Child Safety Online
Many users, even the most experienced, sometimes do not suspect that having protected themselves, they forget about their own children. They forget, especially when creating different accounts in the OS…

Continue reading →

Drivers & Firmware
Very often I come across a situation where I need to find and download drivers for various devices. Especially often this has to be done when repairing computers (reinstalling the…

Continue reading →

Apple iPhone OS
Preamble: Recently, all sorts of mobile and, especially fashionable, cloud technologies have captured the attention of mankind. Desktops and laptops faded into the background, giving way to more compact and…

Continue reading →

Delete a banner using Kaspersky WindowsUnlocker

Today, the removal of ransomware viruses has become somewhat more complicated than before – many time-tested methods do not work. For example, now it’s unlikely that you can unblock a malicious program using code, rewind time in BIOS for several years, or calmly enter safe mode and use the registry editor. Solving the tricks of unscrupulous creators of Windows blockers, users have to learn more professional methods. Now, every person who faces the problem of removing the banner has a boot disk, with which you can cure the infected computer by importing a registry of the affected operating system. However, Kaspersky Lab has prepared a wonderful free tool specifically for dealing with various advertising modules, the use of which will significantly reduce time and effort in order to unlock the banner. In this article we will consider it in more detail. You can also study our main article about banner removal.

Create bootable media
To get started, you will need to download the image of the Kaspersky Rescue Disk boot disk, which comes with the necessary Kaspersky WindowsUnlocker utility. After that, you will need to create a boot disk or flash drive. In order to create a disc, you can use any program for cutting optical discs (Nero, Ashampoo Burning Studio and others). If you decide to make a bootable USB flash drive / USB drive (namely, this option is now most relevant), you will need to perform the following algorithm of actions:

get a USB drive with at least 256 megabytes of memory
format it in FAT16 or in FAT32
download a special program for recording a previously downloaded image onto a medium
run rescue2usb.exe file and select the necessary drive
press the “Start” button and wait for a message about recording completion

Delete the ransomware banner
On this, the creation of the boot image is completed and you can proceed directly to the removal of the banner. To do this, restart the computer, go into the BIOS (usually called using the F2 or Del keys) and select the one we created as the boot disk. In the process of loading the image for more comfortable work, select the Russian language and graphic mode, you will also need to accept the terms of the agreement from the software manufacturer. After successfully loading the system, you will need to call the terminal by clicking the button in the lower left corner of the screen. When the terminal is loaded, enter the windowsunlocker command and press Enter on the computer keyboard and follow the instructions – to unlock the registry, you will need to press 1 and Enter, to exit, enter 0. Kaspersky Lab, after cleaning the registry, also recommends running a full computer scan using Rescue Disk whose shortcut can be found on the desktop.

However, it happens that the utility does not help and after loading into the “native” operating system the banner remains in its place. This tells us that he registered more cleverly, but in this case the boot image will be very useful, as it has a built-in registry editor (the shortcut is on the desktop if you used the graphical mode. Using the registry editor manually check the following paths:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ WindowsNT \ CurrentVersion \ Winlogon

Here you need to check three parameters:

Shell parameter must be Explorer.exe
UIHost parameter must be set to logonui.exe
Userinit must be set to C: \ Windows \ system32 \ userinit.exe

If any of the parameters has an incorrect value, it should be corrected manually. The same should be done further if you find a mismatch.

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run

In this thread, each parameter is responsible for automatically loading applications when Windows starts, so if a program seems suspicious to you, turn it off. As a rule, executable files of suspicious programs are located on the boot disk, in user folders or in the Temp folder.

Similarly, we check the following two registry branches for specific users (if the user is not one, check for each)

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run

After successfully getting rid of the banner, it is recommended to check all disks with anti-virus software. This article is completed and we hope that the information provided was useful to you.

Apple iPhone OS
Preamble: Recently, all sorts of mobile and, especially fashionable, cloud technologies have captured the attention of mankind. Desktops and laptops faded into the background, giving way to more compact and…


Mozilla Firefox Web Browser Overview
For more than 10 years I have been using the "Firefox" browser in my daily work on my PC and have gained a decent experience, which I hasten to share.…


Why does the computer not see the USB flash drive? 8 reasons
Sometimes at the most inopportune moment, when it is urgent to remove information from a USB flash drive to a PC, the computer refuses to see the new device. It…


Windows Maintenance Programs
Computer maintenance can be both physical (dust removal, etc.) and software. The second is more related to the operating system, since the software maintenance of the PC itself at home…