Boot.Bootlock

If your computer is infected with Boot.Bootlock, you may follow the procedure on this page to contain this threat. Remove the Trojan at once before it can further harm the system.

Boot.Bootlock is a method used to identify master boot record (MBR) that was infected with Trojan.Bootlock. This Trojan will compromised a computer by loading itself on MBR and prevents running of Windows operating system. The threat will also encrypt contents of the infected hard drive and restrict user’s access into it.

Computers that are suffering from this infection may not be allowed to start computer normally. Since the MBR is infected, the Trojan will create its own start-up process. Instead of running Windows, the threat will boot the computer in text line mode. It will then, display the following message:

Your PC is blocked.
All the hard drives were encrypted.
Browse www.(removed URL).com to get an access to your system files.
Any attempt to restore the drives using other way will lead to inevitable data loss!!!
Please remember Your ID: (Code)
With its help, your sign-on password will be generated. Enter the password:

As you have notice, the message is an instruction provided by the attacker to decrypt the drive. By following it, user must pay corresponding amount in order to restore the drive.

Boot.Bootlock Screen Message

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Manual Removal of Boot.Bootlock

1. Restart the computer using Windows Recovery Console. This can be run from the installation CD that comes with your computer.
2. Since this threat modifies or replaces the MBR, it may be necessary to restore the MBR using the Windows Recovery Console. To do this it is necessary to restart the computer and run the Windows Recovery Console. For full details on how to do this please read the Microsoft Knowledge Base article, How to install and use the Recovery Console in Windows XP.

a) Insert the Windows Recovery CD/DVD into the drive.
b) Restart the computer from the CD/DVD drive.
c) Press R to start the Recovery Console when the “Welcome to Setup” screen appears.
d) Select the installation that you want to access from the Recovery Console.
e) Enter the administrator password and press Enter.
f) Type the following command and press Enter:
fixmbr

g) Follow the onscreen instructions to restore the MBR.
h) Type exit.
i) Press Enter. The computer will now restart automatically.

Online Virus Scanner:
It is best run a separate scan using free Online Virus Scanner. It can be used without the need to install additional antivirus application.

Alternative Removal Method for Boot.Bootlock

Option 1 : Use Windows System Restore to return Windows to previous state

If Boot.Bootlock enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Boot.Bootlock infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.