OphionLocker uses the same old trick used by the typical version of ransomware - KEYHolder virus. It tricks PC/Android phone users into submitting the so called “ransom” due to inappropriate behaviors including:
1. storing and possessing copyrighted content;
2. visiting pornographic websites;
3. spreading terrorism in any existing method.
Usually speaking, OphionLocker employs formal tone in language and make badges, flag images of politics as background to make the bogus message convincible. It also makes count down, it can be 24 hrs, 48 hrs and 72 hrs on different computers/Android phones, to compel victims to handover the “ransom” that can be up to $300; otherwise, as it claims, the deprivation of political rights will be imposed. So far, experts from Qisupport Online Support have detected browser version of OphionLocker. It is mainly spotted on Android phones. It is still uncertain yet if the lock down virus would target Mac users. With versions combined, the lock down virus target people all around the world.
Ukash, Greendot, MoneyPak, Paypal and the similar electronic money system has taken every possible measure to make them reliable and safe-to-use. They are not actually attacked and capitalized by OphionLocker. The virus maker simply opens up account just like everyone else but with some tricks.
Why OphionLocker maker uses such electronic money system? It is easy to understand. First PC/Android phone victims will be convinced that the message is real; second, no fake money will be received against loss. What’s more important, as more and more PC/Android users in this global village prefer the convenience brought by such system, they put quite a number of money there. Should any victim finish a series of movement from entering password to submitting “ransom”, OphionLocker will get to know the password and take the money away without any warning as the lock down virus is geared by Trojan featuring keystroke logging.
Finally, you are dealing with gravy but shrewd virus maker. One submission is sufficient to make him/her smell the fat chance to get another “ransom” easily from you. This is why PC/Androidp phone users who handed over the money would suffer the same virus before long. In most cases, money makes the mare go. But when being blocked down by OphionLocker, money only calls for evil.
Tip: if it takes not long for you to realize that the message is bogus after handing over the money, it is highly recommended to: call the corresponding bank and ask them to minimize the loss;
1. get quick solution to unblock the computer or Android phone (live chat with experts with the button below) and change all the password yourself;
2. report the case to the security authorities to help police arrest the hacker;
3. file a complaint with the IC3
1. Key combinations and other build-in functions like Safe Mode or System Restore dysfunction, indicating that the compactness has been destroyed; bugs and loopholes can be brought up.
2. By numerating drivers, OphionLocker manages to insert toxin .dll files system.exe, winlogon.exe or explorer.exe running processes to steal the stored information.
3. Supported by Trojan featuring the capability of opening up backdoor, the ransomware allows unauthorized access to the affected computer/Android phone.
4. All the search results victims see are actually counterfeit; they are cloned; when victim enter password for certain account, OphionLocker manages to learn.
5. As critical parts of a system are drastically destroyed, there will be residual damages that maintain even after a complete removal of the ransomware taken on computer/Android phone; residual damages can be browser redirecting, Trojan affection, relentless popup ads and the like.
6. When more unwanted programs getting in through the ransomware, more build-in functions will keep loosing efficacy.
OphionLocker seriously requires no removal by professionals and asserts that submitting the “ransom” is the only way out. Any violence will lead to more penalties. To further stop victims to unblock computers / Android phone and get the gravy, OphionLocker destroys security system the minute it lands on a target machine/phone.
As a Trojan-supportive infection, the lock down virus is capable of numerating drivers concerning installed security programs, startup section and critical part of a system like host service before overwriting or modifying them with its malicious .dll file containing vicious code. As a result, the concerning parts will fall at the mercy of OphionLocker:
1. Virus scanning shuts down.
2. Access to online experts http://www.qisupport.com is blocked.
3. Pages browser(s) display(s) are the counterfeit version
When security center and the build-in functions are down, the most efficient way to unblock computer/Android phone from the lock down virus is manual method. Below offers the thread to break OphionLocker for computer users. Android phone victims should get quick solution from experts here before the phone becomes a piece of brick; since the Android technique is a new lesson that people are going to learn, it is wiser to get specialized help from technicians here.
Be noted that there’s no detailed and universal method since the name of the malicious items can be different on various computers and the degree of damage is varied from the length of time being under attack. All you need to do is to follow the steps and tips that will guide you to dig out the guilty ones according to your concrete situation. Should you run into unexpected situations and don’t know what to do, it is wise to get quick and professional assistance from Qisupoort Online Support.
Create a new user account with administrator right under “Safe Mode with Command Prompt”.
(Note: if you have several user accounts with admin rights and they are not affected by OphionLocker, just log in.)
1. Keep pressing on the power button till the Windows start again.
2. Keep pressing on “F8” key immediately to bring up “Windows Advanced Options Menu” in seconds.
3. Use either down-headed or up-headed arrow keys to highlight “Safe Mode with Command Prompt” and select it with Enter key.
4. When seeing flashing lines in a black window, please enter ‘explore’ (without quotation mark).
5. Hit enter key will you see a new desktop, it is time to create a new user account with administrator right.
a. Access Control Panel to select “User Account”/ ‘Add or Remove User Accounts’.
b. Choose ‘Create/Manage a new account’, make sure that you make the new account administrator.
c. Press on ‘Create Account’ button or OK button to confirm the establishment of a new account.
6. Restart the computer and enter into the new user account.
1. Keep pressing on the power button till the Windows restarts.
2. One should then quickly hold Shift key and keep tapping F8 key to bring up “Choose an Option” window.
3. Highlight “Troubleshoot” with arrow keys and select with Enter key.
4. Please then enter into ‘Advanced Options’ for ‘Windows Startup Settings’.
5. Use F6 to access “Safe Mode with Command Prompt”.
6. Enter ‘explore’ where a line is flashing and hit Enter key to get a new desktop; time to create a new user account with administrator right.
a. expand “Unpin” menu (left corner at the bottom) to access Control Panel.
b. choose ‘Users’ on the left pane to select ‘Add a user’ on the right.
c. follow the on-screen instruction to finish creating a user account with administrator right.
7. Restart the computer and enter into the new user account.
Use Group Policy to disable all Autorun features.
Autorun file is the very item that ensures OphionLocker pop up before any system service come into operation. Thus we should disable all Autorun features to make the removal work smooth.
1. Bring up Run dialogue with Win+R key combination.
2. Type “Gpedit.msc” and hit Enter key will show Group Policy window.
3. Expand “Administrative Templates” node under “Computer Configuration” section to select “System”.
4. Right click on “Turn off Autoplay” to get Property window.
5. Press on “Enabled”.
6. Disable Autorun on all drives in the property window.
7. Don’t forget to press on OK button at the end.
Tip: if own system beyond Windows XP/2000, please access Registry Editor to disable AutoRun/AutoPlay.
1. Bring up Registry Editor with “regedit” command through Run dialogue.
2. Navigate to “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”.
3. Locate its setting labeled “NoDriveTypeAutoRun”.
4. If there’s none, create a new 32-bit/64-bit DWORD (according to your computer configuration) with the name and assign it the hexadecimal value 000000FF (Decimal 255).
Unveil hidden files to remove Temp files and the related ones in Roaming folders.
1. Access “user accounts and family safety” in Control Panel to click open “Folder Options”.
2. Navigate to View tab to
a. tick “Show hidden files and folders”;
b. non-tick “Hide protected operating system files (Recommended)”.
3. Hit ‘OK’ button to show hidden items.
1. Access Windows Explorer from Start screen.
2. Navigate to View tab to check ‘File name extensions’ and ‘Hidden items’ or do as the below image shows.
3. Press OK button will show hidden files and folders.
When done, please access the following directories and remove all the items; then search for “Roaming” folder and remove the file generated on or after OphionLocker blocked down your computer (take creation date as reference).
C:\Documents and Settings\[user name]\Local Settings\Temp
C:\Documents and Settings\[user name]\Local Settings\Temporary Internet File
Use Disk Cleanup to remove unnecessary files on your computer to get better performance and ensure through removal.
1. Press the W key and R key together to activate Run box.
2. Enter “cleanmgr” and hit Enter key will bring up Disk Cleanup window.
3. Select the affected drive (C for example) and press down OK button, the functionality will scan the disk and present you the files you may want to remove.
4. Check the ones you prefer before hitting “Delete Files” button.
Incompact sites will have the vicious codes from OphionLocker either willingly or unwillingly. By incompact sites refers to the sites presenting prohibited contents like child porn, popping up relentless ads http://blog.qisupport.com/category/adware/ and the analogous. By spreading the vicious code, such sites could get commissions once the lock down virus gets “ransom”.
Some newly published websites/programs can be incompact in most cases and thus bugs exist. Sniffers would help OphionLocker to find the bug for easy penetration and cut down the cost to spread. It is crystal clear that not being locked down by ransomware can be impossible when you surf the Internet casually. But we can prevent such aggressive infiltration and minimize the chance by:
You are unlikely to encounter OphionLocker if you have technical changes involved. But it is not advisable to do so if you are not technically sound, which could backfire. Want technical changes for a solid prevention? Reach Qisupport Online Support for specialized help.
As what has been put clearly in the preceding paragraphs that OphionLocker could lead to more infections. It is necessary to check if there’s unknown programs installed without your consent or if every program works great on computer/Android phone. Any program that presents weird performance can imply that the default configuration may be modified arbitrarily to give rise to bugs/vulnerabilities. Such vulnerability can impose potential dangers overtime since it is what virus makers looking for infiltration.
The removal of OphionLocker should be taken carefully. Incomplete removal or mistake during the process can pull the alarm and the ransomware could become more horrible to deliver BSOD and even make your computer a trash. Your precious files can be gone forever.
Registry is a database that stores configuration settings and options. It is highly recommended to back up the registry before and after the removal of OphionLocker. Backing up registry before the removal is take precautions against mistakes that make things worse. Backing up registry after the removal is for future use. Just in case you get attacked by virus, restoring to the point when everything’s clean will solve the problem. It is energy and time saving. Since most people are not knowledgeable about backing up registry on Windows 8, here’s the video to show how. As for Android phone users, please get help from experts here