Decrypt Protect Virus

Also Known As: Decrypt Protect Ransomware
Type: Ransomware
Damage level: Severe
Distribution: High
Damage Level

Decrypt Protect (MBL Advisory) virus "You have lost control over your computer" removal guide

What is Decrypt Protect?

The Decrypt Protect message blocks users' computer screens demanding payment of a $300 fine (using MoneyPak, Ukash or PaySafeCard) in order to regain access to the computer. This is a scam, a ransomware virus that has no connection with legiimate authorities or organizations. This deceptive message states that computer users are required pay a fine for alleged law violations including distribution of pornographic material, possession of unlicensed software, and possession of video or audio files. This is a scam created by cyber criminals. This fake message exploits the names of MBL Advisory (Malware Block List) and USA Patriot ACT.

PC users should be aware that no genuine international authorities or organizations use computer screen-blocking messages to collect fines for any law violations. Sending money as ordered by the Decrypt Protect message is equivalent to giving your money to cyber criminals. The Decrypt Protect ransomware virus is similar to existing screen-lockers, which use the name of Spamhaus to deceive unsuspecting PC users into paying bogus fines. Note that this ransomware virus causes a malfunction such that computer users observe a white screen after Windows startup. If you see the message, 'DECRYPT PROTECT' on your computer screen, you are dealing with a ransomware virus. Do not trust it or pay any fines.

Decrypt Protect ransowmare virus

The DECRYPT PROTECT ransomware virus, distributed by cyber criminals, uses 'exploit kits' to proliferate their rogue screen lockers. Exploit kits can infect computers using detected security vulnerabilities through malicious websites, infected email messages, drive-by downloads, etc. After infiltration, exploit kits can be used to perform various tasks, and in this case, infected computers are injected with malicious code, which executes a ransomware virus. To reduce the risk of infection by these security threats, always keep your operating system and installed programs up-to-date. Also, use legitimate antivirus and anti-spyware programs. To remove the Decrypt Protect ransomware virus, use the removal guide provided.

A fake message displayed by the Decrypt Protect ransomware virus:

DECRYPT PROTECT
MBL Advisory
You have 48 hours left to enter your payment.
You have lost control over your computer. Your system and all your files has been blocked and encrypted because you were spreading the Malware (viruses, trojans, worms). You are breaking numerous International and USA laws.

Actions made by your computer backed up under United States law USA Patriot ACT What exactly is THE Patriot Act? The Patriot Act is short for the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and obstruct Terrorism Act of 2001. We have the right backed by law: Sec.201. Authority to intercept wire, oral, and electronic communications relating to terrorism. Sec.202. Authority to intercept wire, oral, and electronic communications relating to computer fraud and abuse offences. Sec.209. Seizure of voice-mail messages pursuant to warrants. Sec.2017. Interception of computer trespasser communications. With the support of the federal Bureau investigation department on cybercrime and the Supreme court of the United States of America. We have the legal right to scan and intercept any information going in and out of your computers. Your IP address was identified and isolated by our organisation in connection with a complaint to the involvement of distributed denial of service (DDoS) attack such organisations: NASDAQ and BATSS stock exchange markets and WIKILEAKS.ORG website. Such attacks caused $15 billion in damage. In order to isolate the infected files we have blocked your access to the outside world and your IP address was listed in our MBL (Malware Block List). You can not use the Internet or any of your programs. You have a chance to settle this issue right now before we contact the proper authorities. Within 48 hours you can pay a fine of $300. All your files will be decrypted, and access to the computer will be granted, a claim for compensation from affected companies will be removed and your IP address will be restored to good standings with MBL (Malware Block List). If your don't pay a penalty within next 48 hours, local authorities and service will be contacted, and most likely it will result in your arrest. You can and will be prosecuted to the fullest extent of the law in order to recover our losses. Do not take any chance to be convicted as a felon. Our Decrypt Protect agent has conducted a full check of your system and found following violations: Your are a distributor of pornographic and porno materials, regular watch porno sites with child pornography and zoophillia. You possess unlicensed software and private audio and video records...

Quick menu:

Decrypt Protect virus removal:

Step 1

Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Step 2

Log in to the account infected with Decrypt Protect virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.

remover for Decrypt Protect virus

If you need assistance removing Decrypt Protect Virus, give us a call 24/7:
1-877-484-8393
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. All the products we recommend were carefully tested and approved by our technicians as being one of the most effective solutions for removing this threat.

Note that this ransomware virus is capable of encrypting doc, pdf, jpg, rar, zip, and other files stored on an infected PC. To decrypt your files, use these tools:

Decrypt tool by Fabian Wosar Emsisoft Development Team

Panda Ransomware Decrypt tool

If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window click "Next".

restore system files and settings

5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the Decrypt Protect ransomware infiltrating your PC).

select a restore point

6. In the opened window click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the Decrypt Protect virus.

remover for Decrypt Protect virus

To decrypt your files use these tools:

Decrypt tool by Fabian Wosar Emsisoft Development Team

Panda Ransomware Decrypt tool

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode, making its removal complicated. For this step, you require access to another computer. After removing Decrypt Protect virus from your PC, restart your computer and scan it with legitimate anti-spyware software to remove any possible remnants of this security infection.

Other tools known to remove the Decrypt Protect virus:

Add comment
PCrisk.com is not responsible for the content of the comments.


About the author:

I am passionate about computer security and technology. I have an experience of 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an editor for pcrisk.com since 2010.

Follow me on Google+ to stay informed about the latest online security threats.

Our malware removal guides are free. However, if you want to support us you can send us a donation.