The Kaspersky WindowsUnlocker utility to fight ransom malware

May 11, 2012 - How to disinfect... Kaspersky Virus Scanner for Mac. Kaspersky Virus Removal Tool 2011. Kaspersky Virus Removal Tool 2010. Virus-fighting ...
Télécharger le PDF
594KB taille 4 téléchargements 178 vues
commentaire
Report
The Kaspersky WindowsUnlocker utility to fight ransom malware

1 of 8

http://support.kaspersky.com/viruses/solutions?qid=208285998

Read the same in:

Home / Fighting malicious programs / Viruses and solutions

Home products

Search :

1-5 computers

Search tips

Article ID # :

Small Office Security 5-10 computers

Business products Workstations & Servers protection

The Kaspersky WindowsUnlocker utility to fight ransom malware

Fighting malicious programs How to disinfect...

Kaspersky Virus Scanner for Mac Kaspersky Virus Removal Tool 2011 Kaspersky Virus Removal Tool 2010

This section explains how to neutralize complicated malware, i.e. when user participation is required to modify the system registry or execute a special utility, for example. If you have not found the requested information in this section please submit a request to the Kaspersky Lab Technical support.

Virus-fighting utilities Viruses and solutions

The Kaspersky WindowsUnlocker utility to fight ransom malware

Common information Rogue security software Kaspersky Rescue Disk 10 Remove banner from Desktop, unlock Windows Training and Certification Take an educational course and become a certified security specialist

Self Service More help online

ID Article: 8005

Other languages:

1 699

2012 Apr 26 12:55

Printable version

If when working with the computer a banner (ad's module) appears on the screen and requests sending sms to a specified phone number, it means that your computer is infected with ransom malware. Such malware are created to block access to a computer or restrict access to some functions and request a ransom to restore computer functionality. In order to fight ransom malware Kaspersky Lab specialists designed a special utility Kaspersky WindowsUnlocker. The utility can be launched when your computer is started from Kaspersky Rescue Disk 10 and allows working in graphic and text modes of Kaspersky Rescue Disk. In the article you can find detailed description on how to work with the Kaspersky WindowsUnlocker utility:

Support Services and Contacts Information about support services and rules

You are welcome to subscribe to "New articles in Knowledge Base" mailing list.

1. 2. 3. 4. 5. 6.

Functions of Kaspersky WindowsUnlocker How to start computer from disk with the utility How to launch Kaspersky WindowsUnlocker and disinfect computer How to scan computer using Kaspersky Rescue Disk Reports of Kaspersky Windows Unlocker If Kaspersky WindowsUnlocker won't help

1. Functions of Kaspersky WindowsUnlocker The Kaspersky WindowsUnlocker utility is designed to disinfect registries of all operating systems installed on the computer (including operating systems installed on different partitions or in different folders on one partition) and disinfect user registry trees. Kaspersky WindowsUnlocker does not perform any actions with files (in order to disinfect files you can use Kaspersky Rescue Disk).

Virus Activity

Top of page

virus activity is normal

2. How to start computer from disk with Kaspersky WindowsUnlocker Kaspersky Rescue Disk recording to CD/DVD or USB removable device should be performed on not infected computer connected to the Internet.

1. Download the disk with Kaspersky WindowsUnlocker Download kav_rescue_10.iso (~236 MB) from the Kaspersky Lab server. 2. Record the image to a CD/DVD or removable device 2.1 How to record the image to a CD/DVD You can record the iso image to a CD/DVD using any record program (for example, Nero Burning ROM, ISO Recorder, DeepBurner, Roxio Creator etc.).

2.2 How to record the image to a removable USB device In order to record the image to a removable USB device, perform the following actions: 1. Connect your removable USB device to the computer. In order to successfully record the image to a removable USB device, space capacity of it must be not less than 256 MB. The connected USB device must have FAT16 or FAT32 file system. If NTFS file system is installed on the device, you are required to format it in FAT16 or FAT32. Do not use an USB device with other operating systems installed on it. It may cause incorrect booting your computer. 2. Download the utility to record the image to USB devices from the Kaspersky Lab server (~378 KB). 3. Run the downloaded file rescue2usb.exe. 4. On the Kaspersky USB Rescue Disk Maker window, click Browse... and select the iso image of Kaspersky Rescue Disk

11/05/2012 12:28

The Kaspersky WindowsUnlocker utility to fight ransom malware

2 of 8

http://support.kaspersky.com/viruses/solutions?qid=208285998

5. Select the required USB device from the drop-down menu. 6. Click START. 7. Wait until the process is complete.

8. Click OK on the open window informing that Kaspersky USB Rescue Disk has been successfully created.

3. Configure the computer In order to boot the BIOS menu, use the keys Delete or F2. The keys F1, F10, F11, F12, as well as the following combinations may be used for some motherboards: Ctrl+Esc Ctrl+Ins Ctrl+Alt Ctrl+Alt+Esc Ctrl+Alt+Enter Ctrl+Alt+Del Ctrl+Alt+Ins Ctrl+Alt+S Information how to open the BIOS menu is displayed at the start of the OS boot:

11/05/2012 12:28

The Kaspersky WindowsUnlocker utility to fight ransom malware

3 of 8

http://support.kaspersky.com/viruses/solutions?qid=208285998

1. Enable booting from CD/DVD ROM or a removable device in BIOS settings (for more details refer to the documentation for the motherboard installed on your computer): If you recorded the image to a CD/DVD, select CD-ROM Drive If you recorded the image to a removable USB device, select Removable Devices

2. Insert the disk into the CD/DVD ROM drive or connect the removable USB device. 4. Boot your computer from Kaspersky Rescue Disk 10 1. Restart your computer. After reboot, a message will appear on the screen: Press any key to enter the menu.

2. Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.

3. In the start up wizard window that opens, select the graphic interface language using the cursor moving keys. Click the ENTER key on the keyboard.

11/05/2012 12:28

The Kaspersky WindowsUnlocker utility to fight ransom malware

4 of 8

http://support.kaspersky.com/viruses/solutions?qid=208285998

4. Select one of the following start up methods: Kaspersky Rescue Disk. Graphic Mode loads the graphic subsystem. Kaspersky Rescue Disk. Text Mode loads the text user interface represented by the Midnight Commander (MC) console file manager. 5. Press the ENTER key on the keyboard.

6. The End User License Agreement of Kaspersky Rescue Disk 10 will be displayed on the screen. Read carefully the agreement. If you agree with all the statements of the agreement press the 1 to accept the agreement, press 2 to reboot and 3 to shut down the computer. Once you performed the actions described above, the Linux operating system is started. It scans connected devices and detects operating systems installed on the computer. Once the operating system is booted, you can start working with it. If the host operating system is in sleep mode or its operation has been completed incorrectly, you will be informed about it. In order to shut down the operating system correctly, select Restart computer. If you select Continue Kaspersky Rescue Disk will continue mounting the file system, but there is a fairly high risk of file system damage.

If you select Skip Kaspersky Rescue Disk will skip file system mounting. Only boot sectors and autorun elements will be scanned. In this case the file system can also be damaged. Top of page

3. How to launch Kaspersky WindowsUnlocker and disinfect the registry In order to disinfect the registry using Kaspersky WindowsUnlocker, perform the following actions: If you booted Kaspersky Rescue Disk in the graphic mode, click the button К ; in the bottom right corner of the screen and in the menu select Terminal. In the command prompt enter the command windowsunlocker and press Enter on the keyboard.

11/05/2012 12:28

The Kaspersky WindowsUnlocker utility to fight ransom malware

5 of 8

http://support.kaspersky.com/viruses/solutions?qid=208285998

If you booted Kaspersky Rescue Disk in the text mode, press F10 to close the menu. At the bottom of Midnight Commander in the command prompt enter windowsunlocker and press Enter on the keyboard.

11/05/2012 12:28

The Kaspersky WindowsUnlocker utility to fight ransom malware

6 of 8

http://support.kaspersky.com/viruses/solutions?qid=208285998

After the utility start the menu with the commands will appear in the Terminal window (to select a command, press the corresponding key and then press Enter on the keyboard):

1 – Unblock Windows (the utility will clean the registry and will display results in the window). Kaspersky Lab experts strongly recommend performing this action.

2 – Save boot sector copies (the utility will copy boot sectors into the Quarantine folder. The path to the created files (/var/kl/WUnlocker.1.2.0.0_%dd.mm.yy_hh.mm.ss_quarantine/ will be displayed on the

11/05/2012 12:28

The Kaspersky WindowsUnlocker utility to fight ransom malware

7 of 8

http://support.kaspersky.com/viruses/solutions?qid=208285998

screen).

0 - Exit. Top of page

4. How to scan computer using Kaspersky Rescue Disk Having cleared the registry, you need to remove the remains of the ransom-blocker from your computer. For this, run full computer scan using Kaspersky Rescue Disk. Top of page

5. Reports of Kaspersky WindowsUnlocker The report (log file) of the utility can be requested by Kaspersky Lab specialists to analyze your request to Kaspersky Lab Technical Support. You can create a request via the My Kaspersky Account service. In order to view the utility report, perform the following actions: 1. On the desktop double-click File Manager to open it (if you work in the text mode, close User Menu, by pressing F10).

2. In the File Manager menu (in the text mode - Midnight Commander) find the folder /var/kl (or /var/tmp in case the first folder is not accessable) and open it. 3. The folder containing the text file with the name WUnlocker.1.0.1.0_%dd.mm.yy_hh.mm.ss_log%.txt will open. The file contains reports on Kaspersky WindowsUnlocker work.

When you finish work with the Kaspersky WindowsUnlocker utility, restart your computer and in the Boot menu of BIOS parameters select your hard drive. Top of page

6. If Kaspersky WindowsUnlocker won’t help If you have any questions concerning the usage of the utility or cannot perform any steps from the instruction, visit Kaspersky Lab official forum.

11/05/2012 12:28

The Kaspersky WindowsUnlocker utility to fight ransom malware

8 of 8

http://support.kaspersky.com/viruses/solutions?qid=208285998

Top of page Useful references How to update anti-virus database of Kaspersky Rescue Disk 10?

Did the provided info help you?

Give your detailed feedback.

Copyright © 1997-2012 Kaspersky Lab Site map | Contact us | International Support Service | Send us a suspected virus Login Your Personal Cabinet | Register | FAQ for Personal Cabinet

Stay connected

11/05/2012 12:28