Achtung!!! Ein Vorgang illegaler Aktivitaten wurde erkannt ransomware removal instructions:
1. Reboot your computer is "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
2. When Windows loads, the Windows command prompt will show up as show in the image below. At the command prompt, type explorer, and press Enter. Windows Explorer opens. Do not close it.
3. Then open the Registry editor using the same Windows command prompt. Type regedit and press Enter. The Registry Editor opens.
4. Locate the following registry entry:
In the righthand pane select the registry key named Shell. Right click on this registry key and choose Modify.
Default value should be Explorer.exe.
Modified value data points to Trojan Ransomware executable file (calc.exe in our case)
Please copy the location of the executable file it points to into Notepad or otherwise note it and then change value data to Explorer.exe. Click OK to save your changes and exit the Registry editor.
5. Remove the malicous file. Use the file location you saved into Notepad or otherwise noted in step in previous step. In our case, "Achtung!!! Ein Vorgang illegaler Aktivitaten wurde erkannt" was run from the Desktop. There was a file called calc.exe.
Full path: C:\Documents and Settings\Michael\Desktop\calc.exe
Go back into "Normal Mode". To restart your computer, at the command prompt, type shutdown /r /t 0 and press Enter.
6. Download recommend anti-malware software (direct download) and scan your computer for malicious software.
If this removal guide didn't help you, please follow the general Trojan.Ransomware removal guide.
Associated Achtung!!! Ein Vorgang illegaler Aktivitaten wurde erkannt files and registry values:
- [SET OF RANDOM CHARACTERS].exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[SET OF RANDOM CHARACTERS].exe"