Remove “Everything on your computer has been fully encrypted” virus

If your computer is locked, and you are seeing an “Everything on your computer has been fully encrypted” notification from the U.S Department of Justice, then your computer is infected with a piece of malware known as Trojan:Win32/Harasom.A.

The “Everything on your computer has been fully encrypted” virus is distributed through several means. Malicious websites, or legitimate websites that have been hacked, can infect your machine through exploit kits that use vulnerabilities on your computer to install this trojan without your permission of knowledge.
Another method used to propagate this type of malware is spam email containing infected attachments or links to malicious websites. Cyber-criminals spam out an email, with forged header information, tricking you into believing that it is from a shipping company like DHL or FedEx. The email tells you that they tried to deliver a package to you, but failed for some reason. Sometimes the emails claim to be notifications of a shipment you have made. Either way, you can’t resist being curious as to what the email is referring to – and open the attached file (or click on a link embedded inside the email). And with that, your computer is infected with the “Everything on your computer has been fully encrypted” virus.
The threat may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software, for instance a bogus update for Adobe Flash Player or another piece of software.
The “Everything on your computer has been fully encrypted” virus is also prevalent on peer-to-peer file sharing websites and is often packaged with pirated or illegally acquired software.

Once installed on your computer, the “Everything on your computer has been fully encrypted” virus will display a bogus notification that pretends to be from Department of Homeland Security’s “Everything on your computer has been fully encrypted”, and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.

The “Everything on your computer has been fully encrypted” virus will lock you out of your computer and applications, so whenever you’ll try to log on into your Windows operating system , it will display instead a lock screen asking you to pay a non-existing fine of $100 USD in the form of MoneyPak, Vanilla Reload, or Reloadit voucher.
Furthermore, to make this alert seem more authentic, this virus also has the ability to access your installed webcam, so that the bogus “Everything on your computer has been fully encrypted” notification shows what is happening in the room.

The “Everything on your computer has been fully encrypted” virus locks the computer and depending on the user’s current location, displays a localized webpage that covers the entire desktop of the infected computer and demands
Everything on your computer has been fully encrypted ransomware
Cyber criminals often updated the design of this lock screen, however you should always keep in mind that U.s Department of Justice will never lock down your computer or monitor your online activities.

The message displayed by the threat can be localized depending on the user’s location, with text written in the appropriate language.

The United States Department of Justice
The common law is the will of mankind issuing from the life of the people.

Everything on your computer has been fully encrypted.
Your computer has been blocked!

All activities of this computer has been recorded. All your files are encrypted. Don’t try to unlock your computer.

This PC is blocked due to at Least one of the specified below.

You possess unlicensed software and pirate audio and video records.

Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law on Neglectful Use of Personal Computer.

Your are a distributor of pornography and porno materials, regularly watch porno sites with child pornography and zoophilia.

In connection with the decision of the Government as of January 26, 2013, all of the violations described above could be considered criminal. If the fine has not been paid, you will become the subject of criminal prosecution. The fine is applicable only in the case of a primary violation. In the case of second violation you will appear before the Supreme Court of the USA.

ALL ILLEGAL ACTIVITIES CONDUCTED THROUGH YOUR COMPUTER HAVE BEEN RECORDED IN THE POLICE DATABASE, INCLUDING PHOTOS AND VIDEOS FROM YOUR CAMERA FOR FURTHER IDENTIFICATION.

To unlock your computer and avoid other legal consequences, you are obligated to pay a release fee of $100.

This infection will also scan your computer for files that end with the .ddrw ,.pptm ,.dotm ,.xltx ,.text ,.docm ,.djvu ,.potx ,.jpeg ,.pptx ,.sldm ,.xlsm ,.sldx ,.xlsb ,.ppam ,.xlsx ,.ppsm ,.ppsx ,.docx ,.odp ,.eml ,.ods ,.dot ,.php ,.xla ,.pas ,.gif ,.mpg ,.ppt ,.bkf ,.sda ,.mdf ,.ico ,.dwg ,.mbx ,.sfx ,.mdb ,.zip ,.xlt extensions and then encrypt them. When the ransomware encrypts a file it will rename it as a HTML file and then embed the encrypted file inside of it. If you then attempt to launch any of these encrypted files, you will be taken to a web page, which is currently at htxp://mdlblock.in, that prompts you to pay the ransom in the form of a MoneyPak, Vanilla Reload, or Reloaditvoucher.

The “Everything on your computer has been fully encrypted” lock screen is a scam, and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you send any MoneyPak, Vanilla Reload, or Reloadit vouchers to these cyber-criminals, and if you have, you can  should request a refund, stating that you are the victim of a computer virus and scam.

“Everything on your computer has been fully encrypted” – Virus Removal Guide

This page is a comprehensive guide, which will remove the “Everything on your computer has been fully encrypted” infection from your your computer. Please perform all the steps in the correct order. If you have any questions or doubt at any point STOP and ask for our assistance.
The “Everything on your computer has been fully encrypted” will start automatically when you login to your computer and display its screen locker so that you are unable to access your computer, therefore we will need to remove this infection by using the Safe Mode with Networking mode.
STEP 1: Start your computer in Safe Mode with Networking
STEP 2: Remove “Everything on your computer has been fully encrypted” encryption with Emsisofft
STEP 3: Remove “Everything on your computer has been fully encrypted” virus with Malwarebytes Anti-Malware Free
STEP 4: Double-check for the “Everything on your computer has been fully encrypted” infection with HitmanPro

STEP 1 : Start your computer in Safe Mode with Networking

  1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
  2. When the computer starts you will see your computer’s hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presened with the Windows XP, Vista or 7 Advanced Boot Options.
    [Image: F8 key]
    If you are using Windows 8, press the Windows key + C, and then click Settings. Click Power, hold down Shift on your keyboard and click Restart, then click on Troubleshoot and select Advanced options. In the Advanced Options screen, select Startup Settings, then click on Restart.
  3. If you are using Windows XP, Vista or 7 in the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
    [Image: Safemode.jpg]\
    If you are using Windows 8, press 5  on your keyboard to Enable Safe Mode with Networking.
    Windows will start in Safe Mode with Networking.

STEP 2: Remove “Everything on your computer has been fully encrypted” encryption with Emsisoft Harasom Decrypter

The “Everything on your computer has been fully encrypted” virus will encrypt all your personal files, changing their default extension to a HTLM format. To restore your files from the .html to their default extension, we will use the Emsisoft Harasom Decrypter.
This utility will automatically detect the encrypted malware files and tries to recover the file names as well.

  1. You can download the Emsisoft Harasom Decrypter recovery tool from the below link.
    Emsisoft Harasom Decrypter DOWNLOAD LINK (This link will open a new web page from where you can download the Emsisoft Harasom Decrypter)
  2. Once the file has been downloaded, double-click on the decrypt_harasom.exe icon to start the program. If Windows Smart Screen issues an alert, please allow the program to run anyway. To start the decryption process, please click on the Decrypt button.
    [Image: Emsisoft Harasom Decrypter]
    The Emsisoft Harasom Decrypter will now scan your computer for variants of the Harasom infection and quarantine them.When it has finished, please review the results and then close the program. You can now check your data and if it opens properly, delete the encrypted versions found on your hard drive.

STEP 3: Remove “Everything on your computer has been fully encrypted” virus with Malwarebytes Anti-Malware FREE

Malwarebytes Anti-Malware Free is a powerful on-demand scanner which will remove “Everything on your computer has been fully encrypted” malicious files from your computer.

  1. You can download Malwarebytes Anti-Malware Free from the below link, then double-click on the icon named mbam-setup.exe to install this program.
    MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK(This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)
  2. When the installation begins, keep following the prompts in order to continue with the setup process, then at the last screen click on the Finish button.
    [Image: Malwarebytes Anti-Malware final installation screen]
  3. On the Scanner tab, select Perform quick scan, and then click on the Scan button to start searching for the Everything on your computer has been fully encrypted malicious files.
    [Image: Malwarebytes Anti-Malware Quick Scan]
  4. Malwarebytes’ Anti-Malware will now start scanning your computer for Everything on your computer has been fully encrypted virus as shown below.
    [Image: Malwarebytes Anti-Malware scanning for Everything on your computer has been fully encrypted
  5. When the Malwarebytes Anti-Malware scan has finished, click on the Show Results button.
    [Image: Malwarebytes Anti-Malware scan results]
  6. You will now be presented with a screen showing you the computer infections that Malwarebytes Anti-Malware has detected. Make sure that everything is Checked (ticked), then click on the Remove Selected button.
    [Image: Malwarebytes Anti-Malwar removing Everything on your computer has been fully encrypted virus]
  7. Once your computer will restart in Windows regular mode, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats.

STEP 4: Double-check for the “Everything on your computer has been fully encrypted” infection with HitmanPro

HitmanPro is a cloud on-demand scanner, which will scan your computer with 5 antivirus engines (Emsisoft, Bitdefender, Dr. Web, G-Data and Ikarus) for the Everything on your computer has been fully encrypted infection.

  1. You can download HitmanPro from the below link:
    HITMANPRO DOWNLOAD LINK (This link will open a web page from where you can download HitmanPro)
  2. Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows). When the program starts you will be presented with the start screen as shown below.
    HitmanPro scanner
    Click on the Next button, to install HitmanPro on your computer.
    HitmanPro installation
  3. HitmanPro will now begin to scan your computer for Everything on your computer has been fully encrypted trojan.
    HitmanPro detecting for Everything on your computer has been fully encrypted virus
  4. When it has finished it will display a list of all the malware that the program found as shown in the image below. Click on the Next button, to remove Everything on your computer has been fully encrypted virus.
    HitmanPro scan results
  5. Click on the Activate free license button to begin the free 30 days trial, and remove all the malicious files from your computer.
    [Image: HitmanPro 30 days activation button]

Your computer should now be free of the “Everything on your computer has been fully encrypted” infection. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future, and perform regular computer scans with HitmanPro.
If you are still experiencing problems while trying to remove “Everything on your computer has been fully encrypted” Moneypak virus from your machine, please start a new thread in our Malware Removal Assistance forum.

IT’S YOUR TURN TO HELP!

If we have managed to help with your computer issues, then please let other people know that this article will help them!
You can share this article on Facebook,Twitter or Google Plus by using the below buttons.

ABOUT STELIAN PILICI

I am the creator and owner of MalwareTips.com.
My area of expertise includes malware removal and computer forensics. I'm active in the various online anti-malware communities where I do researches for new malware threats as they are released.
I live in Bucharest (Romania), where I run my own local computer repair shop.
I repair both hardware and other operating systems related issues, however most of my business is malware related problems.

You can follow me on Google+ , and I will keep you up-to-date with the latest computer infections and malware threats.

SUPPORT MALWARETIPS! (OPTIONAL)

All our malware removal guides and utilities are completely free!
We do not request any kind of payment for our services, however if you like to support us with our website costs, you can make a small donation. Any amount is appreciated, and will support our fight against malware.