Aliases: Packed.Win32.Krap.iu (Kaspersky) TR/Kazy.79032.1 (Avira) Win32/Reveton.H trojan (ESET) Trojan.Win32.Reveton (Ikarus) TROJ_RANSOM.SMAC (Trend Micro)
Windows Defender Antivirus detects and removes this threat.
It's a trojan that changes your Internet Explorer settings and connects to certain servers. It can also display a fake warning that pretends to be from a legitimate institution. The full-screen window covers all other windows, and prevents you from accessing your desktop. It demands that you pay a fine to regain access to your PC.
Our ransomware FAQ page has more information on this type of threat.
The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.
Microsoft doesn’t recommend you pay the fine. There is no guarantee that paying the ransom will give you access to your files.
If you've already paid, see our ransomware page for help on what to do now.
The following free Microsoft software detects and removes this threat:
Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.
You can also ask for help from other PC users at the Microsoft virus and malware community.
If you’re using Windows XP, see our Windows XP end of support page.
This threat might make lasting changes to your PC's settings that won't be restored when it's cleaned. The following steps can help change these settings back to what you want: