Stop Online Piracy Virus
Written by Tomas Meskauskas
Damage level: Severe
"Stop Online Piracy Automatic Protection System - Your computer is locked!" Virus - how to unlock your PC?
Stop Online Piracy Automatic Protection System - Your Computer is Locked! is a scam message delivered by a ransomware computer infection created by Cyber criminals. This security threat locks PC users' desktops and displays a message stating that the lock was enforced to prevent illegal use of copyrighted material. Such ransomware infections are common amongst Cyber criminals, however, this one is different for two reasons: 1) its use of the S.O.P.A. name (cyber criminals sometimes use the names of authorities such as the FBI, Metropolitan Police, etc.) and; 2) when infected by this ransomware, all files stored on your computer are encrypted.
The deceptive message presented by this ransomware demands that you pay a fine of $200 in order to unlock your PC and decrypt your files. Do not pay this fine, it is a scam. Neither S.O.P.A. nor any other authority uses screen lockers to collect fines for copyrighted material, piracy, or other law infringements. Stop Online Piracy Automatic Protection System - Your computer is locked ransomware was created and is distributed with the sole purpose to trick unsuspecting PC users into paying a bogus fine. Do not pay this fine - you will send your money to cyber criminals and your computer will remain locked.
When this ransomware infiltrates your PC, it will encrypt your files. This ransomware infection is devious, since its authors offer the opportunity to 'test' their decryption services. A user of an infected PC can send the 'encrypted' file to the creators who then return the decrypted file, thus 'proving' that they are able to decrypt the files. Since this ransomware endeavours to encrypts users' files, it is especially devious. Commonly, security infections such as these only block computer users' desktops and do not affect the files. Unfortunately, we did not have the chance to fully analyze this ransomware infection. If your PC is infected with Stop Online Piracy Automatic Protection System - Your Computer is Locked!, use these basic removal instructions, which might help to remove this scam. If you have experience of dealing with this type of ransomware, then please share your knowledge in the comments sections. Thank you.
A fake message displayed by the "Stop Online Piracy Automatic Protection System - Your Computer is Locked!" scam:
Stop Online Piracy Automatic Protection System.
Your computer is locked!
If you see a warning.txt or warning screen, it means your IP address was included in S.O.P.A. Black List.
One or more of the following items were made from your PC:
1. Downloading or distributing audio or video files protected by Copyright Law.
2. Downloading or distributing illegal content (child porn, phishing software, etc.)
3. Downloading or distributing Software protected by Copyright Law.
As a result of these infringements based on Stop Online Piracy Act (H.R. 3261) your PC and files are now blocked.
You can remove your IP from black list and unlock PC and files by paying a fine of 200 (USA and Canada)/200 EUR (via Western Union to other Countries)
STEP 1: Buy a moneypak prepaid voucher for the amount of $200 at the nearest store.
STEP 3: Check your e-mail. In 24 hours we will send your Unlock code once payment is verified. Then enter your unlock code that you received by email from us and click UNLOCK. Your computer will roll back to the ordinary state.
Q: How can I make sure that you can really decipher my files?
Q: Where can I purchase a MoneyPak?
A: MoneyPak can be purchased at thousands of stores nationwide, including major retailers such as Wal-Mart, Waigreens, CVS/pharmacy, Rite Aid, Kmart...
Q: How do I buy a MoneyPak at the store?
A: Pick up a MoneyPak from the Prepaid Product Section or GreenDot display and take it to the register. The cashier will collect your cash and load it onto the MoneyPak.
Q: What if I don't have possibility to purchase prepaid voucher?
A: You can send money in amount of 200 EUR by WesternUnion as alternative option.
WARNING!!!: If you don't pay the fine within 72 HOURS at the amount of 200 USD, all your computer data will be erased
"Stop Online Piracy Automatic Protection System - Your Computer is Locked!" virus removal:
Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Log in to the account infected with this ransomware virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries detected.
After completing these steps your computer should be clean. Reboot your computer in Normal Mode.
This ransomware encrytps all stored files on your computer. To regain control of your files (decrypt) try using these tools:
Alternative "Stop Online Piracy Automatic Protection System - Your Computer is Locked!" scam removal guide:
If this ransomware blocks your screen when you start your computer in Safe Mode with Networking, try starting your PC in Safe Mode with Command Prompt.
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. In the opened Command Prompt, type explorer and press Enter. This command will open the Explorer window - do not close it and continue to the next step.
3. In the Command Prompt, type regedit and press Enter. This will open the Registry Editor window.
4. In the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
5. In the right side of the window, locate "Shell" and right click on it. Click on Modify. The default value in the Data column is Explorer.exe - if you see something else displayed in this window, remove it and type Explorer.exe (take a note of whatever else was displayed in the Data column - this is the path of the rogue execution file). Use this information to navigate to the rogue executable and remove it.
6. Restart your computer, download and install legitimate anti-spyware software and perform a full system scan to eliminate any remnants of "Stop Online Piracy Automatic Protection System - Your Computer is Locked!" scam.
7. This ransomware encrytps all files on your computer. To regain control of your files (decrypt) try using these tools:
If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode, making its removal more complicated. For this step, you need access to another computer. After removing "Stop Online Piracy Automatic Protection System - Your Computer is Locked!" scam from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.
Other tools known to remove "Stop Online Piracy Automatic Protection System - Your Computer is Locked!" scam: