Your computer has been locked! Virus

Also Known As: Your computer has been locked Ransomware
Type: Ransomware
Damage level: Severe
Distribution: High
Damage Level

Your computer has been locked due to suspicious of illegal content downloading and distribution (Department of Justice and Department of Homeland Security) virus - how to remove?

This message locks users' computers, demanding payment of a $300 fine using MoneyPak. This is a scam, a ransomware infection created by cyber criminals and targeting PC users from the United States. This fake message states that the computer user's screen was locked due to downloading and distributing illegal content (child pornography). Do not believe these statements - they are fake. Cyber criminals who have developed this deceptive message (ransomware), hope that computer users will fall for their trickery and pay the bogus fine. Neither the "Department of Justice" nor the "U.S. Department of Homeland Security" are connected with this message. Cyber criminals responsible for releasing this scam exploit the names and graphics of these organizations.

In fact, no international authorities or organizations use desktop-locking messages to collect fines for any law violations. Paying the $300 fine demanded by this message is equivalent to sending your money to cyber criminals. This particular virus (ransomware) originates from a family of screen lockers called Kovter and is just one of many targeting PC users from the United States. Other known ransomware targeting computer users from the USA, exploits the names of the Department of Justice, FBI Cybercrime Division, and many others.

Your computer has been locked! MoneyPak scam

As well as blocking your computer screen, the "Your computer has been locked!" virus  also scans computer users' Internet browsing history in order to make the deceptive message appear authentic. The browsing history scan detects any recently-visited pornographic websites, and if such entries are found, are displayed in the "Source or intermediary sites" section of this ransomware infection. If no pornographic websites are detected, this ransomware displays porn.com as being found in "Source or intermediary sites". A common source of ransomware infections such as these are exploit kits, which exploit security vulnerabilities detected on users' computers and then execute malicious code. Protect your computer by using antivirus and anti-spyware software, and if your PC is already infected, use the removal guide provided to eliminate this scam.

A fake message displayed by the "Your computer has been locked!" virus:

Your computer has been locked due to suspicious of illegal content downloading and distribution.
Mentioned illegal content (414 Mb of video files) was automatically classified as child pornography materials. Such actions, in whole or in part, violate following U.S. Federal Laws:
18 U.S.C 2251 - Sexual Exploitation of Children (Production of child pornography)
18 U.S.C 2252 - Certain activities relating to material involving the sexual exploration of minors (Possession, distribution and receipt of child pornography)
18 U.S.C. 2252A - certain activities relating to material constituting or containing child pornography.

Any individual who violates, or attempts to violate, or conspires to violate mentioned laws shall be sentenced to a mandatory term of imprisonment from 4 to 30 years and shall be fined up to $250,000.
All suspicious files from your computer were transmitted to a special server and shall be used as evidences. Don't try to corrupt any data or unblock your account in an unauthorized way.
Your case can be classified as occasional/unmotivated, according to title 17 (U.S. Code) 512. Thus it may be closed without prosecution. Your computer will be unblocked automatically.

In order to resolve this situation in an above-mentioned way you should pay a fine of $300.

"Your computer has been locked!" virus removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Video showing how to start Windows 8 in "Safe Mode with Networking":

Step 2

Log in to the account infected with "Your computer has been locked!" virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.

remover for "Your computer has been locked!" virus

By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.


If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.

Video showing how to remove a ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window click "Next".

restore system files and settings

5. Select one of the available restore points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware infiltrating your PC).

select a restore point

6. In the opened window click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of "Your computer has been locked!" virus.

Other tools known to remove the "Your computer has been locked!" virus:

Comments 

 
#6 Phaedrus 2013-09-25 23:17
Okay long story short found this while doing a theology paper. Amusing. Hook up site... Anyways its looking at your history and probably locally shared objects. Windows: Control panel - network and internet - Internet options- - under the general tab delete history. select everything. Second part find the file C:Usersuser1AppDataRoamingM acromedia. (User1 is really whatever your computer name is) Delete everything in that folder. (those are flash cookies. its how websites track you) Everything should be back to normal. Now start scanning.
Quote
 
 
#5 Patrick 2013-06-17 21:58
Thank You Thank You I will always thank you
Quote
 
 
#4 aguyinneed 2013-05-20 10:50
Thank you very much! I was playing a online game and suddenly my screen got blocked, this helped me finally. Great site
Quote
 
 
#3 admin 2013-05-14 23:31
Hi Dr_O if your can boot in safe mode with command prompt you can try using a rescue disk (you will need access to a clean computer to follow this guide) - http://www.pcrisk.com/computer-technician-blog/general-information/6775-how-to-boot-your-computer-using-a-rescue-disk
Quote
 
 
#2 Dr_O 2013-05-14 19:35
I cannot open in SAFE mode (regular, with network or with command prompt) ... just goes to frozen screen demanding $300. Yes, I hit F8 and I got the option for SAFE mode, but when I select any option I get the same result.

HELP please!
Quote
 
 
#1 keith 2013-05-06 07:01
worked like a charm!
Quote
 
About the author:

I am passionate about computer security and technology. I have an experience of 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an editor for pcrisk.com since 2010.

Follow me on Google+ to stay informed about the latest online security threats.

Our malware removal guides are free. However, if you want to support us you can send us a donation.