Your Browser Has Been Blocked Virus

User Rating: / 29
PoorBest 
Type: Other
Damage level: Moderate
Distribution: High
Damage Level

YOUR BROWSER HAS BEEN BLOCKED - how to remove this ransomware virus?

"Your browser has been blocked," "All activities on this computer have been recorded", and "All your files are encrypted" are messages that can appear whilst browsing the Internet. Note that these messages are not legitimate. Browser blocking pop-ups, demanding payment of $300, 200 GBP, or 200 Euro fines (using Ukash, PaySafeCard or GreenDot MoneyPak) to unlock computers, are not associated with any legitimate authorities. The messages are created by cyber criminals with the intention of stealing money from unsuspecting Internet users. Paying fines demanded by these browser-blocking messages is equivalent to sending money directly to cyber criminals.

Internet Explorer, Google Chrome, Mozilla Firefox, and Safari blocking messages are called ransomware viruses. Commonly, cyber criminals responsible for creating these scams, exploit the names of various authorities worldwide (For example, the FBI, EUROPOL, RCMP, Gendarmerie nationale, etc.) Ransomware viruses rely on fake law violation notifications (copyright and related rights laws, viewing or distributing prohibited pornographic content, neglectful use of PCs, etc.) to scare computer users into paying a bogus fine. Cyber criminals have created several different variants of ransomware viruses, and this particular one is called "Browlock". It affects users' Internet browsers only by employing Java script, however, there are several other ransomware families that block the entire screen and encrypt files.

"Your Browser has been blocked" virus removal:

These Internet browser-blocking messages rely on JavaScript. Each time an Internet user attempts to leave such a page, a warning message appears: "YOUR BROWSER HAS BEEN BLOCKED. ALL PC DATA WILL BE DETAINED AND CRIMINAL PROCEDURES WILL BE INITIATED AGAINST YOU IF THE FINE IS NOT PAID."  After clicking OK, users are presented with another message: "Are you sure you want to leave this page?", after clicking "Leave this page", the cycle of these messages continues. If your Internet browsers are locked by one of these messages, do not pay any fines. The correct way to deal with this scam is to eliminate it.

To close the window containing the fake message, terminate your Internet browser's process:

Press ctrl+alt+del on your keyboard and select Task Manager, in the opened window select the processes tab, and end the process associated with your Internet browser.

Internet Explorer process name - iexplore.exe, Google Chrome process name - chrome.exe, Safari process name - Safari.exe, Mozilla Firefox process name firefox.exe

Internet browser processes

After successfully closing your Internet browser, scan your computer for possible malware infections. Download recommended malware removal software.

Alternative method:

In order, to close the browser's window, users need to temporarily disable Javascript. After successfully closing the ransomware message do not forget to enable Javascript. Moreover, if your Internet browser has redirected you to a ransomware page, it could be an indication of a serious security infection. To maintain your computer's safety, always keep your software up-to-date and use legitimate antivirus and anti-spyware programs.

After successfully, closing the Internet browser's window containing the fake message, scan your computer for possible malware infections. Use recommended malware removal software.

Scan your computer for possible malware infections

Eliminate "Your Browser has been locked" virus from Internet Explorer (disable JavaScript in IE):

1. Click on the "gears" icon. Select “Internet Options”.

Internet Explorer

2. Click the “Security” tab, click the “Internet” symbol, click the “Custom Level…” button.

Internet Explorer

3. In the Settings list, scroll down to “Scripting” section. Under Active Scripting, click the radio button to the left of “Disable”.

Internet Explorer

4. After temporarily disabling Javascript in Internet Explorer, you will be able to close the fake "Your browser has been locked" message. To ensure that your computer is not infected with malware, scan your computer for possible malware infections. Use recommended malware removal software.

Eliminate "Your Browser has been locked" virus from Mozilla Firefox (disable JavaScript in Firefox):

1. Click on the Firefox button and select "options"

Mozilla FireFox Options

2. In the top row of icons click “Content”. Click the check box to the left of “Enable JavaScript”.

Mozilla FireFox disabling Javascript

3. After temporarily disabling Javascript in Mozilla Firefox, you will be able to close the fake "Your browser has been locked" message. To ensure that your computer is not infected with malware, scan your computer for possible malware infections. Use recommended malware removal software.

Eliminate "Your Browser has been locked" virus from Safari (disable JavaScript in Safari):

1. Click on the Safari menu, click on Preferences.

Safari Preferences

2. Click the Security icon. In the "Web content" section, uncheck the tick next to "Enable JavaScript".

Safari Javascript

Eliminate "Your Browser has been locked" virus from Google Chrome (disable JavaScript in Chrome):

 1. Click on the "bars" icon. Select "Settings"

Google Chrome Settings

2. Scroll down and click on "Show advanced settings…"

Google Chrome Advanced Settings

3. In the "Privacy" section, click on the "Content settings…" button.

Google Chrome content settings

4. In the JavaScript section, select "Do not allow any site to run JavaScript" and click the "Done" button.

Google Chrome Disable Javascript

5. After temporarily disabling Javascript in Google Chrome, you will be able to close the fake "Your browser has been locked" message. To ensure that your computer is not infected with malware, scan your computer for possible malware infections. Use recommended malware removal software.

Presently, cyber criminals are targeting 27 countries and computer users are presented with localized variants of browser-blocking messages.

Update 2013.12.31 - Cyber criminals responsible for creating this scam started using CloudFlare services and are masking the real source of their ransomware with these URLs:

  • hxxp://alert.police-agent-secure.com
  • hxxp://Block.highqualitypolice.net
  • hxxp://Block.policeprotector.biz
  • hxxp://Cops-help.com
  • hxxp://Police-help.com
  • hxxp://Error.servepolice.biz
  • hxxp://Error.safestep-police.net
  • hxxp://Alert.policeprotector.biz
  • hxxp://Police-service.net
  • hxxp://Error.expresspolicelocation.com
  • hxxp://AlmostPolice.co
  • hxxp://FormalPolice.org
  • hxxp://Nominalpolice.com
  • hxxp://PoliceGuardState.org
  • hxxp://Police-save.second-shine.com
  • hxxp://Police-save.empirehydrogen.org
  • hxxp://TrustPolice.biz

Browser locker ransomware using cloudflare alert police agent secure

New Zealand: hxxp://police.govt.nz.id[random numbers].com
New Zealand Police - All activities of this computer have been recorded. All your files are encrypted.

New Zealand browser blocked

Poland: hxxp://policja.pl.id[random numbers].com
Polska Policja  - Alle Aktivitäten des Computers wurden aufgenommen. Alle Ihre Dateien werden verschlüsselt.

Poland browser blocked

Spain: hxxp://policia.es.id[random numbers].com
Cuerpo Nacional de Policía - "Se han grabado todas las actividades de este ordenador. Todos sus ficheros están cifrados" or "Atención! Su navegador ha sido bloqueado".

Spain browser blocked

Sweden: hxxp://polisen.se.id[random numbers].com
Polisen - "Alla dina filer är krypterade. Försök inte att låsa upp din dator!" or "Viktigt! Din webbläsaren blev blockerad".

Sweden browser blocked

Turkey: hxxp://egm.gov.tr.id[random numbers].com
TURKISH NATIONAL POLICE - Alle Aktivitäten des Computers wurden aufgenommen. Alle Ihre Dateien werden verschlüsselt.

Turkey browser blocked

Switzerland: hxxp://polizei.id[random numbers].com
Schweizerische Eidgenossenschaft - Alle Aktivitäten des Computers wurden aufgenommen. Alle Ihre Dateien werden verschlüsselt.

Switzerland browser blocked

Slovakia: hxxp://minv.sk.id[random numbers].com
International Police Association Slovenská sekcia - Alle Aktivitäten des Computers wurden aufgenommen. Alle Ihre Dateien werden verschlüsselt.

Slovakia browser blocked

Norway: hxxp://politi.no.id[random numbers].com
POLITIET - Alle dine filer er kryptert. Ikke prov a lase opp maskinen!

Norway browser blocked

Luxembourg: hxxp://police.public.lu.id[random numbers].com
POLICE - Achtung!

Luxembourg browser blocked

Latvia: hxxp://vp.gov.lv.id[random numbers].com
Valsts Policija - Alle Aktivitäten des Computers wurden aufgenommen. All Ihre Daten werden verschusselt.

Latvia browser blocked

Hungary: hxxp://police.hu.id[random numbers].com
Szolgálunk és Védünk - Minden fájl titkosított. Ne próbálja meg kinyitni a számítógépet!

Hungary browser blocked

Estonia: hxxp://politsei.ee.id[random numbers].com
Politsei- ja Piirivalveamet - Alle Aktivitäten des Computers wurden aufgenommen. All Ihre Daten werden verschusselt.

Estonia browser blocked

Portugal: hxxp://psp.pt.id[random numbers].com
POLICIA PORTUGAL - Todos os arquivos são encriptados. Não tente desbloquear o seu computador!

Portugal brower blocked

Finland: hxxp://poliisi.fi.id[random numbers].com
POLIISI - "Alle Aktivitäten des Computers wurden aufgenommen. All Ihre Daten werden verschusselt" or "Huomio! Selaimesi on lukittu".

Finland browser blocked

Australia: hxxp://afp.gov.au.id[random numbers].com
AFP - All activities of this computer have been recorded. All your files are encrypted.

Australia browser blocked

United Kingdom: hxxp://europol.europe.eu.id[random numbers].com
Europol - All activities of this computer have been recorded. All your files are encrypted.

United Kingdom browser blocked

Czech Republic: hxxp://policie.cz.id[random numbers].com
Policie České republiky - Alle Aktivitäten des Computers wurden aufgenommen. All Ihre Daten werden verschusselt.

Czech browser blocked

Canada: hxxp://rcmp.gc.ca.id[random numbers].com
Royal Canadian Mounted Police - All activities of this computer have been recorded. All your files are encrypted.

Canada browser blocked

United States: hxxp://fbi.gov.id[random numbers].com
FBI - All activities of this computer have been recorded. All your files are encrypted. Do not try to unlock your computer! Your browser has been blocked due to at least one of the reasons specified below.

USA browser blocked

Germany: hxxp://polizei.de.id[random numbers].com
BundesPolizei - "Alle Aktivitäten des Computers wurden aufgenommen. Alle Ihre Dateien werden verschlüsselt" or "Warnung! Zugang von Ihrem Browser wurde vorlaufig".

Germany browser blocked

Italy: hxxp://polizia-penitenziaria.it.id[random numbers].com
Polizia Penitenziaria - "Tutte le attività di questo computer sono state registrate. Tutti i suoi file sono crittografati" or "Attenzione! Il Suo computer personale è stato bloccato".

Italy browser blocked

Netherlands: hxxp://politie.nl.id[random numbers].com
Politie Nederland - "Alle activiteiten van de computer zijn geregistreerd. Al uw bestanden worden versleuteld" or "Attentie! Uw Webbrowser wordt geblokkeerd".

Netherlands browser blocked

Austria: hxxp://polizei.gv.at.id[random numbers].com
POLIZEI - Alle Aktivitäten des Computers wurde aufgenommen. Alle Ihre Dateien werden verschlüsselt.

Austria browser blocked

Denmark: hxxp://politi.dk.id[random numbers].com
POLITI - Alle dine filer er krypterede. Forsøg ikke at låse op din computer!

Denmark browser blocked

France: hxxp://europol.europe.eu.france.id[random numbers].com
Gendarmerie Nationale - "Toutes les activités de cet ordinateur ont été enregistrées. Tous votre fichiers sont cryptés" or "Attention! Votre browser est bloqué".

France browser blocked

Mexico: hxxp://sep.gob.mx.id[random numbers].com
SEGOB - Se han grabado todas las actividades de este ordenador.

Mexico browser blocked

Ireland: hxxp://garda.ie.id[random numbers].com
An Garda Síochána - All activities of this computer have been recorded. All your files are encrypted.

Ireland browser blocked

Fine has been payed. Your case has been closed. You can pay $450 processing fee to delete all criminal records.

Cyber criminals responsible for creating this scam have added one additional payment that supposedly clears all users' criminal records. This fake message is displayed to users who have already paid the fine to unblock their Internet browsers.

FINE HAS BEEN PAID. YOUR CASE HAS BEEN CLOSED.
YOU CAN PAY $450 PROCESSING FEE TO DELETE ALL CRIMINAL RECORDS.

To Delete this case from all criminal records and avoid any problems at work and other places where criminal records can be checked, you are obliged to pay a release fee of $450, payable through GreenDot MoneyPak (you have to purchase MoneyPak card, load it with $450 and enter the code). You can buy the code at any shop or gas station. MoneyPak is available at the stores nationwide.

Browser locking virus demanding to pay a fee for removing criminal records

This message is merely an additional scam. It is a fake message and there are no actual criminal cases opened.

Comments 

 
#5 RajL 2014-07-17 23:52
If your web browser is displaying a web page claims that your browser has been locked, it is significant to bear in mind that your computer is not infected actually. Instead, you were probably redirected to this page when browsing a legitimate website that was compromised.
Quote
 
 
#4 leon 2014-06-25 04:39
On Mac: accesing the reset preferences can be blocked, but desconecting the wifi or cable will help. Or: force quit just making right click on the dock icon and then option. And when restarting, make it offline so you can reset.
Quote
 
 
#3 fclisella 2014-06-12 23:40
When I first saw the pop up I shut down my computer. At first I thought it was real, thankfully I did not pay. I wish that Google and other companies could block all these sites from being brought up.
Quote
 
 
#2 Neomoloch 2014-06-04 02:45
Hello,
New ip using ransomware
176.31.139.162
Quote
 
 
#1 Tristen 2013-10-07 16:14
Awesome. It totally worked, thanks!
Quote