinfect your computer. You need to find a disk image on the Internet with the name WinPE_uVS or WinPE_uVS_recSys, download and create a bootable disk from it on some medium - flash, CD or DVD.
Step 2
Boot on the infected computer from the created disk, in the left pane, check the box next to the Total Commander item and click the GO button at the bottom right. In this way, you will open the file manager.
Step 3
Select the boot disk from the list of disks in the file manager and double-click the start.cmd file - it opens the uVS utility.
Step 4
Click the button that says "Select Windows Directory", navigate to the drive where your operating system is installed, click the folder where it is located, and click the "OK" button.
Step 5
Click the "Run under the current user" button and the utility will start scanning the system located in the folder you specified. Not only files in this folder will be scanned, but also OS elements located in other directories. At the end of the work, you will be presented with a list of files that the utility considers suspicious.
Step 6
Remove files you know from the list of suspicious files. Keep in mind that you should not delete anything the utility has doubts about - for example, it considers components of antivirus programs, firewalls, etc. to be suspicious. Right-click such files and select Add to Known List from the menu. If in doubt, you can select the top line in this menu ("Information") to view more detailed information about the file.
Step 7
Add the virus signature to the utility database. For a suspicious file that is not associated with a program you know, right-click and select the "Add file signature to virus database" line from the menu. The utility will ask you to give it a name - enter the file name. It usually has a name similar to 22CC6C32.exe. After specifying the name, click OK.
Step 8
Click the Check List button. After you have added the signature of the file to the database, a second check will reveal all references to it contained in other elements on this disk. In this way, the utility will find the file that will "regenerate" the virus.
Step 9
Click the "Kill viruses" button and the utility will destroy all the files remaining in the list. After that, you can close it and return to the file manager.
Step 10
Find a file named system32.exe - it is located in the root folder of the boot disk. Run it to repair virus-corrupted system files.
Step 11
Specify the Windows folder in which the program should write the undamaged system files, and click the Install button. This completes the restoration of everything damaged by the virus.
Step 12
Close the file manager and in the Shell Swapper window select the Reboot option from the drop-down list in the upper right corner. Boot your OS in the usual way.
Step 13
The websites of anti-virus programs have detailed and simple instructions on how to get rid of the banner. As a rule, it boils down to the selection of an unlocking code and can only help if the distributor of the virus is really concerned about restoring your computer's performance and has provided such an opportunity. You can check how effective this technique is and whether it is more of a search engine optimization and commercial antivirus advertising tool. Perhaps you are lucky, and if not, go to the above technique that is effective in relation to today's generation of viruses.