Ministère de L’intérieur ransomware (virus). How to unlock your computer

1 Star2 Stars3 Stars4 Stars5 Stars (23 votes, average: 5.00 out of 5)
Loading...

The multitude of computers in France today are being massively attacked by a new ransomware virus program that presents itself as the message coming from Ministère de L’intérieur (the French Ministry of Internal Affairs). This warning gives a scary message with the primary meaning saying this: “Votre ordinateur est bloqué”. In French this means “your computer has been locked”. This is true, of course. The system is utterly blocked, however, the wrong statement is that it is blocked by Ministère de L’intérieur. This is not so. The computer is blocked by a serious virus infection that is classified by us and many other security blogs as ransomware.

Ministère de L’intérieur virus screenshot

Ministère de L’intérieur scam

Text of Ministère de L’intérieur virus scary warning:

Ministère de L’intérieur
Votre ordinateur est bloqué
Vous êtes le violateur, et vos actions sont illégales et entraînent la responsabilité criminelle.
Le fonctionnement de votre ordinateur était arrêté en raison de la cyberactivité non sanctionnée.
Les violations possibles sont énumérées Ci-dessous:
Article – 174. Droit d’auteur
La privation de liberté de 2 à 5 ans (Utilisation ou diffusion des travaux d’auteur). Amende de 18 000 euro à 23 000 euro.
Article – 183. Pornographie
La privation de liberté de 2 à 3 ans (Utilisation ou diffusion des fichiers pornographiques). Amende de 18 000 euro à 25 000 euro.
Article – 184. Pornographie avec la participation des enfants (âgés moins de 18 ans)
La privation de liberté de 10 à 15 ans (Utilisation ou diffusion des fichiers pornographiques). Amende de 20 000 euro à 40 000 euro.
Article – 104. Assistance au terrorisme
Article – 68. Diffusion des programmes virulents
La privation de liberté jusqu’à 2 ans (Création ou diffusion des programmes virulents qui ont porté préjudice aux autres ordinateurs). Amende de 15 ooo euro à 28 000 euro.
Article – 113. Utilisation du logiciel non de licence
La privation de liberté jusqu’à 2 ans (Utilisation du logiciel non de licence). Amende de 10 ooo euro à 22 ooo euro.
Article – 99. Fraude avec les cartes de paiement, carding
La privation de liberté jusqu’à 5 ans (Opérations avec l’utilisation de la carte de paiement ou des accessoires, non initié ou non confirmé par son titulaire). Amende de 30 ooo euro à 75 ooo euro avec la mainmise.
Article 156. Diffusion du spam du contenu pornographique
La privation de liberté jusqu’à 2 ans (Diffusion du spam du contenu pornographique au moyen des lettres électroniques et des réseaux sociaux). Amende de 16 ooo euro à 38 ooo euro.
La liberté jusqu’à 25 ans sans droit de pourvois en appel (Visite des sites des groupements terroristes). Amende de 35 ooo euro à 45 ooo euro avec la mainmise.

The scary warning supposedly originating from Ministère de L’intérieur tells that the reason for the computer being locked is various illegal activity of user on the locked machine. In particular, the virus accuses users of watching a lot of explicit sinful information online, downloading, keeping and distributing various illegal copies of audio, video and software materials, sending unsolicited spam to various addressees and even visiting the sites of terrorist organizations for the purpose of supporting them. Of course, this is a pack of lies told by ransomware makers. You’ve never committed any crimes like those listed above, right? Well, then you should have a piece of mind, in spite of your system being locked like this. Ministère de L’intérieur ransomware belongs to the Reveton-type of Trojan infection. It is possible to get rid of it via Safe Mode or Safe Mode with Command Prompt.

Please follow the direct Ministère de L’intérieur virus removal guidelines below. This will help you unlock your system, however, you will first need to implement certain manual removal steps, before running our recommended security software.

Ransomware removal solutions

Solution 1 (automatic)

NB! This solution is applicable for all GreenDot MoneyPak, Ukash and Paysafecard ransomwares.

    1. Reboot your system and press F8 repeatedly while it is restarting.
    2. Select Safe Mode with Networking.

Safe Mode with Networking

    1. Click Start and in the open space type Run, or press [Win]+R on keyboard.

Start - Run

    1. Type msconfig and press “OK“.

msconfig

  1. Disable startup items rundll32 turning on any application from Application Data.
  2. Reboot your computer once again.
  3. Scan your system with GridinSoft Trojan Killer to identify the infected file and delete it.

NB! Some versions of these viruses disable all safe modes, but give a short gap that you can use to run anti-malware tools. Then act as follows:

    1. Reboot normally.
    2. Click Start and in the open space type Run.

Start - Run

    1. Enter the text https://trojan-killer.net/download.php in the open field.

Download link for Trojan Killer

  1. If the malware is loaded, just press Alt+Tab once and keep entering the string blindly then press Enter. Press Alt+tab and then R (letter) a couple of times. The process of ransomware virus should be killed after you succeed to download, install our recommended software and scan your system with it.

Solution 2 (automatic)

    1. Go to your friend, relative or anybody else who has computer with Internet connection.
    2. Take your USB flash drive / Memory Stick with you.
    3. Download GridinSoft Trojan Killer installation file from this site https://trojan-killer.net/download.php and save it to your USB flash drive / Memory Stick.
    4. Get back to your infected PC and insert the USB Drive / Memory Stick into the respective USB slot.
    5. Perform hard reset (press reset button on your computer) if your infected PC has been on with ransomware’s background. If not, then simply turn your PC on.
    6. Before the very boot process begins keep repeatedly hitting “F8” button on your keyboard.
    7. In the window that appeared select “Safe Mode with Command Prompt” option and press Enter.

Safe Mode with Command Prompt

    1. Choose your operating system and user account which was infected with ransomware virus.
    2. In the cmd.exe window type “explorer” and press “Enter” button on your keyboard.
    3. Select “My Computer” and choose your USB flash drive / Memory Stick.
    4. Run the installation file of GridinSoft Trojan Killer. Install the program and run scan with it. (update of the program will not work for “Safe mode with command prompt” option)
    5. When the hijackers are successfully disabled (fixed) by GridinSoft Trojan Killer you may close GridinSoft Trojan Killer application.
    6. In the cmd.exe window type “shutdown /r /t 0” and press “Enter” button on your keyboard.

shutdown /r /t 0

  1. Upon system reboot your PC will be unlocked and you will be able to use it just as before the infection took pace.
  2. However, it is recommended that you now update GridinSoft Trojan Killer and run the scan with it again to remove the source of the infections causing ransomware virus to infect your PC.

Similar automatic removal video

Solution 3 (manual)

    1. Restart your system into “Safe Mode with Command Prompt“. While the PC is booting press the “F8 key” continuously, which should present the “Windows Advanced Options Menu” (for Windows XP) or “Advanced Boot Options” (for Windows 7 and Vista) as presented in the image below. Apply the arrow keys in order to move to “Safe Mode with Command Prompt” and hit Enter key of your keyboard. Login as the same user you were previously logged in under the normal Windows mode.

Safe Mode with Command Prompt

    1. Once Windows boots successfully, the Windows command prompt would appear as described at the screenshot below. At the command prompt, type-in the word “explorer.exe“, and press Enter. Windows Explorer should open. Please do not yet close it. You can minimize it for a while.

explorer.exe

    1. Afterwards open the Registry editor by applying the same Windows command prompt. Type-in the word “regedit.exe” and hit Enter button of your keyboard. The Registry Editor should open.

regedit.exe

    1. Find the following registry entry:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon

    1. In the right-side panel select the registry entry named Shell. Right click on this registry key and select “Modify” option. Its default value should be “Explorer.exe“. However, ransomware virus did its job, and so after you click “Modify” you would see totally different value of this registry entry.
    2. Copy the location of the modified value of the above-mentioned registry entry to the piece of paper or memorize its location. It shows where exactly the main executable of ransomware virus is located.
    3. Modify the value of the registry entry back to “explorer.exe” and save the settings of the Registry Editor.
    4. Go to the location indicated in the value of modified registry entry. Remove the malicous file. Use the file location you copied into the piece of paper or otherwise noted in step in previous step.
    5. Get back to “Normal Mode“. In order to reboot your system, when at the command prompt, type-in the following phrase “shutdown /r /t 0” (without the quotation marks) and hit Enter button.

shutdown /r /t 0

  1. The virus should be gone. However, in order to clean your PC from other possible virus threats and malware remnants, make sure to download and run GridinSoft Trojan Killer.

Similar manual removal video

You may also like...

Leave a Reply