Remove “Everything on your computer has been fully encrypted” virus

If your computer is locked, and you are seeing an “Everything on your computer has been fully encrypted” notification from the U.S Department of Justice, then your computer is infected with a piece of malware known as Trojan:Win32/Harasom.A.

The “Everything on your computer has been fully encrypted” virus is distributed through several means. Malicious websites, or legitimate websites that have been hacked, can infect your machine through exploit kits that use vulnerabilities on your computer to install this trojan without your permission of knowledge.
Another method used to propagate this type of malware is spam email containing infected attachments or links to malicious websites. Cyber-criminals spam out an email, with forged header information, tricking you into believing that it is from a shipping company like DHL or FedEx. The email tells you that they tried to deliver a package to you, but failed for some reason. Sometimes the emails claim to be notifications of a shipment you have made. Either way, you can’t resist being curious as to what the email is referring to – and open the attached file (or click on a link embedded inside the email). And with that, your computer is infected with the “Everything on your computer has been fully encrypted” virus.
The threat may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software, for instance a bogus update for Adobe Flash Player or another piece of software.
The “Everything on your computer has been fully encrypted” virus is also prevalent on peer-to-peer file sharing websites and is often packaged with pirated or illegally acquired software.

Once installed on your computer, the “Everything on your computer has been fully encrypted” virus will display a bogus notification that pretends to be from Department of Homeland Security’s “Everything on your computer has been fully encrypted”, and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.

The “Everything on your computer has been fully encrypted” virus will lock you out of your computer and applications, so whenever you’ll try to log on into your Windows operating system , it will display instead a lock screen asking you to pay a non-existing fine of $100 USD in the form of MoneyPak, Vanilla Reload, or Reloadit voucher.
Furthermore, to make this alert seem more authentic, this virus also has the ability to access your installed webcam, so that the bogus “Everything on your computer has been fully encrypted” notification shows what is happening in the room.

The “Everything on your computer has been fully encrypted” virus locks the computer and depending on the user’s current location, displays a localized webpage that covers the entire desktop of the infected computer and demands
Everything on your computer has been fully encrypted ransomware
Cyber criminals often updated the design of this lock screen, however you should always keep in mind that U.s Department of Justice will never lock down your computer or monitor your online activities.

The message displayed by the threat can be localized depending on the user’s location, with text written in the appropriate language.

The United States Department of Justice
The common law is the will of mankind issuing from the life of the people.

Everything on your computer has been fully encrypted.
Your computer has been blocked!

All activities of this computer has been recorded. All your files are encrypted. Don’t try to unlock your computer.

This PC is blocked due to at Least one of the specified below.

You possess unlicensed software and pirate audio and video records.

Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law on Neglectful Use of Personal Computer.

Your are a distributor of pornography and porno materials, regularly watch porno sites with child pornography and zoophilia.

In connection with the decision of the Government as of January 26, 2013, all of the violations described above could be considered criminal. If the fine has not been paid, you will become the subject of criminal prosecution. The fine is applicable only in the case of a primary violation. In the case of second violation you will appear before the Supreme Court of the USA.

ALL ILLEGAL ACTIVITIES CONDUCTED THROUGH YOUR COMPUTER HAVE BEEN RECORDED IN THE POLICE DATABASE, INCLUDING PHOTOS AND VIDEOS FROM YOUR CAMERA FOR FURTHER IDENTIFICATION.

To unlock your computer and avoid other legal consequences, you are obligated to pay a release fee of $100.

This infection will also scan your computer for files that end with the .ddrw ,.pptm ,.dotm ,.xltx ,.text ,.docm ,.djvu ,.potx ,.jpeg ,.pptx ,.sldm ,.xlsm ,.sldx ,.xlsb ,.ppam ,.xlsx ,.ppsm ,.ppsx ,.docx ,.odp ,.eml ,.ods ,.dot ,.php ,.xla ,.pas ,.gif ,.mpg ,.ppt ,.bkf ,.sda ,.mdf ,.ico ,.dwg ,.mbx ,.sfx ,.mdb ,.zip ,.xlt extensions and then encrypt them. When the ransomware encrypts a file it will rename it as a HTML file and then embed the encrypted file inside of it. If you then attempt to launch any of these encrypted files, you will be taken to a web page, which is currently at htxp://mdlblock.in, that prompts you to pay the ransom in the form of a MoneyPak, Vanilla Reload, or Reloaditvoucher.

The “Everything on your computer has been fully encrypted” lock screen is a scam, and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you send any MoneyPak, Vanilla Reload, or Reloadit vouchers to these cyber-criminals, and if you have, you can  should request a refund, stating that you are the victim of a computer virus and scam.

“Everything on your computer has been fully encrypted” – Virus Removal Guide

This page is a comprehensive guide, which will remove the “Everything on your computer has been fully encrypted” infection from your your computer. Please perform all the steps in the correct order. If you have any questions or doubt at any point STOP and ask for our assistance.
The “Everything on your computer has been fully encrypted” will start automatically when you login to your computer and display its screen locker so that you are unable to access your computer, therefore we will need to remove this infection by using the Safe Mode with Networking mode.
STEP 1: Start your computer in Safe Mode with Networking
STEP 2: Remove “Everything on your computer has been fully encrypted” encryption with Emsisofft
STEP 3: Remove “Everything on your computer has been fully encrypted” virus with Malwarebytes Anti-Malware Free
STEP 4: Double-check for the “Everything on your computer has been fully encrypted” infection with HitmanPro

STEP 1 : Start your computer in Safe Mode with Networking

  1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
  2. When the computer starts you will see your computer’s hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presened with the Windows XP, Vista or 7 Advanced Boot Options.
    [Image: F8 key]
    If you are using Windows 8, press the Windows key + C, and then click Settings. Click Power, hold down Shift on your keyboard and click Restart, then click on Troubleshoot and select Advanced options. In the Advanced Options screen, select Startup Settings, then click on Restart.
  3. If you are using Windows XP, Vista or 7 in the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
    [Image: Safemode.jpg]\
    If you are using Windows 8, press 5  on your keyboard to Enable Safe Mode with Networking.
    Windows will start in Safe Mode with Networking.

STEP 2: Remove “Everything on your computer has been fully encrypted” encryption with Emsisoft Harasom Decrypter

The “Everything on your computer has been fully encrypted” virus will encrypt all your personal files, changing their default extension to a HTLM format. To restore your files from the .html to their default extension, we will use the Emsisoft Harasom Decrypter.
This utility will automatically detect the encrypted malware files and tries to recover the file names as well.

  1. You can download the Emsisoft Harasom Decrypter recovery tool from the below link.
    Emsisoft Harasom Decrypter DOWNLOAD LINK (This link will open a new web page from where you can download the Emsisoft Harasom Decrypter)
  2. Once the file has been downloaded, double-click on the decrypt_harasom.exe icon to start the program. If Windows Smart Screen issues an alert, please allow the program to run anyway. To start the decryption process, please click on the Decrypt button.
    [Image: Emsisoft Harasom Decrypter]
    The Emsisoft Harasom Decrypter will now scan your computer for variants of the Harasom infection and quarantine them.When it has finished, please review the results and then close the program. You can now check your data and if it opens properly, delete the encrypted versions found on your hard drive.

STEP 3: Remove “Everything on your computer has been fully encrypted” virus with Malwarebytes Anti-Malware FREE

Malwarebytes Anti-Malware Free is a powerful on-demand scanner which will remove “Everything on your computer has been fully encrypted” malicious files from your computer.

  1. You can download Malwarebytes Anti-Malware Free from the below link, then double-click on the icon named mbam-setup.exe to install this program.
    MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK(This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)
  2. When the installation begins, keep following the prompts in order to continue with the setup process, then at the last screen click on the Finish button.
    [Image: Malwarebytes Anti-Malware final installation screen]
  3. On the Scanner tab, select Perform quick scan, and then click on the Scan button to start searching for the Everything on your computer has been fully encrypted malicious files.
    [Image: Malwarebytes Anti-Malware Quick Scan]
  4. Malwarebytes’ Anti-Malware will now start scanning your computer for Everything on your computer has been fully encrypted virus as shown below.
    [Image: Malwarebytes Anti-Malware scanning for Everything on your computer has been fully encrypted
  5. When the Malwarebytes Anti-Malware scan has finished, click on the Show Results button.
    [Image: Malwarebytes Anti-Malware scan results]
  6. You will now be presented with a screen showing you the computer infections that Malwarebytes Anti-Malware has detected. Make sure that everything is Checked (ticked), then click on the Remove Selected button.
    [Image: Malwarebytes Anti-Malwar removing Everything on your computer has been fully encrypted virus]
  7. Once your computer will restart in Windows regular mode, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats.

STEP 4: Double-check for the “Everything on your computer has been fully encrypted” infection with HitmanPro

HitmanPro is a cloud on-demand scanner, which will scan your computer with 5 antivirus engines (Emsisoft, Bitdefender, Dr. Web, G-Data and Ikarus) for the Everything on your computer has been fully encrypted infection.

  1. You can download HitmanPro from the below link:
    HITMANPRO DOWNLOAD LINK (This link will open a web page from where you can download HitmanPro)
  2. Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows). When the program starts you will be presented with the start screen as shown below.
    HitmanPro scanner
    Click on the Next button, to install HitmanPro on your computer.
    HitmanPro installation
  3. HitmanPro will now begin to scan your computer for Everything on your computer has been fully encrypted trojan.
    HitmanPro detecting for Everything on your computer has been fully encrypted virus
  4. When it has finished it will display a list of all the malware that the program found as shown in the image below. Click on the Next button, to remove Everything on your computer has been fully encrypted virus.
    HitmanPro scan results
  5. Click on the Activate free license button to begin the free 30 days trial, and remove all the malicious files from your computer.
    [Image: HitmanPro 30 days activation button]

Your computer should now be free of the “Everything on your computer has been fully encrypted” infection. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future, and perform regular computer scans with HitmanPro.
If you are still experiencing problems while trying to remove “Everything on your computer has been fully encrypted” Moneypak virus from your machine, please start a new thread in our Malware Removal Assistance forum.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Leave a Comment