Decrypt Protect Virus
Written by Tomas Meskauskas
Damage level: Severe
Decrypt Protect (MBL Advisory) virus "You have lost control over your computer" removal guide
The Decrypt Protect message blocks users' computer screens demanding payment of a $300 fine (using MoneyPak, Ukash or PaySafeCard) in order to regain access to the computer. This is a scam, a ransomware virus that has no connection with legiimate authorities or organizations. This deceptive message states that computer users are required pay a fine for alleged law violations including distribution of pornographic material, possession of unlicensed software, and possession of video or audio files. This is a scam created by cyber criminals. This fake message exploits the names of MBL Advisory (Malware Block List) and USA Patriot ACT.
PC users should be aware that no genuine international authorities or organizations use computer screen-blocking messages to collect fines for any law violations. Sending money as ordered by the Decrypt Protect message is equivalent to giving your money to cyber criminals. The Decrypt Protect ransomware virus is similar to existing screen-lockers, which use the name of Spamhaus to deceive unsuspecting PC users into paying bogus fines. Note that this ransomware virus causes a malfunction such that computer users observe a white screen after Windows startup. If you see the message, 'DECRYPT PROTECT' on your computer screen, you are dealing with a ransomware virus. Do not trust it or pay any fines.
The DECRYPT PROTECT ransomware virus, distributed by cyber criminals, uses 'exploit kits' to proliferate their rogue screen lockers. Exploit kits can infect computers using detected security vulnerabilities through malicious websites, infected email messages, drive-by downloads, etc. After infiltration, exploit kits can be used to perform various tasks, and in this case, infected computers are injected with malicious code, which executes a ransomware virus. To reduce the risk of infection by these security threats, always keep your operating system and installed programs up-to-date. Also, use legitimate antivirus and anti-spyware programs. To remove the Decrypt Protect ransomware virus, use the removal guide provided.
A fake message displayed by the Decrypt Protect ransomware virus:
You have 48 hours left to enter your payment.
You have lost control over your computer. Your system and all your files has been blocked and encrypted because you were spreading the Malware (viruses, trojans, worms). You are breaking numerous International and USA laws.
Actions made by your computer backed up under United States law USA Patriot ACT What exactly is THE Patriot Act? The Patriot Act is short for the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and obstruct Terrorism Act of 2001. We have the right backed by law: Sec.201. Authority to intercept wire, oral, and electronic communications relating to terrorism. Sec.202. Authority to intercept wire, oral, and electronic communications relating to computer fraud and abuse offences. Sec.209. Seizure of voice-mail messages pursuant to warrants. Sec.2017. Interception of computer trespasser communications. With the support of the federal Bureau investigation department on cybercrime and the Supreme court of the United States of America. We have the legal right to scan and intercept any information going in and out of your computers. Your IP address was identified and isolated by our organisation in connection with a complaint to the involvement of distributed denial of service (DDoS) attack such organisations: NASDAQ and BATSS stock exchange markets and WIKILEAKS.ORG website. Such attacks caused $15 billion in damage. In order to isolate the infected files we have blocked your access to the outside world and your IP address was listed in our MBL (Malware Block List). You can not use the Internet or any of your programs. You have a chance to settle this issue right now before we contact the proper authorities. Within 48 hours you can pay a fine of $300. All your files will be decrypted, and access to the computer will be granted, a claim for compensation from affected companies will be removed and your IP address will be restored to good standings with MBL (Malware Block List). If your don't pay a penalty within next 48 hours, local authorities and service will be contacted, and most likely it will result in your arrest. You can and will be prosecuted to the fullest extent of the law in order to recover our losses. Do not take any chance to be convicted as a felon. Our Decrypt Protect agent has conducted a full check of your system and found following violations: Your are a distributor of pornographic and porno materials, regular watch porno sites with child pornography and zoophillia. You possess unlicensed software and private audio and video records...
Decrypt Protect virus removal:
Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Log in to the account infected with Decrypt Protect virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.
Note that this ransomware virus is capable of encrypting doc, pdf, jpg, rar, zip, and other files stored on an infected PC. To decrypt your files, use these tools:
If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.
Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.
3. Next, type this line: rstrui.exe and press ENTER.
4. In the opened window click "Next".
5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the Decrypt Protect ransomware infiltrating your PC).
6. In the opened window click "Yes".
7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the Decrypt Protect virus.
To decrypt your files use these tools:
If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode, making its removal complicated. For this step, you require access to another computer. After removing Decrypt Protect virus from your PC, restart your computer and scan it with legitimate anti-spyware software to remove any possible remnants of this security infection.
Other tools known to remove the Decrypt Protect virus: