Written by Tomas Meskauskas
Damage level: Severe
Spamhaus virus "You have 48 hours left to enter your payment" removal guide
What is SPAMHAUS?
The Spamhaus message reports the following: "You have lost control over your computer. Your system and all your files have been blocked and encrypted because you were spreading the Malware (viruses, Trojans, worms). You are breaking numerous International and USA laws". This is a scam, a ransomware virus created by cyber criminals with the purpose to scare unsuspecting PC users into paying a bogus $300 fine for alleged law violations. This deceptive message demands that PC users pay a fine for watching child pornography, using unlicensed software, or being in possession of pirated audio and video files. Computer users should be aware that no international authorities or organizations (including Spamhaus) use screen-blocking messages such as this to collect fines for any law violations.
The name, 'Spamhaus', is exploited by cyber criminals in order to make their deceptive message appear authentic and to trick users into paying bogus fines using MoneyPak. These ransomware viruses are not new - cyber criminals actively create and distribute these screen lockers on a daily basis. Some of the most actively distributed ransomware viruses exploit the names of the FBI Cybercrime Division and The United States Department of Justice. If you observe a Spamhaus message demanding payment of a fine in order to unblock your computer, your PC is infected with a ransomware virus. Ignore this deceptive message and do not pay any fines.
The Spamhaus "You have lost control over your computer" ransomware virus is proliferated using exploit kits and Trojans capable of infiltrating users' computers via any security vulnerabilities detected. Common sources of exploit kits are infected email messages, malicious websites, and drive-by downloads. To protect your computer from the Spamhaus ransomware virus or other infections, always use legitimate antivirus and anti-spyware programs. Keeping your operating system and installed software (Java, Flash, etc.) up-to-date greatly reduces the risk of your PC being infected with malware. To remove the Spamhaus ransomware virus, use the removal guide provided.
A fake message displayed by the Spamhaus "Computer Blocked" virus:
THE SPAMHAUS PROJECT
Working to protect Internet Networks Worldwide
Spamhaus tracks the Internet's spam senders and spam services, provides dependable real-time anti-spam protection for Internet networks, and works with Law Enforcement to identify and pursue spammers worldwide.
GreenDot MoneyPak is very unique payment system in the United States. You will not be required to enter any of your personal information (not even your first or last name) or any information which can compromise you.
Pin number is located on the back of the MoneyPak card. You have to carefully scratch of the protection layer.
You have 48 hours left to enter your payment.
You have lost control over your computer. Your system and all your files has been blocked and encrypted because you were spreading the Malware (viruses, Trojans, worms). You are breaking numerous International and USA laws.
Actions made by your computer backed up under United States law USA Patriot ACT What exactly is The Patriot Act? The Patriot Act is short for The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001. We have the right backed by law: Sec. 20/. Authority to intercept wire, oral, and electronic communications relating to terrorism. Sec. 202. Authority to intercept wire, oral, and electronic communications relating to computer fraud and abuse offences. Sec. 209. Seizure of voice-mail messages pursuant to warrants. Sec. 227. Interception of computer trespasser communications. With the support of the federal Bureau investigation department on cybercrime and the Supreme court of the United States of America. We have the legal right to scan and intercept any information going in and out of your computers.
You IP address (18.104.22.168) was identified and isolated by our organisation in connection with a complaint to the involvement of distributed denial of service (DDaS) attack such organisations: NASDAQ and BATSS stock exchange markets and WIKILEAKS.ORG website. Such attacks caused $15 billions in damage. In order to isolate this infected files we have blocked your access to the outside world and your OP address was listed in our XBL Block List. You can not use the in ferret or any of your programs. You have a chance to settle this issue right now before we contact the proper authorities. Within 48 hours, you can pay afire of $ 300. All your files will be decrypted, and access to the computer will be granted, a claim for compensation from affected from affected companies will be removed and your IP (22.214.171.124) address will be restored to good standings with XBL Block List. If you don't pay a penalty within the next 48 hours, local authorities and secret service will be contacted, and most likely it will result in your arrest. You can and will be prosecuted to the fullest extent of the law in order to recover our lasses. Do not take a chance to be convicted as a felon.
Our Spamhaus agent has conducted a full check of your system and found following violations: • You are a distributor of pornography and porno materials, regularly watch porno sites with child pornography and zoophilia. • You possess unlicensed software and pirated audio and video records.
18 U.S.C. § 2252- Certain activities relating to material involving the sexual exploitation of minors (Possession, distribution pornography and possession, distribution of child pornography). 18 U.S.C. § 2252A- certain activities relating to material constituting or containing pornography, child pornography. Federal law prohibits the production, distribution, reception, and possession of an image of child pornography using or affecting any means or facility of interstate or foreign commerce (See 18 U.S.C. § 2251; 18 U.S.C. § 2252; 18 U.S.C. § 2252A). Specifically, Section 2251 makes it illegal to persuade, induce, entice, or coerce a minor to engage in sexually explicit conduct for purposes of producing visual depictions of that conduct. Any individual who attempts or conspires to commit a child pornography offence is also subject to prosecution under Federal law. Any violation of federal pornography or child pornography law is a serious crime, and convicted offenders face severe statutory penalties. 18 U.S.C. § 2251, face fines and a statutory minimum of 15 years to 30 years maximum in prison.
Criminal Copyright Infringement-17 U.S.C. § 506(a) and 18 U.S.C. § 2319. The unauthorised reproduction or distribution of this copyrighted work is illegal. Criminal copyright infringement, including infringement without monetary gain, is investigated by the FBI and is punishable by up to 5 years in federal prison and a fine of $250,000.
Once we receive your payment and our operators check it for authenticity, your computer will be completely unlocked and decryption software developed by our firm will be provided. You will be able to resume your normal day to day operations without any interruption.
Take better care of your computer in the future. Don't forget to update your web browser using Windows Updating Center.
- What is SPAMHAUS?
- STEP 1. "SPAMHAUS" virus removal using safe mode with networking.
- STEP 2. "SPAMHAUS" ransomware removal using System Restore.
Spamhaus virus "Computer Blocked" removal:
Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Log in to the account infected with the Spamhaus "Computer Blocked" MoneyPak virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.
Note that this ransomware virus is capable of encrypting doc, pdf, jpg, rar, zip, and other files stored on an infected PC. To decrypt your files use these tools:
If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.
Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.
3. Next, type this line: rstrui.exe and press ENTER.
4. In the opened window click "Next".
5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware infiltrating your PC).
6. In the opened window click "Yes".
7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the Spamhaus "Computer Blocked" MoneyPak virus.
To decrypt your files use these tools:
If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode making removal complicated. For this step, you require access to another computer. After removing the Spamhaus "Computer Blocked" MoneyPak virus from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.
Other tools known to remove the Spamhaus "Computer Blocked" MoneyPak virus: