Stop Online Piracy Automatic Protection System - Your Computer is Locked
Written by Tomas Meskauskas on
"Stop Online Piracy Automatic Protection System - Your computer is locked!" - how to unlock your PC?
Stop Online Piracy Automatic Protection System - Your Computer is Locked! is a scam message that is presented in a ransomware computer infection created by Cyber criminals. This security threat completely locks PC user's desktop and shows a message which states that such lock was made to stop computer user's illegal usage of copyrighted material. Such ransomware infections are quite popular among Cyber criminals, what makes this one different is the use of S.O.P.A name (most commonly Cyber criminals are using the names of authorities such as FBI, Metropolitan Police etc.) and the fact that when infected with this ransomware all the files that were stored on your computer are encrypted.
The deceptive message that is presented in this ransomware states that you have to pay a fine of 200$ in order to unlock your PC and decrypt your files - you shouldn't pay this fine, it's a scam. Neither S.O.P.A nor any other authority are using screen lockers to collect fines for copyrighted material piracy or any other possible law infringements. Stop Online Piracy Automatic Protection System - Your computer is locked ransomware was created and is being distributed with a sole purpose - tricking unsuspecting PC users into paying a non existent fine. Don't pay this fine, you will send your money to Cyber criminals and your computer will remain locked.
When this ransomware infiltrates your PC it will encrypt your files. The interesting thing about this ranosmware infection is that it's authors are giving a possibility to test their decryption services. A user of infected PC can send the encrypted file to the creators and they will send the decrypted file back proving that they are able to decrypt the files. The fact that this ransomware encrypts users files makes it especially rogue, most commonly such security infections only blocks computer user's desktop but doesn't mess with the files. Unfortunately we didn't have a chance to fully analyze this ransomware infection. If you PC is infected with Stop Online Piracy Automatic Protection System - Your Computer is Locked! you can use these basic removal instructions which might help you get rid of this scam. If you have experience dealing with this ransomware please share your knowledge in the comments sections. Thanks.
Fake message shown in "Stop Online Piracy Automatic Protection System - Your Computer is Locked!" scam:
Stop Online Piracy Automatic Protection System
Your computer is locked!
If you see a warning.txt or warning screen, it means your IP address was included in S.O.P.A. Black List.
One or more of the following items were made from your PC:
1. Downloading or distributing audio or video files protected by Copyright Law.
2. Downloading or distributing illegal content (child porn, phishing software, etc.)
3. Downloading or distributing Software protected by Copyright Law.
As a result of these infringements based on Stop Online Piracy Act (H.R. 3261) your PC and files are now blocked.
You can remove your IP from black list and unlock PC and files by paying a fine of 200 (USA and Canada)/200 EUR (via Western Union to other Countries)
STEP 1: Buy a moneypak prepaid voucher for the amount of $200 at the nearest store.
STEP 2: Enter your prepaid voucher number and your email address in the fields below then click PAY and you will be prompted to enter the unlock code. OR Send an e-mail at This e-mail address is being protected from spambots. You need JavaScript enabled to view it Indicate your ID in the message title and provide moneypak prepaid voucher number.
STEP 3: Check your e-mail. In 24 hours we will send your Unlock code once payment is verified. Then enter your unlock code that you received by email from us and click UNLOCK. Your computer will roll back to the ordinary state.
Q: How can I make sure that you can really decipher my files?
A: You can send one ciphered file on email This e-mail address is being protected from spambots. You need JavaScript enabled to view it (Indicate your ID and IP address in the message title), in the response message you receive the deciphered file.
Q: Where can I purchase a MoneyPak?
A: MoneyPak can be purchased at thousands of stores nationwide, including major retailers such as Wal-Mart, Waigreens, CVS/pharmacy, Rite Aid, Kmart...
Q: How do I buy a MoneyPak at the store?
A: Pick up a MoneyPak from the Prepaid Product Section or GreenDot display and take it to the register. The cashier will collect your cash and load it onto the MoneyPak.
Q: What if I don't have possibility to purchase prepaid voucher?
A: You can send money in amount of 200 EUR by WesternUnion as alternative option.
WARNING!!!: If you don't pay the fine within 72 HOURS at the amount of 200 USD, all your computer data will be erased
"Stop Online Piracy Automatic Protection System - Your Computer is Locked!" screen locker removal:
Step 1
During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.
Step 2
Log in to the account that is infected with "Canadian Police Association - Your Computer is Locked" scam. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries that it detects.
remover for Stop Online Piracy Automatic Protection System scam
After completing these steps your computer should be clean, reboot your computer in normal mode.
This ransomware encrytps all of the stored files on your computer. To regain control of your files (decrypt) try using these tools:
Trojan.Winlock decoding utility (Dr.Web)
Alternative "Stop Online Piracy Automatic Protection System - Your Computer is Locked!" scam removal guide:
If this ransomware blocks your screen when you start your computer in safe mode with networking, try starting your PC in safe mode with command prompt.
1. During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.
2. In the opened command prompt type explorer and press Enter. This command will open explorer window, don't close it and continue to the next step.
3. In the command prompt type regedit and press Enter. This will open the registry editor window.
4. In the registry editor window you should navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
5. In the right side of the window locate "Shell" and right click on it. Click on Modify. The default value data is Explorer.exe if you see something else written in this window remove it and type in Explorer.exe (you can write down whatever else was written in the value data section - this is a path of the rogue execution file) - use this information to navigate to the rogue executable and remove it.
6. Restart your computer, download and install a legitimate anti-spyware software and perform a full system scan to eliminate any left remnants of "Stop Online Piracy Automatic Protection System - Your Computer is Locked!" scam.
7. This ransomware encrytps all of the stored files on your computer. To regain control of your files (decrypt) try using these tools:
Trojan.Winlock decoding utility (Dr.Web)
remover for Stop Online Piracy Automatic Protection System scam
If you can't start your computer in safe mode with networking (or with command prompt) you should boot your computer using a rescue disk. Some variants of ransomware disables safe mode making it's removal more complicated. For this step you will need access to another computer. After removing "Stop Online Piracy Automatic Protection System - Your Computer is Locked!" scam from your PC restart your computer and scan it with a legitimate antispyware software to remove any possibly left remnants of this security infection.
Other tools known to remove "Stop Online Piracy Automatic Protection System - Your Computer is Locked!" scam:
Some malicious software modifies browser settings and disables downloads of spyware and virus removing software. If you have problems downloading anti-spyware software with Internet Explorer, try downloading with Chrome, FireFox, Opera, etc.
If you can't access Internet:
Load your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.
Start Task manager. Press ctrl+alt+del (or ctrl+shift+esc) and end task the processes of rogue program. ( if after this procedure you can't access any programs press ctrl+alt+del, click File, select New Task, and type explorer.exe then press OK.
Open Internet explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if a Use a proxy server for your LAN is checked, un-check it and press OK.
After this procedure you should be able to access Internet. Now you can download anti-spyware software from our "Top spyware removers" section and run a full scan. Download, install and don't forget to update your selected anti-spyware program.
Manual "Stop Online Piracy Automatic Protection System - Your Computer is Locked!" scam removal:
If you were unable to remove "Stop Online Piracy Automatic Protection System - Your Computer is Locked!" scam using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)
End these "Stop Online Piracy Automatic Protection System - Your Computer is Locked!" ransomware processes:
random.exe
Delete these "Stop Online Piracy Automatic Protection System - Your Computer is Locked!" ransomware files:
%Temp%\<random>.exe
%StartupFolder%\ctfmon.lnk