Spamhaus virus "You have 48 hours left to enter your payment" removal guide
Spamhaus message "You have lost control over your computer. Your system and all your files has been blocked and encrypted because you were spreading the Malware (viruses, Trojans, worms). You are breaking numerous International and USA laws" is a scam. This message is a ransomware virus which is created by Cyber criminals to scare unsuspecting PC users into paying a non existent fine of 300$ for supposedly made law violations. This deceptive message claims that PC user has to pay a fine for watching child pornography, using unlicensed software or having pirated audio and video files. Computer users should know that none of authorities or organizations (including Spamhaus) around the world are using such computer's screen blocking messages to collect fines for any law violations.
The name of Spamhaus is being exploited by Cyber criminals to make their deceptive message appear more legitimate and to trick more computer users into paying fake fines using MoneyPak. Such ransomware viruses are not new - Cyber criminals are actively creating and spreading such screen lockers. Some of most actively distributed ransomware viruses exploits the names of FBI Cybercrime Division and The United States Department of Justice. If you see a Spamhaus message asking you to pay a fine of 300$ in order to unblock one's computer you can be sure that your PC is infected with a ransomware virus - ignore this deceptive message and don't pay any fines.
Spamhaus "You have lost control over your computer" ransomware virus is being spread using exploit kits and Trojans which are capable of infiltrating user's computer using found security vulnerabilities. Most common source of exploit kits are infected email messages, malicious websites and drive-by downloads. To protect one's computer from Spamhaus ransomware virus or other infections one should always use legitimate antivirus and anti-spyware program. Remember that keeping your operating system and all of the installed software (Java, Flash etc.) up-to-date can greatly reduce the risk of getting your PC infected with various malware. To remove Spamhaus ransomware virus use the provided removal guide.
Fake message presented in Spamhaus virus "Computer Blocked":
THE SPAMHAUS PROJECT
Working to protect Internet Networks Worldwide
Spamhaus tracks the Internet's spam senders and spam services, provides dependable real-time anti-spam protection for Internet networks, and works with Law Enforcement to identify and pursue spammers worldwide.
GreenDot MoneyPak is very unique payment system in the United States. You will not be required to enter any of your personal information (not even your first or last name) or any information which can compromise you.
Pin number is located on the back of the MoneyPak card. You have to carefully scratch of the protection layer.
You have 48 hours left to enter your payment.
You have lost control over your computer. Your system and all your files has been blocked and encrypted because you were spreading the Malware (viruses, Trojans, worms). You are breaking numerous International and USA laws.
Actions made by your computer backed up under United States law USA Patriot ACT What exactly is The Patriot Act? The Patriot Act is short for The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001. We have the right backed by law: Sec. 20/. Authority to intercept wire, oral, and electronic communications relating to terrorism. Sec. 202. Authority to intercept wire, oral, and electronic communications relating to computer fraud and abuse offences. Sec. 209. Seizure of voice-mail messages pursuant to warrants. Sec. 227. Interception of computer trespasser communications. With the support of the federal Bureau investigation department on cybercrime and the Supreme court of the United States of America. We have the legal right to scan and intercept any information going in and out of your computers.
You IP address (220.127.116.11) was identified and isolated by our organisation in connection with a complaint to the involvement of distributed denial of service (DDaS) attack such organisations: NASDAQ and BATSS stock exchange markets and WIKILEAKS.ORG website. Such attacks caused $15 billions in damage. In order to isolate this infected files we have blocked your access to the outside world and your OP address was listed in our XBL Block List. You can not use the in ferret or any of your programs. You have a chance to settle this issue right now before we contact the proper authorities. Within 48 hours, you can pay afire of $ 300. All your files will be decrypted, and access to the computer will be granted, a claim for compensation from affected from affected companies will be removed and your IP (18.104.22.168) address will be restored to good standings with XBL Block List. If you don't pay a penalty within the next 48 hours, local authorities and secret service will be contacted, and most likely it will result in your arrest. You can and will be prosecuted to the fullest extent of the law in order to recover our lasses. Do not take a chance to be convicted as a felon.
Our Spamhaus agent has conducted a full check of your system and found following violations: • You are a distributor of pornography and porno materials, regularly watch porno sites with child pornography and zoophilia. • You possess unlicensed software and pirated audio and video records.
18 U.S.C. § 2252- Certain activities relating to material involving the sexual exploitation of minors (Possession, distribution pornography and possession, distribution of child pornography). 18 U.S.C. § 2252A- certain activities relating to material constituting or containing pornography, child pornography. Federal law prohibits the production, distribution, reception, and possession of an image of child pornography using or affecting any means or facility of interstate or foreign commerce (See 18 U.S.C. § 2251; 18 U.S.C. § 2252; 18 U.S.C. § 2252A). Specifically, Section 2251 makes it illegal to persuade, induce, entice, or coerce a minor to engage in sexually explicit conduct for purposes of producing visual depictions of that conduct. Any individual who attempts or conspires to commit a child pornography offence is also subject to prosecution under Federal law. Any violation of federal pornography or child pornography law is a serious crime, and convicted offenders face severe statutory penalties. 18 U.S.C. § 2251, face fines and a statutory minimum of 15 years to 30 years maximum in prison.
Criminal Copyright Infringement-17 U.S.C. § 506(a) and 18 U.S.C. § 2319. The unauthorised reproduction or distribution of this copyrighted work is illegal. Criminal copyright infringement, including infringement without monetary gain, is investigated by the FBI and is punishable by up to 5 years in federal prison and a fine of $250,000.
Once we receive your payment and our operators check it for authenticity, your computer will be completely unlocked and decryption software developed by our firm will be provided. You will be able to resume your normal day to day operations without any interruption.
Take better care of your computer in the future. Don't forget to update your web browser using Windows Updating Center.
Spamhaus virus "Computer Blocked" removal:
During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Log in to the account that is infected with Spamhaus "Computer Blocked" MoneyPak virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries that it detects.
Notice that this ransomware virus is capable of encrypting doc, pdf, jpg, rar, zip and other files that were stored on an infected PC. To decrypt your files use these tools:
If you can't start your computer in safe mode with networking, try doing a system restore.
Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":
1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.
2. When command prompt mode loads enter the following line: cd restore and press ENTER.
3. Next type this line: rstrui.exe and press ENTER.
4. In the opened window click "Next".
5. Select one of the available restore point and click "Next" (this will restore your computer's system to an earlier time and date, before the ransomware infiltrated your PC).
6. In the opened window click "Yes".
7. After restoring your computer to a previous date download and scan your PC with a recommended anti-spyware software to eliminate any left remnants of Spamhaus "Computer Blocked" MoneyPak virus.
To decrypt your files use these tools:
If you can't start your computer in safe mode with networking (or with command prompt) you should boot your computer using a rescue disk. Some variants of ransomware disables safe mode making it's removal more complicated. For this step you will need access to another computer. After removing Spamhaus "Computer Blocked" MoneyPak virus from your PC restart your computer and scan it with a legitimate antispyware software to remove any possibly left remnants of this security infection.
Other tools known to remove Spamhaus "Computer Blocked" MoneyPak virus: