If your computer is locked, and you are seeing an “Everything on your computer has been fully encrypted” notification from the U.S Department of Justice, then your computer is infected with a piece of malware known as Trojan:Win32/Harasom.A.
The “Everything on your computer has been fully encrypted” virus is distributed through several means. Malicious websites, or legitimate websites that have been hacked, can infect your machine through exploit kits that use vulnerabilities on your computer to install this trojan without your permission of knowledge.
Another method used to propagate this type of malware is spam email containing infected attachments or links to malicious websites. Cyber-criminals spam out an email, with forged header information, tricking you into believing that it is from a shipping company like DHL or FedEx. The email tells you that they tried to deliver a package to you, but failed for some reason. Sometimes the emails claim to be notifications of a shipment you have made. Either way, you can’t resist being curious as to what the email is referring to – and open the attached file (or click on a link embedded inside the email). And with that, your computer is infected with the “Everything on your computer has been fully encrypted” virus.
The threat may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software, for instance a bogus update for Adobe Flash Player or another piece of software.
The “Everything on your computer has been fully encrypted” virus is also prevalent on peer-to-peer file sharing websites and is often packaged with pirated or illegally acquired software.
Once installed on your computer, the “Everything on your computer has been fully encrypted” virus will display a bogus notification that pretends to be from Department of Homeland Security’s “Everything on your computer has been fully encrypted”, and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.
The “Everything on your computer has been fully encrypted” virus will lock you out of your computer and applications, so whenever you’ll try to log on into your Windows operating system , it will display instead a lock screen asking you to pay a non-existing fine of $100 USD in the form of MoneyPak, Vanilla Reload, or Reloadit voucher.
Furthermore, to make this alert seem more authentic, this virus also has the ability to access your installed webcam, so that the bogus “Everything on your computer has been fully encrypted” notification shows what is happening in the room.
The “Everything on your computer has been fully encrypted” virus locks the computer and depending on the user’s current location, displays a localized webpage that covers the entire desktop of the infected computer and demands
Cyber criminals often updated the design of this lock screen, however you should always keep in mind that U.s Department of Justice will never lock down your computer or monitor your online activities.
The message displayed by the threat can be localized depending on the user’s location, with text written in the appropriate language.
The United States Department of Justice
The common law is the will of mankind issuing from the life of the people.
Everything on your computer has been fully encrypted.
Your computer has been blocked!
All activities of this computer has been recorded. All your files are encrypted. Don’t try to unlock your computer.
This PC is blocked due to at Least one of the specified below.
You possess unlicensed software and pirate audio and video records.
Illegal access has been initiated from your PC without your knowledge or consent, your PC may be infected by malware, thus you are violating the law on Neglectful Use of Personal Computer.
Your are a distributor of pornography and porno materials, regularly watch porno sites with child pornography and zoophilia.
In connection with the decision of the Government as of January 26, 2013, all of the violations described above could be considered criminal. If the fine has not been paid, you will become the subject of criminal prosecution. The fine is applicable only in the case of a primary violation. In the case of second violation you will appear before the Supreme Court of the USA.
ALL ILLEGAL ACTIVITIES CONDUCTED THROUGH YOUR COMPUTER HAVE BEEN RECORDED IN THE POLICE DATABASE, INCLUDING PHOTOS AND VIDEOS FROM YOUR CAMERA FOR FURTHER IDENTIFICATION.
To unlock your computer and avoid other legal consequences, you are obligated to pay a release fee of $100.
This infection will also scan your computer for files that end with the .ddrw ,.pptm ,.dotm ,.xltx ,.text ,.docm ,.djvu ,.potx ,.jpeg ,.pptx ,.sldm ,.xlsm ,.sldx ,.xlsb ,.ppam ,.xlsx ,.ppsm ,.ppsx ,.docx ,.odp ,.eml ,.ods ,.dot ,.php ,.xla ,.pas ,.gif ,.mpg ,.ppt ,.bkf ,.sda ,.mdf ,.ico ,.dwg ,.mbx ,.sfx ,.mdb ,.zip ,.xlt extensions and then encrypt them. When the ransomware encrypts a file it will rename it as a HTML file and then embed the encrypted file inside of it. If you then attempt to launch any of these encrypted files, you will be taken to a web page, which is currently at htxp://mdlblock.in, that prompts you to pay the ransom in the form of a MoneyPak, Vanilla Reload, or Reloaditvoucher.
The “Everything on your computer has been fully encrypted” lock screen is a scam, and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you send any MoneyPak, Vanilla Reload, or Reloadit vouchers to these cyber-criminals, and if you have, you can should request a refund, stating that you are the victim of a computer virus and scam.
“Everything on your computer has been fully encrypted” – Virus Removal Guide
This page is a comprehensive guide, which will remove the “Everything on your computer has been fully encrypted” infection from your your computer. Please perform all the steps in the correct order. If you have any questions or doubt at any point STOP and ask for our assistance.
The “Everything on your computer has been fully encrypted” will start automatically when you login to your computer and display its screen locker so that you are unable to access your computer, therefore we will need to remove this infection by using the Safe Mode with Networking mode.
STEP 1: Start your computer in Safe Mode with Networking
STEP 2: Remove “Everything on your computer has been fully encrypted” encryption with Emsisofft
STEP 3: Remove “Everything on your computer has been fully encrypted” virus with Malwarebytes Anti-Malware Free
STEP 4: Double-check for the “Everything on your computer has been fully encrypted” infection with HitmanPro
STEP 1 : Start your computer in Safe Mode with Networking
- Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
- When the computer starts you will see your computer’s hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presened with the Windows XP, Vista or 7 Advanced Boot Options.
If you are using Windows 8, press the Windows key + C, and then click Settings. Click Power, hold down Shift on your keyboard and click Restart, then click on Troubleshoot and select Advanced options. In the Advanced Options screen, select Startup Settings, then click on Restart.
- If you are using Windows XP, Vista or 7 in the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
If you are using Windows 8, press 5 on your keyboard to Enable Safe Mode with Networking.
Windows will start in Safe Mode with Networking.
STEP 2: Remove “Everything on your computer has been fully encrypted” encryption with Emsisoft Harasom Decrypter
The “Everything on your computer has been fully encrypted” virus will encrypt all your personal files, changing their default extension to a HTLM format. To restore your files from the .html to their default extension, we will use the Emsisoft Harasom Decrypter.
This utility will automatically detect the encrypted malware files and tries to recover the file names as well.
- You can download the Emsisoft Harasom Decrypter recovery tool from the below link.
Emsisoft Harasom Decrypter DOWNLOAD LINK (This link will open a new web page from where you can download the Emsisoft Harasom Decrypter)
- Once the file has been downloaded, double-click on the decrypt_harasom.exe icon to start the program. If Windows Smart Screen issues an alert, please allow the program to run anyway. To start the decryption process, please click on the Decrypt button.
The Emsisoft Harasom Decrypter will now scan your computer for variants of the Harasom infection and quarantine them.When it has finished, please review the results and then close the program. You can now check your data and if it opens properly, delete the encrypted versions found on your hard drive.
STEP 3: Remove “Everything on your computer has been fully encrypted” virus with Malwarebytes Anti-Malware FREE
Malwarebytes Anti-Malware Free is a powerful on-demand scanner which will remove “Everything on your computer has been fully encrypted” malicious files from your computer.
- You can download Malwarebytes Anti-Malware Free from the below link, then double-click on the icon named mbam-setup.exe to install this program.
MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK(This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)
- When the installation begins, keep following the prompts in order to continue with the setup process, then at the last screen click on the Finish button.
- On the Scanner tab, select Perform quick scan, and then click on the Scan button to start searching for the Everything on your computer has been fully encrypted malicious files.
- Malwarebytes’ Anti-Malware will now start scanning your computer for Everything on your computer has been fully encrypted virus as shown below.
- When the Malwarebytes Anti-Malware scan has finished, click on the Show Results button.
- You will now be presented with a screen showing you the computer infections that Malwarebytes Anti-Malware has detected. Make sure that everything is Checked (ticked), then click on the Remove Selected button.
- Once your computer will restart in Windows regular mode, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats.
STEP 4: Double-check for the “Everything on your computer has been fully encrypted” infection with HitmanPro
HitmanPro is a cloud on-demand scanner, which will scan your computer with 5 antivirus engines (Emsisoft, Bitdefender, Dr. Web, G-Data and Ikarus) for the Everything on your computer has been fully encrypted infection.
- You can download HitmanPro from the below link:
HITMANPRO DOWNLOAD LINK (This link will open a web page from where you can download HitmanPro)
- Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows). When the program starts you will be presented with the start screen as shown below.
Click on the Next button, to install HitmanPro on your computer.
- HitmanPro will now begin to scan your computer for Everything on your computer has been fully encrypted trojan.
- When it has finished it will display a list of all the malware that the program found as shown in the image below. Click on the Next button, to remove Everything on your computer has been fully encrypted virus.
- Click on the Activate free license button to begin the free 30 days trial, and remove all the malicious files from your computer.
Your computer should now be free of the “Everything on your computer has been fully encrypted” infection. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future, and perform regular computer scans with HitmanPro.
If you are still experiencing problems while trying to remove “Everything on your computer has been fully encrypted” Moneypak virus from your machine, please start a new thread in our Malware Removal Assistance forum.