How to unlock your computer if you forgot your password. Ten ways to get rid of ransomware Trojans and unlock Windows How to unlock your PC from a virus

Surely, you have heard, and maybe even found yourself in such a situation when, after downloading a file or visiting a dubious site on the Internet.

The PC suddenly became uncontrollable and a banner appeared requiring you to enter a code in order to unlock the computer, which can be obtained by sending an SMS or topping up the specified phone account with a certain amount.

What to do in this case? Should I submit to extortionists or is there still a chance to somehow unlock my computer without SMS? Let's look at several options for our actions in order not to become a “cash cow” for scammers.

After all, after replenishing their account, they will already know your phone number and will most likely be able to log in to your mobile operator. This means that it will not be difficult for them to withdraw money from your phone. But let’s not despair and first try to cope with the problem ourselves. So how?

Trying to unblock from a banner through the task manager

This is one of the simplest methods. Who knows, maybe the scammers are not so literate and are just bluffing? So, we call the task manager and remove the task performed by our browser. To do this, press the Ctrl+Alt+Del keys simultaneously (of course, we don’t press the plus signs). Then in the window that opens, click “Launch dispatcher”:

This window may have different types, depending on the operating system, but I hope the essence is clear. Next, the task manager appears. This is where we need to remove the task of our browser. Click on the line with the browser and then on the “Cancel task” button:

By the way, this method is applicable both for this and for any other task. To close a frozen program, for example. I must say, it is not always possible to do this on the first try; sometimes the task manager window blinks and disappears again.

In such cases, it happens that pressing again helps Ctrl+Alt+Del both repeatedly and up to 10 times in a row! It probably doesn't make sense anymore. It turned out well. No - let's move on.

Trying to unlock a computer through the registry

Now let's try the next option - more complicated. Place the cursor in the code input field, press Ctrl+Alt+Del and carefully look at the banner.

It, of course, will not necessarily be the same as mine, but the offer to send SMS or top up the number and the line for entering a code or password must be present. If as a result of our actions the cursor disappears, then the keyboard’s attention has switched to the task manager:

Now you can press Tab, and then Enter, and an empty desktop should open in front of you, most likely, even without “Start”. If this happened, now in order to “unblock our prisoner” you need to go to the registry, since viruses are usually registered there.

Click Ctrl+Alt+Del. Then “Launch Task Manager”. In the new window that appears - “File”, then in the drop-down menu “New task (Run...)”:

In the following we enter the command “regedit” and then click “OK”:

The “Run” command can be called even easier if, of course, it works out - by pressing the Win + R buttons on the keyboard. For those who don't know, Win is the key with the Windows picture, usually at the bottom left end of the keyboard.

If everything worked out, we will find ourselves in the registry editor. Here, be very careful and careful. Don't touch anything unnecessary. Because incorrect actions can lead to unpleasant and sometimes unpredictable consequences in the operation of the computer.

So we need to get here: HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon. I will show you two windows so that you can understand where and what to click to implement this idea.

In the first window, find the line that says “HKEY_LOCAL_MACHINE” and click on the triangle to the left of it:

The list below this line will expand. There you need to find the line “SOFTWARE” and also click on the triangle:

Don’t be alarmed, the lists there are very large, don’t forget about the bottom slider - move it to see the inscriptions in full.

When you reach Winlogon in this way, click not on the triangle on the left, but on the word “Winlogon” itself. Then move your gaze to the right panel, where you will need to check the parameters: “Shell” and “Userinit” (If it’s hard to see, click on the picture - it will enlarge):

We look at the Shell parameter - its value is only “explorer.exe”. Userinit" should look like this: "C:\WINDOW\Ssystem32\userinit.exe,".

Please note that there is a comma at the end after “exe”! If there are any other values, then we correct them to the ones indicated above. To do this, just click on “Shell” or “Userinit” with the right mouse button, click “Change”, and write the desired value in the pop-up window.

This, I think, will not cause you any particular difficulties.

Final work and actions in case of failure

In some cases, it happens that these parameters are fine. Then we find the following section: HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows NT / CurrentVersion / Image File Execution Options and expand it. If there is a subsection explorer.exe there, delete it without regret. Well, we did everything to unblock our “prisoner”.

Now you can restart your computer. If the virus is not more insidious, everything should return to its place. If so, then we can laugh at the grief - SMS - extortionists. And of course, after all the work done, be sure to perform a full antivirus scan. And it wouldn’t hurt to go through a cleaner before doing this - like CCleaner.

If nothing helps or you are hesitant to do the steps described above, contact a specialist. But don’t send SMS in any case. You can also familiarize yourself with other methods of unlocking the Trojan Winlock Virus on the VirusStop website or on the Kaspersky website.

That's all. Now you know how to unlock your computer without SMS. But it would be better if you never needed to do this, at least on your computer.

Sometimes a situation arises when the computer is locked and the user is unable to guess the password for the account. This state of affairs is rare, but memory is unpredictable, and the operating system cannot directly tell us (except for a user hint, if one was created in advance).

Naturally, to log into the system you will need to reset or change your account password, since it is impossible to remember! To describe it, let’s take the average case, when actions are not hampered by other reasons, but the standard Windows installation favors a successful outcome.

Unlock the computer

Or just “accounts”, that’s enough, useful thing, but having forgotten or lost the treasured combination, it is impossible to log into the system, both for strangers and for you personally. Well, if no changes were made to the accounts, then restoring the login will take a few minutes.

  • We restart the computer, and after the BIOS picture () press the “F8” key to call the boot menu.
  • Use the navigation keys to move to the “Safe Mode” line and press “Enter”.
  • We are waiting for the operating system to load. To log in, select an “account” under the name “Administrator” (standard profile without a password).
  • Close the help window about Safe Mode and go to the “Control Panel” through the “Start menu” or in a way convenient for you.
  • Open the “User Accounts” section. Go to your personal profile and click “change password”.
  • In the field, enter a new combination of characters and save by pressing the appropriate button (if the input field is left empty, the password will be reset).
  • After manipulating the password, we reboot. Now all that remains is to enter a new password (if one has been set) and log into Windows.

Note! If your profile is the only account, then the above actions will be powerless. But there is always another solution, for example, try, this method was discussed earlier and will require a Windows boot disk.

This will be a great article on how to unlock your computer. In this article there will be three options, one of which will definitely help you unlock windows. 1 Option

The easiest way to cure your computer if it is infected with a “banner virus” is to take the following steps to restore the system to a working state, we will do it like this:

  1. Reboot the computer in Safe Mode with command line support
  2. At the command prompt, enter the command
  3. When you start the window with Windows recovery, select the date on which We want to restore our Windows, click next and wait a while until it restarts the computer and restores it for the period you selected (it is better to choose the recovery date no more than a week ago from the incident)
  4. But this method, being the simplest and most effective, has its drawbacks, for example, if you did not initially have “ System Restore", then when you enter the command c:\WINDOWS\system32\Restore\rstrui You will receive an error:

System Restore is disabled and cannot be started in Safe Mode. To restore the system, restart your computer in normal mode and run System Restore."

Unfortunately this method is not for you But this is not the end of the world, because we are moving on to Option 2

Option 2
This morning they brought a laptop on which, when loading, a window immediately appeared saying that windows was blocked. This trojan winlock not the same as it was before i.e. in which you had to enter a code (it could be obtained on the Kaspersky and drweb websites). But let’s not go into theory, but let’s immediately move on to practice, i.e. to remove this crap.

    1. Initially we have winlock which blocked the computer with the following text:

Microsoft Security detected a violation of Internet usage Reason: You watched a movie containing gay porn. To unlock Windows you need to: top up your Beeline subscriber number 8-963-666-94-10 in the amount of 400 rubles. You can pay through the terminal for paying for cellular communications. After payment, on the issued terminal receipt. You will find your personal unlock code, which you must enter below.

Our next steps are:

  1. restart your computer in Safe Mode with Command Prompt support
  2. when the computer boots up and you see the command line, enter regedit and the registry editor starts for you
  3. We look for the item in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  4. and in it we look for the Shell line and check that we had only one entry there Explorer.exe(i.e. we delete everything Explorer.exe that is there!!!)
  5. Next, we reboot the computer and enjoy the loaded Windows

What problems could there be if this option didn’t work:

  1. If you did everything as I wrote, but nothing happens, then check the item in the same registry branch Userinit should only have one entry: C:\Windows\system32\userinit.exe, (we delete everything that is there)
  2. If it doesn’t work again, then you need to compare the userinit.exe file on the infected computer with the file on the working computer; it happens that another modification of the virus replaced the userinit.exe and Explorer.exe files. You need to check from a computer that has the same operating system (let’s say Windows xp SP3 is on a computer that caught the virus and compare files from a work computer that also runs Windows xp SP3). In order to have you in safe mode with command line support desktop loaded in the console (where you previously entered the regedit command) enter the command explorer, and then we look for the files userinit.exe which is located in the C:\Windows\System32\ directory and compare the files by size and creation date.

— if you still realized that these files were replaced, then I solved this problem like this:

1) these two files could be taken from the C:\Windows\System32\dllcache directory, or if you have a windows disk from which this operating system was installed, then it is located there in the I386 folder (under the name userinit.ex_ or just like there is userinit.exe)

2) replace the files and reboot the system.

I really hope that everything worked out for you by editing the registry and you didn’t have to fiddle with replacing files, it just happens different situations and I immediately decided to describe all the methods.
Option 3

If you caught an SMS banner extorting money “for viewing and reproducing child pornography.” This type of banner is radically different from the one I described in Option 1, although the removal methods are partially similar

The banner text is:

Computer is locked

To remove the blocking, you need to pay a fine of 500 rubles to the Beeline phone number 89037310755. If you pay an amount equal to or exceeding the fine, an unlock code will be printed on the terminal’s fiscal receipt. You need to enter it in the field at the bottom of the window and click the “Unblock” button. After removing the blocking, you must remove all materials containing elements of violence and pedophilia. If the fine is not paid within 12 hours, all data on your personal computer will be permanently deleted, and the case will be sent to court for proceedings under Article 242 Part 1 of the Criminal Code of the Russian Federation. Restarting or shutting down your computer will immediately delete ALL data, including operating system code and BIOS, with no further recovery possible.

Removing this banner as I wrote above using the first option did not work, well, that’s good, because this method is very easy and simple.

Leaders in antivirus products such as dr.web and Kaspersky quickly responded to this situation and provided users with their assistance in removing this modification of the banner virus from their computers.


4 Option

There is a variety of this nasty thing that, after attempting to self-medicate the computer, launches a second virus that overwrites the boot area of ​​the disk and after rebooting you will see the following text on the black screen:

Which Windows installation would you like to log onto(To cancel, press ENTER) and I type 1 (or see the picture below)

Tips for protecting against Trojan.Winlock

How to protect yourself from Trojan.Winlock?!?

To protect against this problem, and against problems in general with the computer, I can give a lot, but the most important ones that need to be observed for maximum computer protection are:

  1. Licensed copy of Windows-It is advisable that you have the operating system installed on your computer without various third-party tweaks and add-ons; it is better to use a licensed copy disk on which there is nothing other than Windows (i.e. those that are sold in stores).
  2. Antivirus— I take antiviruses very seriously and over the years only one brand has been recommended for me, this is Kaspersky. Yes, it sometimes slows down the computer, but it also makes up for its disadvantages with interest!
  3. Do not download programs from unknown sites - cracks, activations, audio books, games and other garbage, people without bothering start looking for them simply by typing a request into Yandex or Google and clicking on all the buttons where it says "download". My advice and I have already taught myself and everyone else too, if you want to download something, then use torrents, I use rutracker or nnm-club, there you can be at least half confident that the software there is proven.

Well, lastly, I will say that 90% of computer errors are located 50 cm from the monitor. Be vigilant and careful and you will never have problems. Good luck to everyone and write your questions if you can’t unlock windows, we’ll figure it out together.

There are no similar entries.

A login password will help protect your computer from unauthorized access.

But it also happens that the computer user himself forgets his Windows password.

What to do? Is it really possible to forget about your computer with all its data and go to the store for a new one?

There is no need to panic right away - there is a way out of the situation!

So, first restart your computer.

This is an option for Windows OS and XP Home.

Before Windows initializes, quickly press the key F8. Now, instead of the username, enter “administrator” (you can also use Latin letters). This account is not password protected by default, so leave the Password field blank. Just immediately click on “Ok”. You will see a message that Windows is running in safe mode. You have to agree with this.

Of course, you need to select the icon of the account you want to log into. A dialog box will appear asking you to change your password. All that remains is to take advantage of the offered chances. Then restart your computer. Try not to forget your password again!

If you have Vista or XP Professional, you need to act a little differently.

First, log in as “Administrator”, as in the first option. With the standard Windows greeting, press simultaneously Ctrl +Alt+Del.

You can recover your password with Administrator rights. You can log in using a restricted account, if you have one on your computer.

Click on “Start”, then “Run”. Type control userpasswords2 in the “Open” line, then press “Enter” and “Ok”. You will see the window “ Accounts users." Go to the “Users” tab, select the desired username from the list, then everything is simple: “Change password.”

For Mac OS, recover your password as follows: using Mac drive OS X

Insert it into the DVD rom, restart your computer, press and hold "WITH" with a gray screen. Now select your language, open the top menu, click on “Password Reset”. Select the icon in the pop-up window hard drive, open the drop-down menu, and then select the name of the desired user. All you have to do is enter a new password and then restart the computer.

As you can see, don’t worry if you forgot your Windows password – you can change it to a new one! But it’s better to try not to forget it.

Hello my readers! It is unlikely that the average user of the Windows operating system can be surprised by the extortion of money using the malicious Winlock Trojans, better known among the people as the “Windows blocker”.

And it’s not surprising, because every second inexperienced user, having ignored the importance of the security of their computer, automatically sent themselves to the white list of scammers who, as practice shows, quite cleverly “cheat” frightened and confused newcomers who don’t know how to react to such a situation.

Therefore, answering the questions: how to avoid becoming a victim of deception? and what to do if windows is locked? I suggest you carefully study the material presented below, which guarantees getting rid of the problem with a few clicks of the mouse.

Where it all begins

One evening, as usual, browsing various sites on the Internet, reading the news feed, your computer may freeze. And a terrifying banner may appear in the center of the screen, which obscures almost the entire desktop and asks you to send an SMS (which, obviously, is not free) or asks you to top up your account to the mobile number specified in the request. Otherwise, all materials from the computer will be automatically destroyed.

I'll give you some practical advice What to do if Windows is locked and asks for a code. I'll bring you best options unlocking the system.

Without unnecessary movements

Fortunately, for some Trojans you can actually find an unlock code, which, although rare, completely destroys the virus from the system.

You can select the required code using well-known anti-virus databases (more specifically, in a couple of minutes you can find key data on their main pages).

Windows unlocking service is available from the company:

  • "Doctor Web"
  • « Kaspersky Lab»

You can open the required page if your system is locked from any other PC, tablet or phone.

Important ! Having unblocked access to the system, do not rejoice prematurely. The next step is to scan the disk using any antivirus program.

System Restore

Before moving on to complex and cunning methods of special software, I suggest trying to eradicate the problem using the means at hand, or rather, calling the task manager in the way you are familiar with (usually Ctrl+alt+Del).

Did it work? Then congratulations, you are dealing with an ordinary and simple Trojan that can be removed easily and quickly.

  • We find a suspicious foreign process in the list of processes.
  • We forcefully terminate it.

An example of what your virus might look like.

Often, a third-party process has a vague name and is displayed without a description. Identify those in the list and forcefully terminate them. I advise you to do this slowly and one at a time until the banner disappears.

If a miracle does not happen and the task manager is not called, then I suggest moving on to the stage of using a third-party process manager Explorer.exe, which can be downloaded from the link. The program can be launched using the “Run” command (press Win+R).

The explorer.exe directive makes it very easy to identify a suspicious process.

Military strategy

Another way to deal with a virus is to use some standard programs, including the ordinary notepad or Wordpad.

To do this, you “blindly” (after all, you can’t close or hide the banner yet) you will need:

  1. Launch the Run utility (Win+R)
  2. Write “notepad” in it and click on the “Enter” key.
  3. Ideally, a new text file will be launched under the banner window, in which you will type any text (no matter what) and press the power off button on the system unit.
  4. Next, all processes running in the system will begin to terminate, except for Notepad, which will ask you to “save” or “close without saving” the document (which we, of course, leave unchanged for now).
  5. After deactivating the virus, as in the previous method, find the location of the Trojan and destroy it.

More advanced way

For hacker viruses, “unrealistically complex” Trojans, the method of counteracting the task manager or other system components will not help.

Therefore, it’s time to move on to heavy artillery, or rather to safe mode.

Step by step instructions:

  1. We restart the computer, and while the operating system is loading, hold down the F8 key (sometimes the button is different, it depends on your PC).
  2. In the new window (which requires you to select a boot method), select “Safe Mode + Command Prompt”.
  3. After loading, enter regedit in the command line, press enter and launch the registry editor.
  4. We analyze the registry editor of running applications on a PC.
    Most likely you will see the full path to the Trojan files located in the Shell key and in the Userinit branch. In Shell, the virus is listed instead of explorer.exe, and in “userinit” it is listed after the comma.
  5. Copy full name virus to the clipboard.
  6. We write “del” in the command line, press the space bar and use the right mouse button to call up the context menu.
  7. In the menu window, select the "Insert" command and press Enter.

Voila, the first Trojan file has been successfully destroyed. We carry out a similar operation with the second and subsequent ones (if any).

Well, that's all, the basics current methods I prescribed restoration of access to data. If all of the steps described above are difficult for you due to ignorance and fear of making it even worse, I recommend that you take the training course “ computer genius" It will help you gain courage and understand the basics of PC ownership.

I hope that now I can be calm for you and for the safety of your information. Be sure to share this useful information with friends on social media networks, they will probably also find this material useful. Don't forget to subscribe to blog updates and install a reliable antivirus! See you again!

Sincerely! Abdullin Ruslan