Interpol Virus - Your computer has been blocked

Also Known As: Interpol Ransomware
Type: Ransomware
Damage level: Severe
Distribution: High
Damage Level

Interpol Virus "Your computer has been blocked" removal instructions

What is Interpol Virus - Your computer has been blocked?

Interpol "Your computer has been blocked" is ransomware created by Cybercriminals. This is a scam, which asks unsuspecting PC users to pay a bogus fine of 100 Euros to unblock their computers. The text within this misleading screen locker reports that you have been violating the law by distributing illegal content. In fact, no authorities use computer screen lockers to collect fines for any law violations - this message is displayed with the sole purpose of scaring computer users for financial gain.

To make this message appear authentic, Cyber criminals incorporate a video recording window within their ransomware. Furthermore, this message displays your IP address, ISP, and a current date. This message is fake; do not pay any fines to unblock your PC. If you closely study the message issued by this ransomware, you will notice poorly-translated text and sentences that make little or no sense. Recently, ransomware infections have become popular among Cyber criminals, and they tend to exploit the names of trusted authorities (such as the FBI, Interpol, etc.) within their fake screen lockers. You can read more about this misleading ransomware business model at the Krebs on Security website. Do not pay this bogus fine to unblock your computer - you will send your money to Cyber criminals.

Interpol

Interpol virus

alt

fake Interpol ranosmware screen locker

Like other ransomware, Interpol "Your computer has been blocked" is proliferated using Trojans and Java exploits. To prevent your computer becoming infected with ransomware and other malware, always update your operating system and installed software regularly. Also use legitimate antivirus and anti-spyware programs. Cyber criminals use Ukash and paysafecard for money transactions, making it difficult to track them. If you see this fake Interpol message on your computer, use this removal guide to help you unblock your PC.

A fake message displayed in Interpol "Your computer has been blocked" ransomware:

Interpol Department of Cybercrime.
Attention!
Your computer is blocked due at least one of the reasons specified below:
You have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Great Britain. Article 128 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years. You have been viewing or distributing prohibited Pornographic content (Child Porno/Zoofilia and etc). Thus violating article 202 of the Criminal Code of Great Britain. Article 202 of the Criminal Code provides for a deprivation of liberty for four to twelve years.. Illegal access to computer data has been initiated from your PC, or you have been.... Article 208 other Criminal Code provides for a fine of up to 100,000 and/or a deprivation of liberty for four to nine years. Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law of On Neglectful Use of Personal Computer. Article 210 of the Criminal Code provides for a fine of 2000 to 8000 euro...

Quick menu:

Interpol Virus "Your computer has been blocked" removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

alt

Video showing how to start Windows 7 in "Safe Mode with Networking":

Step 2

Log in to the account infected with Interpol Virus "Your computer has been blocked". Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries detected.

remover for Interpol Virus "Your computer has been blocked"

If you need assistance removing Interpol Virus - Your computer has been blocked, give us a call 24/7:
1-877-484-8393
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.

Cannot boot in Safe Mode with Networking? (Interpol Virus "Your computer has been blocked" blocks Safe Mode with Networking)

If you have more than one user account in your operating system - please log-in to the clean account and download the recommended malware removal software, install it and run a full system scan, remove all the security infections detected. If, however, you have only one user account, please follow this guide (this guide demonstrates how to create a new user account using Safe Mode with Command Prompt - using this newly created user account, you will be able to remove "Interpol "Your computer has been blocked" virus).

If "Interpol "Your computer has been blocked" virus also blocks your operating system's Safe Mode with Networking, follow these removal instructions:

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt mode loads, enter the following line: net user removevirus /add and press ENTER.

alt

3. Next, enter this line: net localgroup administrators removevirus /add and press ENTER.

creating new user using command prompt

4. Finally, enter this line: shutdown -r and press ENTER.

adding a new user in command prompt

5. Wait for your computer to restart, boot your PC in Normal Mode, and then login to the newly created user account ("removevirus"). This account will not be affected by the ransomware infection and you will be able to download and install recommended malware removal software to eliminate this virus from your computer.

new user account created

6. Download and install recommended malware removal software to eliminate this ransomware infection from your computer:

remover for Interpol Virus "Your computer has been blocked"

If you need assistance removing Interpol Virus - Your computer has been blocked, give us a call 24/7:
1-877-484-8393
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.

If the newly-created user account is also affected by the ransomware infection, try performing a System Restore:

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window, click "Next".

restore system files and settings

5. Select one of the available restore points and click "Next" (this will restore your computer's system to an earlier time and date, prior to the ransomware infiltrating your PC).

select a restore point

6. In the opened window, click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of Interpol "Your computer has been blocked" ransomware.

Some ransomware infections are capable of encrypting all files stored on an infected PC. If you are dealing with such an infection, you can use some of the tools listed below to decrypt your files.

To regain control of your files (decrypt) try using these tools:

RannohDecryptor (Kaspersky)

XoristDecryptor (Kaspersky)

RectorDecryptor (Kaspersky)

Trojan.Winlock decoding utility (Dr.Web)

Alternative Interpol Virus "Your computer has been blocked" removal guide:

If this ransomware blocks your screen when you start your computer, in Safe Mode with networking, try starting your PC in Safe Mode with Command Prompt.

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

win 7 safe mode with command prompt

2. In the opened Command Prompt, type explorer and press Enter. This command will open the explorer window. Do not close it, and continue to the next step.

3. In the Command Prompt, type regedit and press Enter. This will open the Registry Editor window.

4. In the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

registy editor winlogon

5. In the right side of the window, locate "Shell" and right click on it. Click on Modify. The default value in the Data column is Explorer.exe - if you see something else displayed in this window, remove it and type Explorer.exe (take a note of whatever else was displayed in the Data column - this is the path of the rogue execution file). Use this information to navigate to the rogue executable and remove it.

6. Restart your computer, download and install legitimate anti-spyware software and perform a full system scan to eliminate any remnants of Windows Anytime Upgrade scam.

remover for Interpol Virus "Your computer has been blocked"

If you need assistance removing Interpol Virus - Your computer has been blocked, give us a call 24/7:
1-877-484-8393
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode, making its removal more complicated. For this step, you need access to another computer. After removing Interpol "Your computer has been blocked" scam from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.

Other tools known to remove Interpol Virus "Your computer has been blocked":

Comments 

 
#16 admin 2014-05-27 23:43
Hi Percy, if you can't boot your computer in Safe Mode with Command Prompt you should burn a recovery CD using a clean computer and then used it to clean the infected one. More information here - http://www.pcrisk.com/computer-technician-blog/general-information/6775-how-to-boot-your-computer-using-a-rescue-disk
Quote
 
 
#15 Percy 2014-05-27 22:14
Hi Thomas.

I just got hit with this virus. Unfortunately it wont let me get into safe mode. Whenever I choose safe mode with networking or safe mode with command prompt, i see it load up then it shuts down and automatically starts windows in normal mode.
Any help will be greatly appreaciated.
Quote
 
 
#14 Tobias 2014-04-25 10:46
hello guys, my dad got this virus.
he can't press F8, maybe it is his keyboard that needs combis, but how to you do it then? Fn+F8 or what?
Quote
 
 
#13 Chuck 2013-08-29 15:36
Thanks! the interpol scam really scared my daughter. But I recognized it for what it was, found this site on my computer, and followed all your steps. I had to resort to the System Restore solution, but it worked. She's a happy camper again and we're both a little more educated.
Quote
 
 
#12 raquel 2013-08-29 06:05
Thank you so much for this information, I was in panic but I was able to come down and realize that the only thing they want was money. thank you so much again.
Quote
 
 
#11 Melissa 2013-07-31 16:07
Thank you so much for posting a user friendly how to guide! This has been incredibly helpful in getting my PC back up and running!
Quote
 
 
#10 Lucy 2013-07-31 02:12
Thank you for this post. This was so helpful. I didn't exactly follow the steps, but a system restore fixed it! Thank you. Thank you. My daughter has been watching a lot of documentaries on mermaids and the Bermuda Triangle and this Interpol message came up.
Quote
 
 
#9 admin 2013-04-18 23:11
Hi Kara-Lee, messages which locks computer user's screen are called ransomware viruses. They are created by Cyber criminals. To remove the one that infected your computer use this removal guide http://www.pcrisk.com/removal-guides/6813-remove-australian-federal-police-scam
Quote
 
 
#8 Kara-Lee 2013-04-18 19:30
Hi
I just got this last night it said that i was violating a law and locked my computer and to pay $100 through epay or ukash in 72 hours. It had the australian federal logo on it and the interpol logo on it. I was not sure if it was a scam so i did ths and now the screen of my computer is white.
Was it real or fake and what should i do????
Quote
 
 
#7 Stephen Innes 2013-01-19 10:57
I just went in to watch a football match and this ransomware came apon me! Kodos to the Bastards it does look good but thank god I looked up on Google and came across this info!!! I just can't get into my pc at all but now and windows came up with its own rescue file,I clicked on what it said,along the lines of "Windows knows there is a block on the start up menu and click on a recovery file (recommended) but as we speak it didn't work so I've now got my work cut out !! I knew I should have made a back up disk!!!
Quote
 
Add comment
PCrisk.com is not responsible for the content of the comments.


About the author:

I am passionate about computer security and technology. I have an experience of 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an editor for pcrisk.com since 2010.

Follow me on Google+ to stay informed about the latest online security threats.

Our malware removal guides are free. However, if you want to support us you can send us a donation.