A week ago, I was surfing the internet, checking this page, playing on the web, etc. I admit that my boyfirned and I were watching porn, but not anything out ofg the normal here. Suddenly, A pop up message appeared on the screen. The message said: "your pc is being blocked due to a violation a national law. Your Pc has been detected to visit pedophilic porn pages, zoophilic pages, and ilegal intenert sites which promote dangerous behavior between the country", since that day, My PC was effectively blocked by this pop up. I was forced to send my PC to rebooting from zero. I never visited such sites and when this happened I was mindlessly wandering the net. I would be eternally thankful if anyone could giveme some insight on what the hell happened to my PC. Was it hacked or something?

As a side note, the IP adress was located in another city than where I live. Thanks for reading guys, I`ll apreciate anything that you could tell me.

impotentus (imported) wrote: Tue May 07, 2013 12:36 pm A week ago, I was surfing the internet, checking this page, playing on the web, etc. I admit that my boyfirned and I were watching porn, but not anything out ofg the normal here. Suddenly, A pop up message appeared on the screen. The message said: "your pc is being blocked due to a violation a national law. Your Pc has been detected to visit pedophilic porn pages, zoophilic pages, and ilegal intenert sites which promote dangerous behavior between the country", since that day, My PC was effectively blocked by this pop up. I was forced to send my PC to rebooting from zero. I never visited such sites and when this happened I was mindlessly wandering the net. I would be eternally thankful if anyone could giveme some insight on what the hell happened to my PC. Was it hacked or something?

As a side note, the IP adress was located in another city than where I live. Thanks for reading guys, I`ll apreciate anything that you could tell me.

You caught a variation of "winlocker" trojan. This popup can be removed relatively easily. It takes about 1h work time, you need to have something to edit windows registry without booting into windows, like Windows PE disk or something.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon path in registry should be equal to Explorer.exe

fhunter wrote: Tue May 07, 2013 2:26 pm You caught a variation of "winlocker" trojan. This popup can be removed relatively easily. It takes about 1h work time, you need to have something to edit windows registry without booting into windows, like Windows PE disk or something.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon path in registry should be equal to Explorer.exe

See: http://www.im-infected.com/ransomware/winlocker.html . It worked on a friends computer. Major pain in the ...

Transward

transward (imported) wrote: Tue May 07, 2013 3:11 pm See: http://www.im-infected.com/ransomware/winlocker.html . It worked on a friends computer. Major pain in the ...

Transward

Ah, thanks. I found similar instructions in Russian, but haven't found them in English.

You can also;

A) Take it to your local Best Buy or other computer repair place and they can fix it for you.

Probably around $200.

B) Look up Norton or one of the other protection sites and they will refer you to

a shop in India that can fix it by remote control.

C) Get a program like MalwareBytes that will help you fix it yourself.

A co-worker got this on his home computer. I dropped the computer into safemode and removed a rogue program called build.exe from the startup then deleted the file.

That Kapersky's rescue disk is one fine tool. Checks the mbr. Usually use a cd as using a usb doesn't always load correctly. Remember to update the virus definitions before you start the scan.

Ironically, different variants of WinLocker ask for $200 or even $300 to "unlock" your computer (which doesn't get unlocked, of course). I've caught it twice (same website with the same rogue ad both times... you'd think I would've learned my lesson the FIRST time, but nooo...) There are some people who get scared enough by the official-looking government logo (in my case, the FBI) that they actually fall for the cash scam. Of course, *I* didn't fall for it... if the FBI *really* wanted to get their hands on whatever's on my computer, they'd send someone in a nicely-pressed suit to knock on my door, not try to scam me into buying a $300 gift card.

The thing that's saved my arse repeatedly is that the people who write these trojans assume you only have one operating system on the computer (a logical assumption for the majority of users), and even if they DID know, infecting two (or more) operating systems at the same time would be all but impossible. I have two hard drives in my computer; one dedicated to Windows XP, and one dedicated to Windows 7. When one gets infected, I just log into the other OS. From there I can edit the registry of the infected OS, delete infected files, download antivirus programs that the trojan doesn't want me to download, etc.

All the above seems right, though I spend most time with Linux systems. I have had good luck with Spybot http://www.safer-networking.org/ a free solution to such nasties. They are always up-to date, international and offer a browser immunizer to prevent trouble in the first place. for non-business users, it's free. Unless you want to enjoy regedit and the like, this is probably a good way to go. downside is that their library of checks is enormous, and takes a little time to execute. My wife insists on browsing with Windows, often internationally, and this Spybot has been our friend for many years now.