Remove “Seu windows foi sequestrado” Screenlocker Virus

Seu windows foi sequestrado” is a screen locker virus which limits the access to your computer. It asks to contact a fake support technician in order to unlock your PC and provides an email address. Unlike other tech support scams this one does not provide any phone number.

The virus says that your computer has been hijacked and therefore banned due to unusual activity. However, in reality your computer is safe and the access is only hindered by the locker itself. Never contact the fake support as they will try to extort money before unlocking your computer. Instead, remove this threat yourself and then secure your machine.

Removing this threat is relatively easy as it is not as destructive as most other malware types. We have an automatic removal and protection tool available below. We have also prepared a manual removal guide. However, the manual option only removes the threat and the symptoms but does not secure your computer from further infections. Therefore, we strongly recommend choosing the automatic option as it will also protect your machine in the future.


Recommended Method: Download “Seu windows foi sequestrado” Virus Removal Tool

Version:   All Updated:   2 days ago Compatible OS:   All
This is the most suitable program for automatically removing the threat and repairing your PC.
Works with: Windows 10, Windows 8, Windows 7, Windows Vista, Windows XP. Read instructions here
File name Size
mb3-setup.exe 56.5 MB

Click here to download alternative tool

What is “Seu windows foi sequestrado” virus?

It is a simple screenlocker which tries to trick users into paying money for help from a fake support. More specifically, it requires you to buy an unlock code in order to restore access to your machine. Usually such lockers are quite easy to remove and are not very sophisticated. “Seu windows foi sequestrado” is made to look like a genuine Windows error, however, the mistakes in text and design reveal that it is created by a third party.

The only contact given by this virus is an email address. Usually the following address is provided:

nardimayer@mail2tor.com

Here is an example of the full text displayed by this locker:

Seu windows foi sequestrado

Este PC foi proibido por termos de violações de uso, para proteger o serviço do Windows 
ne que a Microsoft não fornece detalhes sobre proibições específicas do PC

Seu PC foi banido porque detectamos uma atividade incomum no seu computador.
Para proteger o serviço do Windows e seu membro, o PC talvez tenha sido infectado
com vírus que fazem uma atividade incomum, como botnet, ddos, etc, para conceder
acesso de volta ao seu computador, por favor pague alguma taxa para o Microsoft Technician
confiável eo Microsoft Technicial dará o seu Um código para desbloquear para obter um código,
clique no botão abaixo para entrar em contato com o Técnico Microsoft mais próximo.
Técnico Microsoft mais próximo encontrado!
Contato: nardimayer@mail2tor.com
Entre em contato para negociar a liberação de seus arquivos
que estão agora criptografados, sem o código perderá todos.
Mande uma mensagem para o email: nardimayer@mail2tor.com

Since the virus is quite easy to remove, the unlock code has already been found. When entered, it redirects to another window displaying the instructions on how to remove the virus. However, we recommend following our guide instead of this one if you do not want to leave any traces of the virus remaining.

E você foi enganado pelo meu vírus ele não é microsoft

Obrigado por comprar o código de desbloqueio
Para remover meu vírus, siga as instruções!

1- Digite "3458966021784633" na parte inferior da tela para desbloquear o seu computador
2- Reinicie o computador em modo de segurança com prompt de comando
3- Digite explorer
4- Agora vá até o Disco Local C, e abra a pasta Arquivos de programas
5- Apague a pasta Bitcoin_BOT_2.2
6- Clique em iniciar, todos os programas, procure a pasta inicializar, clique lado direito e escolha abrir
todos os usuários, apague o arquivo RansomwareAvançado.exe
7- Reinicie o computador
8- Para garantir, abra o seu antivirus favorito.
9- Para ativar o Gerenciador de tarefas do windows, clique em iniciar, digite regedit e tecle enter
10- Navegue até HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
11- Apague do lado direito onde tem "DisableTaskMgr"

Se você chegar a esta tela sem pagar parabéns!

Users usually get infected by this virus by downloading various other programs that have this locker bundled in their installation files. The virus mostly spreads with pay-per-install files but it can infect your computer through other means as well. Therefore, you should avoid visiting infected websites, clicking on adware links and downloading suspicious software.

You should remove this virus completely if you want to restore the access to your computer. By leaving any traces of this locker you risk of being spied on and revealing your personal data. It also slows down your system and hinders the working experience.

Here are some screenshots of the trojan in action:

 


 Manual Removal Instructions:

NB: The removal of this particular virus is not as complicated as in most other screen locker cases. However, by removing it manually you remove the symptoms only and this or any other threat might reappear in the future. We recommend using the tool provided at the top of this page in order to not only remove the virus but also secure your computer from any possible breaches in the future.

Step 1:

Start by entering the following unlock code into the code field:

3458966021784633

Click Enviar.

This should redirect you to another window with removal instructions.

Alternatively, you can try closing the lock screen by simply pressing ALT + F4 keys simultaneously.

Step 2:

Clean up Windows temporary files.

Removing all temporary files is completely safe for your computer.

Hold Windows () key and click R key.

Enter the following in the field:

%Temp%

Click OK.

Simply select all files and folders displayed in the temporary files directory and delete them permanently by simultaneously pressing CTRL + A and then SHIFT + DELETE while the files are selected.

Step 3:

Use Windows search by clicking the start () and entering the following folder name in the search field:

Bitcoin_BOT_2.2

Delete this file permanently by pressing SHIFT + DELETE simultaneously.

Repeat this step with the following file:

RansomwareAvançado.exe

The second .exe file can hide in several places. In order to find them navigate to:

C:\Users\

Then open each user folder and navigate to this path consisting of several folders:

AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

The RansomwareAvançado.exe should be located there.

Repeat the deletion steps until no more virus files are left.

Step 4:

Delete registry value created by this virus.

Press and hold Windows () key and click R key.

Enter the following in the field:

regedit.exe

Click OK.

Use the folder tree on the left to navigate to the following location:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

Delete the following registry entry by right-clicking on it and choosing Delete.

DisableTaskMgr

Step 5:

This is an additional step to make sure you remove all impact to your system settings made by this virus.

You need to have a relatively recent restore point in order to restore your settings successfully. If you restore a very old restore point some unwanted settings might come back. Also, make sure the restore point has been created before the infection happened.

Restore the old system settings using System Restore.

Press and hold Windows () key and click R key.

Enter the following in the field:

rstrui.exe

Click OK.

Click Next.

Check Show more restore points.

If you see any restore points, restore the system. Make sure you select a point that has been created before the infection happened but is not too old.

It will restore your system settings only and will not affect your files.

If you do not see any restore points the virus might have removed it or they might have never been created.

After removing the virus

When you have finished removing the virus make sure to protect your computer by installing a good antivirus suite that would identify the threats online and in programs you have downloaded. Also avoid downloading unofficial torrents, illegal cracks or other files from P2P networks.


Share your experience with us by leaving a comment!

Leave a comment to tell us about your experience removing this threat!
We can also help you if you run into any problems during the process, just don't hesitate to ask!

Leave a Reply

Your email address will not be published. Required fields are marked *