You may have heard of Kaspersky Rescue Disk which can be used to boot up a computer and scans the hard drive for viruses without even loading Windows. This is very useful when the computer is badly infected by malware and causing Windows unable to boot or is really too slow to do anything. Recently I discovered another free tool offered by Kaspersky called WindowsUnlocker which is useful in neutralizing complicated malware such as a ransomware that makes your computer unusable until you follow the on-screen instruction to transfer money in order to get the unlock code.
The smarter ransomware starts automatically when Windows is booted up and even in Safe Mode, automatically prevent explorer.exe from starting and also blocking vital hotkeys such as CTRL+SHIFT+ESC to launch Task Manager which can be used to kill the ransomware process or manually run explorer.exe.
When all hope is lost, Kaspersky WindowsUnlocker can be used to fix the registry to stop the ransomware from automatically being loaded when Windows is booted up. It does not touch any of the files on your computer other than the registry. Once Windows can be started up normally, you can use a good antivirus to perform a full scan and remove any found malwares.
Kaspersky WindowsUnlocker comes in an ISO image file where you will either need to burn it to a CD or USB flash drive via Kaspersky USB Rescue Disk Maker and then boot up the infected computer with it. As a test, I’ve infected my test machine with a ransomware and then use Kaspersky WindowsUnlocker to disinfect it.
Below is a typical example of a piece of ransomware that scares you into transferring money using Western Union with a timer countdown.
I shut down the computer and boot it up with Kaspersky WindowsUnlocker. I am required to press any key to enter the menu, followed by selecting a language, and finally select Kaspersky Rescue Disk. Graphic Mode from the menu.
When everything is loaded, I need to press the A key to accept the agreement. Kaspersky Rescue Disk will automatically run but we won’t be using it at the moment. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky WindowsUnlocker.
A white colored console window will appear and will automatically start loading the registry files for scanning and disinfection. The whole process takes merely a couple of seconds and you can restart the computer once completed.
Windows 7 is able to successfully boot without the ransomware asking to transfer money to an unknown person. It seems that Kaspersky WindowsUnlocker is only capable of disinfecting ransomware but not other threats because I tried infecting my test computer with a trojan that auto starts up with Windows but Kaspersky WindowsUnlocker did not remove nor disinfect it.