Severity scale:  

Decrypt Protect virus. How to remove? (Uninstall guide)

removal by Gabriel E. Hall - -   Also known as Ukash virus, Police virus | Type: Ransomware

Decrypt Protect virus is nothing else but the malware, which belongs to the category called ‘ransomware’. As soon as it manages to overcome computer’s security barriers and infects it, it blocks computer down by encrypting various hard drive’s files. This threat may modify these files as well by changing their extensions. In addition, malware starts showing a message claiming that computer’s block is a natural consequence of user’s illegal activities, such as the distribution of malware, the use of pornographic material and even the launch DDoS attacks. This ransomware is invented for money, so it also asks to pay the fine for the decryption of the files. So, thanks to Decrypt Protect virus, you won’t be capable to get on the Internet and launch any program, which is installed on your computer. Instead of that, you will see only this illegal warning presenting itself as the notification from the ‘MBL Advisory’. Please, ignore it and remove Decrypt Protect virus from the PC.

HOW CAN I GET INFECTED WITH Decrypt Protect virus?

Decrypt Protect virus is distributed via Trojan horse, which can get inside the system via security vulnerabilities found. Just like all trojans, it hides inside officially looking emails, annoying pop-up ads and similar places, so beware. As soon as this threat enters the system, it blocks all of the files on computer’s hard drive and starts accusing its victim that he has a deal with a serious governmental authority. For that, it shows its forged alert reporting about various invented law violations and asking to pay the fine cia MoneyPak, Ukash or Paysafecard prepayment systems. Please, do NOT fall for this trickery because you will lose your money and all important data, which is stored on your computer. If you have Decrypt Protect virus on board, please follow a detailed guide below and fix your computer.

HOW TO REMOVE Decrypt Protect virus?

When trying to remove Decrypt Protect virus virus, the most important thing is to unblock the PC. Sometimes setting the date to the previous one helps. In addition, you can also use one of these methods:

* Flash drive method:

1. Take another machine and use it to download Reimage or other reputable anti-malware program.
2. Update the program and put into the USB drive or simple CD.
3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.
4. Reboot computer infected with Decrypt Protect virus once more and run a full system scan.

* Users infected with Decrypt Protect virus are allowed to access other accounts on their Windows systems. If one of such accounts has administrator rights, you should be capable to launch anti-malware program.

* Try to deny the Flash to make your ransomware stop function as intended. In order to disable the Flash, go to Macromedia support and select 'Deny': After doing that, run a full system scan with anti-malware program.

* Manual Decrypt Protect virus removal:

  1. Reboot you infected PC to 'Safe mode with command prompt' to disable your virus (this should be working with all versions of this threat)
  2. Run Regedit
  3. Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  4. Search the registry for these files you have written down and delete the registry keys referencing the files.
  5. Reboot and run a full system scan with updated Reimage to remove remaining virus files.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.
Decrypt Protect virus snapshot
Decrypt Protect virus snapshot

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions

Removal guides in other languages

  1. name says:
    May 15th, 2013 at 1:07 pm

    this doesnt work, this virus encrypts all of your documents

  2. fixdecrypt says:
    May 17th, 2013 at 1:52 pm

    Hello fourm! ,

    I am a Microsoft certified Technician that works in the computer programming and IT Dept. of my company. We receive over 5,000 calls a day and as you guys can see this virus is surfacing quite fast. With it sprouting out of now where our calls have risen from 5k to almost 9k. Sadly, this isnt a problem I can fix for my clients at the moment as I do not have the key to decrypt the file.

    I was up until 5AM last night reading all over the net about this infection. As I have found a fix to every virus that was throw at our company (FBI, File to temp, defender, ps security etc.) not only did my company look to me for help, I was bound to find this fix. The more information I gathered the more clear the answer became. I pulled 50 pictures, documents, pdfs, and any file with a .html extension off a clients computer and began working.

    Throughout the night I found access to his FTP site (Useless as its a throwaway), found that each computer gets assigned a UID (Unique ID) that the website pulls to remember your timer, and also match what yourpublic encryption key is.His encryption is homebrewed so anything on the market now is useless, and a brute force attempt could take a lifetime. I then started using a encryption comparer to compare the encrypted file with a original. No avail.

    So as it comes down to this I need everyones here help. If you had or have this infection, post here or PM me. I need information from you to make a fix for this. If you still have the virus on a computer of yours, post here or PM me. I will not only help you remove it if you need it, but I need the Trojan EXE and other files on your computer. BUT, most importantly if you think you know where you got this virus, I absolutely need to know. If its an embarrassing site, please just PM. At my work I have hundreds of test computers I can infect and begin making a cure.

    Half my process that I would like to have happen is, a user presenting me a link to the virus, downloading it on multiple test computers and as soon as it takes shutdown the computer and boot it into a live disk. With this I will search for the 2 .txt key files needed to decrypt this beast. It will also tell me if the key is contained in a file, or in the memory. If its in the memory I can use a sniffer to try and receive it.

    Also I need to get infected as my company has given me the green light to pay this guy and see if he really decrypts it. If he does I will also monitor the process and upload a fix for you guys, as well as my company. Eventually a customer will call in with the virus at my side of the company, but they are always to embarrassed to tell us where they got it. So please, if you know a location to get this infection, please PM me the link. or f u still have the downloaded file. Also if you have the virus, and the Trojan is on your computer, I could use that too. Thanks

    Back to sitting here waiting for a customer to call in my Dept. with it, Speed up my process guys!

    If your reading this on a site where a Private message is not possible please contact me at thanks!

  3. benny1414 says:
    May 23rd, 2013 at 10:53 pm

    An anti malware expert named Fabian Wosar has released a tool to decrypt the .html files encrypted by the decrypt protect/mbl advisory virus. Read through the thread at:

    I had over 2TB of data affected and this tool recovered every byte!

  4. cyj says:
    September 29th, 2014 at 11:42 pm

    The Decrypt Protect virus is very dangerous.The Avira free antivirus could not from my computer from infections.

  5. db says:
    November 18th, 2014 at 4:21 pm

    help I have the virus

Your opinion regarding Decrypt Protect virus