Remove “You shall not pass” virus (Removal Guide)

Photo of author

Written by: Stelian Pilici

Published on:

The “You shall not pass” message is a computer virus, which will block you from visiting Facebook, Google, Youtube and other websites, and instead it will display a picture of Gandalf saying You shall not pass.
[Image: You shall not pass virus]
This threat is distributed through several means. Malicious websites, or legitimate websites that have been compromised, may drop this trojan onto a compromised computer. This drive-by-download often happens surreptitiously. Another method used to propagate this type of malware is spam email containing infected attachments or links to malicious websites. The threat may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software.
The “You shall not pass” virus is also prevalent on peer-to-peer file sharing websites and is often packaged with pirated or illegally acquired software.

Once install on a computer, “You shall not pass” virus will drop several malicious files, and it will modify the Windwos HOSTS file to redirect your web browser to their malicious domains. The HOSTS file is like an address book, when you type an address like www.facebook.com into your browser, the Hosts file is consulted to see if you have the IP address, or “telephone number,” for that site. When infected with this trojan, the cyber criminals will add to your Hosts some new lines, which will resolve domain names to their malicious IP addresses.
[Image: You shall not pass lock]
After your HOSTS file is modified, whenever you’ll try to visit Amazon, Twitter, Bing and other popular websites, you’ll be redirect a to malicious domain which will display a “You shall not pass” notification.

The “You shall not pass” notification is not hard to remove, however in some cases this infection will install a piece of malware known as Backdoor:Win32/Fynloski.A
Backdoor:Win32/Fynloski.A is a trojan that allows unauthorized access and control of an affected computer. It is capable of performing the following functions:

  • Capture video from the webcam
  • Control the clipboard
  • Control the mouse, including the clicks
  • Display a message box
  • Download and execute files
  • Gather system information
  • Hide the operating system’s default screens and windows
  • Open and close the CD-ROM drive door
  • Record sound produced by the computer
  • Record the keystrokes
  • Set a custom background
  • Steal passwords from known applications
  • Type text on the screen

If your computer is infected with “You shall not pass” virus, we recommend that you perform our malware removal guide, and because this trojan is installed with additional pieces of malware, we recommend that you change the passwords for your online accounts.

“You shall not pass” Redirect – VIRUS REMOVAL GUIDE

STEP 1: Reset the Windows Hosts file back to its default settings

The “You shall not pass” trojan has modified your Hosts file, so that you’ll be redirected to those survey websites. To reset the Hosts file back to its default settings, we will run Microsoft Fix it 50267. To reset the Hosts file back to its default settings, we will run Microsoft Fix it 50267, however because usually the cyber criminals have changed the permissions for the HOSTS file, we will first need to revert this modification.

  1. Hosts-perm.bat is a batch file that will reset the permissions for the Windows HOSTS file.
    This infection will change the permissions on the HOSTS file so that you are unable to delete it or modify it. Hosts-perm.bat will reset these permissions so that you will once again have full access to it.
    You can download Hosts-perm.bat from the below link:
    HOSTS-PERM.BAT DOWNLOAD LINK  (This link will open a new web page from where you can download Hosts-perm.bat)
    Double-click the hosts-perm.bat file and when it is done you will see a message stating “The Permissions on the HOSTS file have been reset.”.Press any key on your keyboard to exit the batch file.
  2. Download Microsoft Fix it 50267 from the below link.
    MICROSOFT FIX IT 50267 DOWNLOAD LINK  (This link will automatically download Microsoft Fix it 50267 on your computer)
  3. Double click on MicrosoftFixit50267, then follow the prompts to reset your Windows Hosts file.
    [Image: Repair HOSTS file]

STEP 2: Remove “You shall not pass” malicious files with Malwarebytes Anti-Malware FREE

Malwarebytes Anti-Malware is a powerfull on-demand scanner which will remove “You shall not pass” malicious files from your computer.

  1. You can download Malwarebytes Anti-Malware Free from the below link, then double click on it to install this program.
    MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK (This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)
  2. When the installation begins, keep following the prompts in order to continue with the setup process. DO NOT make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked,then click on the Finish button.
    [Image: Malwarebytes Anti-Malware final installation screen]
  3. On the Scanner tab,select Perform quick scan and then click on the Scan button to start scanning your computer.
    [Image: Malwarebytes Anti-Malware Quick Scan]
  4. Malwarebytes’ Anti-Malware will now start scanning your computer for “You shall not pass” malicious files as shown below.
    [Image: Malwarebytes Anti-Malware scanning for
  5. When the Malwarebytes scan will be completed,click on Show Result.
    [Image: Malwarebytes Anti-Malware scan results]
  6. You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image.Make sure that everything is Checked (ticked) and click on the Remove Selected button.
    [Image:Malwarebytes removing virus]
  7. After your computer restarts, open Malwarebytes Anti-Malware and perform a full system scan to verify that there are no remaining threats.

STEP 3: Remove “You shall not pass” rootkit with HitmanPro

In some cases,”You shall not pass” will also install a rootkit on victims computer.To remove this rootkit we will use HitmanPro.

  1. Download HitmanPro from the below link,then double click on it to start this program.
    HITMANPRO DOWNLOAD LINK (This link will open a new web page from where you can download HitmanPro) IF you are experiencing problems while trying to start HitmanPro, you can use the Force Breach mode.To start HitmanPro in Force Breach mode, hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video)
  2. HitmanPro will start and you’ll need to follow the prompts (by clicking on the Next button) to start a system scan with this program.
    HitmanPro scanner
    HitmanPro installation
  3. HitmanPro will start scanning your computer for “You shall not pass” malicious files as seen in the image below.
    HitmanPro scan after
  4. Once the scan is complete,you’ll see a screen which will display all the infected files that this utility has detected, and you’ll need to click on Next to remove this malicious files.
    HitmanPro scan results
  5. Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer.
    HitmanPro 30 days activation button

STEP 4: Double check for any left over infections with Emsisoft Emergency Kit

  1. You can download Emsisoft Emergency Kit from the below link,then extract it to a folder in a convenient location.
    EMSISOFT EMERGENCY KIT DOWNLOAD LINK (This link will open a new web page from where you can download Emsisoft Emergency Kit)
  2. Open the Emsisoft Emergency Kit folder and double click EmergencyKitScanner.bat, then allow this program to update itself.
    EmergencyKitScanner.bat file
  3. After the Emsisoft Emergency Kit has update has completed,click on the Menu tab,then select Scan PC.
    Emsisoft Emergency Kit scan tab
  4. Select Quick scan and click on the SCAN button to search for “You shall not pass” malicious files.
    Emsisoft Emergency Kit smart scan
  5. When the scan will be completed,you will be presented with a screen reporting which malicious files has Emsisoft detected on your computer, and you’ll need to click on Quarantine selected objects to remove them.
    Emsisoft Emergency Kit removing malware

STEP 5: Remove “You shall not pass” from Internet Explorer, Firefox and Chrome with AdwCleaner

  1. You can download AdwCleaner from the below link.
    ADWCLEANER DOWNLOAD LINK (This link will automatically download AdwCleaner on your computer)
  2. Before starting this utility, close all open programs and internet browsers.
  3. Double click on adwcleaner.exe to run the tool.
  4. Click on Delete, then confirm each time with Ok.
    Adwcleaner utility
  5. Your computer will be rebooted automatically. A text file will open after the restart.
  6. NEXT, double click on adwcleaner.exe to run the tool.
  7. Click on Uninstall, then confirm with yes to remove this utility from your computer.

If you are still experiencing problems while trying to remove “You shall not pass” virus from your machine, please start a new thread in our Malware Removal Assistance forum.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

13 thoughts on “Remove “You shall not pass” virus (Removal Guide)”

  3. Hello Stefan,
    If you have scanned your machine with HitmanPro and Malwarebytes, then you should have a clean computer.
    Nevertheless, for your peace of mind, you can run a scan with ESET Online Scanner:
    1.Download ESET Online Scanner utility.

    ESET Online Scanner Download Link : http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).

    3.Check Yes, I accept the Terms of Use, then click the Start button.

    4.Check Scan archives and push the Start button.

    5. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    6. When the scan completes, click on the Finish button.

  10. Thank you for this, I got rid the viruses and the system hijacking survey thing that appeared. But malwarebytes can’t find the virus. Thank you again for this helpful guide.

Comments are closed.

Previous

Remove Ad.Xtendmedia.com ads (Virus Removal Guide)

Next

Remove Department of Justice virus (Removal Guide)