Threaten By ‘You have 72 hours to pay the fine’
‘You have 72 hours to pay the fine’ is classified as vicious ransom infection that target to threaten innocent computer users for money. Like many other ransom virus like the Ukash Virus family, Reveton trojans , and the FBI Green Dot Moneypak Virus, ‘You have 72 hours to pay the fine’ scares users with pop-up warning, and claims that you have participated in illegal activities with the pc. You have to pay the fine in three days to escaping from fining more money, being arrested or other comment punishments. But it is a scam used by cyber hackers, and what it claims is not real. So many users were fooled in to pay the specific money for escaping punishments by legitimate law enforcement agencies. So just be caution and education when you encounter ‘You have 72 hours to pay the fine’ and many other familiar alerts for money. This is an enterprise and a sales tactics for cyber hackers to obtain money. Besides, this ransom virus will let hackers drop other computer other computer threats like Trojan, worm, etc.
For escaping further damage, you need to act quickly to completely remove it from your computer. You can follow the guides below to manually delete it.
How to Prevent Being Hacked by ‘You have 72 hours to pay the fine’?
(2) When you download any program, read the license agreement first.
(3) Don’t visit websites with badly websites or unfamiliar websites and web pages
(4) Be cautious when you download any free resources from Internet. Look before you leap.
(5) Do not click any pop-ups
How to Completely Remove ‘You have 72 hours to pay the fine’?
Manual Guides for Reomving ‘You have 72 hours to pay the fine’
Reboot your computer. As the computer is booting but before Windows launches, tap the “F8 key” continuously which should bring up the “Windows Advanced Options Menu” as shown below. Use your arrow keys to highlight “Safe Mode with Networking” option and press Enter key.
Step 2: Stop All Related Processes:
Access Windows Task Manager (Ctrl+Alt+Delete) and kill the rogue ‘You have 72 hours to pay the fine’ process. Please note the infection will have a random name for the process [random] which may contain a sequence of numbers and letters (ie: USYHEY347H372.exe).
[random].exe
Step 3: Remove All Associated Files:
%AppData%\Protector-[rnd].exe %AppData%\Inspector-[rnd].exe %AppData%\vsdsrv32.exe %AppData%\result.db %AppData%\jork_0_typ_col.exe %appdata%\[random].exe %Windows%\system32\[random].exe %Documents and Settings%\[UserName]\Application Data\[random].exe %Documents and Settings%\[UserName]\Desktop\[random].lnk %Documents and Settings%\All Users\Application Data\‘You have 72 hours to pay the fine’ %CommonStartMenu%\Programs\‘You have 72 hours to pay the fine’ %Temp%\0_0u_l.exe %Temp%\ [RANDOM].exe %StartupFolder%\wpbt0.dll %StartupFolder%\ctfmon.lnk %StartupFolder%\ch810.exe %UserProfile%\Desktop\‘You have 72 hours to pay the fine’ >WARNING.txt V.class cconf.txt.enc tpl_0_c.exe irb700.exe dtresfflsceez.exeStep 4: Remove Registry Values
To access Window’s Registry Editor type regedit into the Windows Start Menu text field and press Enter.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random].exe HKEY_LOCAL_MACHINE\SOFTWARE\’You have 72 hours to pay the fine’ HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegistryTools’ = 0 HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system ‘EnableLUA’ = 0 HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Internet Settings ‘WarnOnHTTPSToHTTPRedirect’ = 0 HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegedit’= 0 HKEY_CURRENT_USER\Software\’You have 72 hours to pay the fine’ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘Inspector’ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\’You have 72 hours to pay the fine’ HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableTaskMgr’ = 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Inspector %AppData%\Protector-[rnd].exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\ID 4 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\UID [rnd] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings\net [date of installation] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE\Debugger svchost.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “ConsentPromptBehaviorUser” = 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “EnableLUA” = 0
Automatic Guides for Reomving ‘You have 72 hours to pay the fine’
2) Install Spyhunter Step by Step:
3) Start a full and quick scan with SpyHunter .
4) Remove detected threats.
Attention
Although manual method can remove ‘You have 72 hours to pay the fine’, the manual removal process is a bit risky and complicated. It is not worthy of taking risk of losing some important information. And to ensure with the safety and thoroughness, you can download Anti-Malware program SpyHunter to prevent your computer from more serious effect.
No comments:
Post a Comment