Decrypt Protect Virus
Written by Tomas Meskauskas
Damage level: Severe
Decrypt Protect (MBL Advisory) virus "You have lost control over your computer" removal guide
Decrypt Protect message which blocks computer's screen and asks to pay a fine of 300$ (using MoneyPak, Ukash or PaySafeCard) in order to regain access of one's computer is a scam - it's a ransomware virus and it's doesn't have anything to do with real authorities or organizations. This deceptive message which states that computer user have to pay a fine for supposedly made law violations (distribution of pornographic material, possession of unlicensed software, video or audio files) is a scam created by Cyber criminals. This fake message exploits the names of MBL Advisory (Malware Block List) and USA Patriot ACT.
PC users should know that none of real authorities or organizations around the world are using such computer's screen blocking messages to collect fines for any law violations - sending money when asked by Decrypt Protect message would equal to giving away your money to Cyber criminals. By it's origin Decrypt Protect ransomware virus is similar to previously discovered screen locker which used the name of Spamhaus to trick unsuspecting PC users into paying some non existent fines. Notice that in a case of this rasnomware virus malfunction computer users would see white screen after Windows startup. If you see a message "DECRYPT PROTECT" on your computer's screen you can be sure that you are dealing with a ransomware virus - don't trust it and don't pay any fines.
DECRYPT PROTECT ransomware virus is being distributed by Cyber criminals who are using exploit kits to spread their rogue screen lockers. Exploit kits can infect one's computer using found security vulnerabilities thought malicious websites, infected email messages, drive-by downloads etc. After infiltration exploit kits can be used to perform various malicious tasks, in this case infected computer would be injected with a malicious code which executes a ransomware virus. To reduce the risk of getting infected with such security threats one should always keep your operating system and all of the installed programs up-to-date, also don't forget to use legitimate antivirus and anti-spyware programs. To remove Decrypt Protect ransomware virus use the provided removal guide.
Fake message presented in Decrypt Protect ransomware virus:
You have 48 hours left to enter your payment.
You have lost control over your computer. Your system and all your files has been blocked and encrypted because you were spreading the Malware (viruses, trojans, worms). You are breaking numerous International and USA laws.
Actions made by your computer backed up under United States law USA Patriot ACT What exactly is THE Patriot Act? The Patriot Act is short for the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and obstruct Terrorism Act of 2001. We have the right backed by law: Sec.201. Authority to intercept wire, oral, and electronic communications relating to terrorism. Sec.202. Authority to intercept wire, oral, and electronic communications relating to computer fraud and abuse offences. Sec.209. Seizure of voice-mail messages pursuant to warrants. Sec.2017. Interception of computer trespasser communications. With the support of the federal Bureau investigation department on cybercrime and the Supreme court of the United States of America. We have the legal right to scan and intercept any information going in and out of your computers. Your IP address was identified and isolated by our organisation in connection with a complaint to the involvement of distributed denial of service (DDoS) attack such organisations: NASDAQ and BATSS stock exchange markets and WIKILEAKS.ORG website. Such attacks caused $15 billion in damage. In order to isolate the infected files we have blocked your access to the outside world and your IP address was listed in our MBL (Malware Block List). You can not use the Internet or any of your programs. You have a chance to settle this issue right now before we contact the proper authorities. Within 48 hours you can pay a fine of $300. All your files will be decrypted, and access to the computer will be granted, a claim for compensation from affected companies will be removed and your IP address will be restored to good standings with MBL (Malware Block List). If your don't pay a penalty within next 48 hours, local authorities and service will be contacted, and most likely it will result in your arrest. You can and will be prosecuted to the fullest extent of the law in order to recover our losses. Do not take any chance to be convicted as a felon. Our Decrypt Protect agent has conducted a full check of your system and found following violations: Your are a distributor of pornographic and porno materials, regular watch porno sites with child pornography and zoophillia. You possess unlicensed software and private audio and video records...
Decrypt Protect virus removal:
During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with networking from the list and press ENTER.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Log in to the account that is infected with Decrypt Protect virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all the entries that it detects.
Notice that this ransomware virus is capable of encrypting doc, pdf, jpg, rar, zip and other files that were stored on an infected PC. To decrypt your files use these tools:
If you can't start your computer in safe mode with networking, try doing a system restore.
Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":
1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.
2. When command prompt mode loads enter the following line: cd restore and press ENTER.
3. Next type this line: rstrui.exe and press ENTER.
4. In the opened window click "Next".
5. Select one of the available restore point and click "Next" (this will restore your computer's system to an earlier time and date, before the Decrypt Protect ransomware infiltrated your PC).
6. In the opened window click "Yes".
7. After restoring your computer to a previous date download and scan your PC with a recommended malware removal software to eliminate any left remnants of Decrypt Protect virus.
To decrypt your files use these tools:
If you can't start your computer in safe mode with networking (or with command prompt) you should boot your computer using a rescue disk. Some variants of ransomware disables safe mode making it's removal more complicated. For this step you will need access to another computer. After removing Decrypt Protect virus from your PC restart your computer and scan it with a legitimate anti-spyware software to remove any possibly left remnants of this security infection.
Other tools known to remove Decrypt Protect virus: