SPAMHAUS Virus

Also Known As: SPAMHAUS Ransomware
Type: Ransomware
Damage level: Severe
Distribution: High
Damage Level

Spamhaus virus "You have 48 hours left to enter your payment" removal guide

What is SPAMHAUS?

The Spamhaus message reports the following: "You have lost control over your computer. Your system and all your files have been blocked and encrypted because you were spreading the Malware (viruses, Trojans, worms). You are breaking numerous International and USA laws". This is a scam, a ransomware virus created by cyber criminals with the purpose to scare unsuspecting PC users into paying a bogus $300 fine for alleged law violations. This deceptive message demands that PC users pay a fine for watching child pornography, using unlicensed software, or being in possession of pirated audio and video files. Computer users should be aware that no international authorities or organizations (including Spamhaus) use screen-blocking messages such as this to collect fines for any law violations.

The name, 'Spamhaus', is exploited by cyber criminals in order to make their deceptive message appear authentic and to trick users into paying bogus fines using MoneyPak. These ransomware viruses are not new - cyber criminals actively create and distribute these screen lockers on a daily basis. Some of the most actively distributed ransomware viruses exploit the names of the FBI Cybercrime Division and The United States Department of Justice. If you observe a Spamhaus message demanding payment of a fine in order to unblock your computer, your PC is infected with a ransomware virus. Ignore this deceptive message and do not pay any fines.

Spamhaus computer blocked MoneyPak ransomware virus

The Spamhaus "You have lost control over your computer" ransomware virus is proliferated using exploit kits and Trojans capable of infiltrating users' computers via any security vulnerabilities detected. Common sources of exploit kits are infected email messages, malicious websites, and drive-by downloads. To protect your computer from the Spamhaus ransomware virus or other infections, always use legitimate antivirus and anti-spyware programs. Keeping your operating system and installed software (Java, Flash, etc.) up-to-date greatly reduces the risk of your PC being infected with malware. To remove the Spamhaus ransomware virus, use the removal guide provided.

A fake message displayed by the Spamhaus "Computer Blocked" virus:

SPAMHAUS
THE SPAMHAUS PROJECT
Working to protect Internet Networks Worldwide
Spamhaus tracks the Internet's spam senders and spam services, provides dependable real-time anti-spam protection for Internet networks, and works with Law Enforcement to identify and pursue spammers worldwide.
XBL Advisory
MoneyPak
GreenDot MoneyPak is very unique payment system in the United States. You will not be required to enter any of your personal information (not even your first or last name) or any information which can compromise you.
Pin number is located on the back of the MoneyPak card. You have to carefully scratch of the protection layer.
You have 48 hours left to enter your payment.
You have lost control over your computer. Your system and all your files has been blocked and encrypted because you were spreading the Malware (viruses, Trojans, worms). You are breaking numerous International and USA laws.
Actions made by your computer backed up under United States law USA Patriot ACT What exactly is The Patriot Act? The Patriot Act is short for The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001. We have the right backed by law: Sec. 20/. Authority to intercept wire, oral, and electronic communications relating to terrorism. Sec. 202. Authority to intercept wire, oral, and electronic communications relating to computer fraud and abuse offences. Sec. 209. Seizure of voice-mail messages pursuant to warrants. Sec. 227. Interception of computer trespasser communications. With the support of the federal Bureau investigation department on cybercrime and the Supreme court of the United States of America. We have the legal right to scan and intercept any information going in and out of your computers.
You IP address (82.123.97.193) was identified and isolated by our organisation in connection with a complaint to the involvement of distributed denial of service (DDaS) attack such organisations: NASDAQ and BATSS stock exchange markets and WIKILEAKS.ORG website. Such attacks caused $15 billions in damage. In order to isolate this infected files we have blocked your access to the outside world and your OP address was listed in our XBL Block List. You can not use the in ferret or any of your programs. You have a chance to settle this issue right now before we contact the proper authorities. Within 48 hours, you can pay afire of $ 300. All your files will be decrypted, and access to the computer will be granted, a claim for compensation from affected from affected companies will be removed and your IP (82.123.97.193) address will be restored to good standings with XBL Block List. If you don't pay a penalty within the next 48 hours, local authorities and secret service will be contacted, and most likely it will result in your arrest. You can and will be prosecuted to the fullest extent of the law in order to recover our lasses. Do not take a chance to be convicted as a felon.
Our Spamhaus agent has conducted a full check of your system and found following violations: • You are a distributor of pornography and porno materials, regularly watch porno sites with child pornography and zoophilia. • You possess unlicensed software and pirated audio and video records.

18 U.S.C. § 2252- Certain activities relating to material involving the sexual exploitation of minors (Possession, distribution pornography and possession, distribution of child pornography). 18 U.S.C. § 2252A- certain activities relating to material constituting or containing pornography, child pornography. Federal law prohibits the production, distribution, reception, and possession of an image of child pornography using or affecting any means or facility of interstate or foreign commerce (See 18 U.S.C. § 2251; 18 U.S.C. § 2252; 18 U.S.C. § 2252A). Specifically, Section 2251 makes it illegal to persuade, induce, entice, or coerce a minor to engage in sexually explicit conduct for purposes of producing visual depictions of that conduct. Any individual who attempts or conspires to commit a child pornography offence is also subject to prosecution under Federal law. Any violation of federal pornography or child pornography law is a serious crime, and convicted offenders face severe statutory penalties. 18 U.S.C. § 2251, face fines and a statutory minimum of 15 years to 30 years maximum in prison.
Criminal Copyright Infringement-17 U.S.C. § 506(a) and 18 U.S.C. § 2319. The unauthorised reproduction or distribution of this copyrighted work is illegal. Criminal copyright infringement, including infringement without monetary gain, is investigated by the FBI and is punishable by up to 5 years in federal prison and a fine of $250,000.
Once we receive your payment and our operators check it for authenticity, your computer will be completely unlocked and decryption software developed by our firm will be provided. You will be able to resume your normal day to day operations without any interruption.
Take better care of your computer in the future. Don't forget to update your web browser using Windows Updating Center.

Quick menu:

Spamhaus virus "Computer Blocked" removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Step 2

Log in to the account infected with the Spamhaus "Computer Blocked" MoneyPak virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.

remover for Spamhaus virus "Computer Blocked"

If you need assistance removing SPAMHAUS Virus, give us a call 24/7:
1-877-484-8393
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.

Note that this ransomware virus is capable of encrypting doc, pdf, jpg, rar, zip, and other files stored on an infected PC. To decrypt your files use these tools:

Decrypt tool by Fabian Wosar Emsisoft Development Team

Panda Ransomware Decrypt tool

If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window click "Next".

restore system files and settings

5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the ransomware infiltrating your PC).

select a restore point

6. In the opened window click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the Spamhaus "Computer Blocked" MoneyPak virus.

To decrypt your files use these tools:

Decrypt tool by Fabian Wosar Emsisoft Development Team

Panda Ransomware Decrypt tool

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode making removal complicated. For this step, you require access to another computer. After removing the Spamhaus "Computer Blocked" MoneyPak virus from your PC, restart your computer and scan it with legitimate antispyware software to remove any possible remnants of this security infection.

Other tools known to remove the Spamhaus "Computer Blocked" MoneyPak virus:

About the author:

I am passionate about computer security and technology. I have an experience of 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an editor for pcrisk.com since 2010.

Follow me on Google+ to stay informed about the latest online security threats.

Our malware removal guides are free. However, if you want to support us you can send us a donation.