Decrypt Protect (MoneyPak Malware)

Threat Summary

Threat Name:Decrypt Protect
Type:RansomLock
Brief Description:This type of malware locks the computer or desktop making it unusable.

Description

Decrypt Protect virus is tagged as ransomware, which hostage the victims system and displayed MBL Block Off screen. It stated there that you have lost control over your computer, all files has been locked and encrypted. Decrypt Protect gives you only 48 hours to enter the payment which needs to be done via Green Dot MoneyPak.

The main purpose of this program is to collect money after encrypting files on the computer. To perform this, attackers are using encryption tool to lock all files and demand for a payment to decrypt it. You will be alarmed at first; because you cannot able to access your PC, it is totally blocked. In addition, all your files are locked or encrypted, so there is no way to open any of them until such time that you pay for decryption tool.

Decrypt Protect virus made it more look like genuine by using legitimate images from MBL Advisory. Once your computer has the infection, the virus starts to find files and encrypt at once. Trying to open any of the locked files will lauch an Internet browser that points to http://xblblock.com.

Decrypt Protect

Computer viruses nowadays are indeed widespread in the internet. Decrypt Protect said to strike computer users from the U.S. and rapidly spread overnight. There are reports that some people have no option but to pay this ransom malware in order to get back their files. We keep on reminding that you do not have to pay the fine to decrypt your data. What you have to do is to get rid of this program using effective removal guide we provided. Encryption tools will be available from various anti-virus vendors in the coming days.

Procedures to Remove Decrypt Protect

Removal steps on this page will help you get rid of the threat effectively using tools and virus scanners. Please make sure that you will carry out the guide in exact order.

Create a USB Bootable Device

Ransom Trojans and viruses will lock the screen and makes the computer unusable. Common ways to deal with this type of infection is to boot the PC using another device. For this tutorial we will do a bootable disk that contains Decrypt Protect remover.

1. Download Kaspersky Rescue Disk from their official server. Click the button below. The file will be in .ISO format.

2. Download this utility called rescue2usb to record your .ISO file into the USB drive. Obviously you need a USB thumb drive at least 512MB in capacity. Plug it to the computer.

3. Once you have the two programs, double-click on the rescue2usb.exe to start creating a bootable USB drive.
4. You will see on the screen in the program called Kasperksy USB Rescue Disk Maker. Click on Browse and locate the .ISO file.
5. Under USB Medium, select the proper drive of your USB device.
6. Click on START. It will now begin to create a bootable USB drive with Kaspersky Rescue Disk in it.

Start the Computer with Kaspersky Rescue Disk.

1. You must set the computer to use other bootable device aside from hard drive. For this procedure, enable your BIOS to boot to USB device. If you are not familiar with this, please refer to your computer's instruction manual.

2. Another option is to access the Boot Menu right after you turn one the PC. It will present a Menu so that you can select a preferred boot drive. Select Removable Devices.

Boot Menu

3. Your computer will now start and load Kaspersky Rescue Disk.
4. If you see a message on the screen, please Press any key to enter the menu. You only have 10 seconds to do this, otherwise it will boot with the hard drive.

5. Next screen will be the interface language. Please select desired language to use.
6. You must run the program in Graphic Mode. This gives you easy access to all commands and menus.
7. End User License Agreement will appear. Please accept to continue using the program. Press 1 to proceed.

Using WindowsUnlocker to Remove Decrypt Protect

1.Click on the K button at the lower left corner of the screen.

2. Select Terminal on the list. It will open a command prompt.
3. Type windowsunlocker and press Enter on your keyboard.

4. On WindowsUnlocker menu, please type 1 to Unlock Windows. This utility will clean the registry for malicious entries.

5. After the cleanup process, it will display the menu once more.
6. Press 0 on your keyboard to exit WindowsUnlocker.

Run a Virus Scan

1. After removing Decrypt Protect, you need to delete all remaining components.
2. Click on the K to display the menu.

3. Select Kaspersky Rescue Disk. This will open the virus scanning tool.
4. You need to update the program first. Select My Update Center tab and click on Start update. This requires an Internet connection.

5. After updating the program, select Object Scan tab and click on Start Object Scan. You must scan the following:

  • Disk boot sectors
  • Hidden startup objects
  • All drives

6. Scanning the entire hard drive may take some time. Please let the scan to finish.
7. Once the scan process is complete, the tool will prompt you for preferred actions on detected threats. Deleting all threats is recommended.
8. You can now turn off the computer, unplug the USB drive, and start Windows in normal mode.

2 thoughts on “Decrypt Protect (MoneyPak Malware)

  1. janesjason says:

    Above procedure is for locked computers. If virus specifically encrypts the files, you may try Panda Ransomware Decrypt Tool. You may use the procedure above to remove the viruses or Trojans related to Decrypt Protect. However, even if viruses are gone, files may remain encrypted. Test this Panda Ransomware Decrypt Tool first by copying some files on a different folder, or you may also run a test on least important files.

    1. Download the pandaunransom.exe from this link.
    http://www.pandasecurity.com/resources/tools/pandaunransom.exe

    2. Save the file to your drive. I prefer to save it in removal drive if you have.

    3. Locate the file and double-click to run.

    4. It launches a screen, giving you choices for folder or files you need to decrypt.

    5. Browse the location of the encrypted file. As suggested, run the tool first on sample files.

    6. Once selected, click on Start button. The tool will identify file restrictions and decrypt it.

  2. Miggy22 says:

    Emsisoft staff Fabian Wosar wrote a simple decryption tool that will help you restore files encrypted by Decrypt Protect malware. According to Fabian, encryption applied is RC6 and key is static so there is really a possibility that user may decrypt infected files after obtaining the code. Why would you spend hundreds of dollars when you can download this tool without any costs.

    Download the tool here: http://tmp.emsisoft.com/fw/decrypt_mblblock.exe

    Using the Tool on Single Hard Drive

    For users with single hard drive, decryption is straight forward. Just download the file and run. It will automatically find and decrypt files infected by Decrypt Protect virus. Please note that the tool will leave the affected files, so, you need to delete them to save hard disc space.

    Using the Tool on Multiple Hard Drives

    1. Download the file on your root drive C:
    2. Once the download completes, go to Start > type CMD on the search or run dialog box. It should open a command prompt window.
    3. Type cd\ to navigate the root of C:\ Drive.
    4. Type decrypt_mblblock.exe C:\ D:\ E:\

    Please note that D:\ and E:\ are just representation for tutorial purposes. You may type the physical drive as what you have on the computer.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>