Notice From Microsoft Corporation Screenlocker
Written by Tomas Meskauskas on (updated)
What is "Notice From Microsoft Corporation"?
First discovered by malware researcher, Jiri Kropac, "Notice From Microsoft Corporation" is a malware virus distributed via the "CashBillPending(Autosaved)1.pdf.exe" file.
Once infiltrated, "Notice From Microsoft Corporation" locks the screen and displays a fake error message. Furthermore, it encrypts files and appends the ".Harzhuangzi" extension to the name of each compromised file (for example, "sample.jpg" is renamed to "sample.jpg.Harzhuangzi").
The displayed screen lock contains a Microsoft logo and, therefore, many users believe that it is a genuine error message. The message states that the user has violated certain copyright laws - as a result, access to the computer has been blocked and files have been encrypted.
To unlock the screen and restore encrypted files, victim must contact certified technicians via an email address ("mssecteam@sigaint.org") provided. Victims then supposedly receive help in resolving the issue.
As mentioned above, however, the "Notice From Microsoft Corporation" error is fake - criminals generate revenue by tricking victims into paying for technical support that is not required and/or unlocking passwords. Furthermore, the password processing functionality of this error message contains bugs and, thus, entering the password purchased from cyber criminals will not remove the screen lock.
Fortunately, Michael Gillespie has developed a tool capable of restoring files encrypted by this malware (download link). Therefore, you can decrypt files after removing the screen lock.
In most cases, data encrypted by viruses cannot be restored without a unique key (which developers store on a remote server). Therefore, you can only restore files/system from a backup.
"Notice From Microsoft Corporation" shares many similarities with Your Windows Has Been Banned, Jhon Woddy, Windows Activation, and dozens of other fake errors. Note that all claim that the system is infected, missing files, or damaged in other similar ways.
For these reasons, victims are encouraged to contact technical support. As with "Notice From Microsoft Corporation", however, all fake error messages are designed only to generate revenue for the developers. None should be trusted.
Research shows that malware such as "Notice From Microsoft Corporation" is often distributed using spam emails (malicious attachments), third party software download sources (freeware download websites, free file hosting websites, torrents, etc.), fake software updaters, and trojans.
Therefore, never open files received from suspicious emails or download any software from unofficial sources. Furthermore, keep your installed apps up-to-date and use a legitimate anti-virus/anti-spyware suite. The key to computer safety is caution.
"Notice From Microsoft Corporation" error message:
Have A Key?
Files Locked: Complete/Yes
System Status: Locked
Contact Us: mssecteam@sigaint.org
Notice from Microsoft Corporation
All activities of this computer have been recorded. All your files are encrypted as our government order. We used ZhuangiZi encryption method to encrypt your files. Your computer has been blocked due to violation of Copyright and Related rights law illegal using and distributing copyrighted contents. Your documents, databases and all files have encrypted with strongest encryption and unique kay, generated for this computer. You decryption key is stored on a Internet server. No third party software can decrypt your files until you pay and obtain the private key. If you don’t send money to our Microsoft address within this week, you all files will be permanently crypted and no one will be able to recover them (Article 1, Section 8; Article 202; Article 210 of the criminal code of U.S.A provides for a deprivation of liberty for 4-12 years). This computer lock is aimed to stop below illegal activity. SCOPE OF LICENSE. The software is licensed, not sold. This agreement only gives you some rights to use the features included in the software edition you licensed. Microsoft reserves all other rights. Unless applicable law give you more right despite the limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not: 1. Work around any technical limitations in the software. 2. Reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation. 3. Use components of the software to run applications not running on the software. 4. Make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation. 5. Publish the software for others to copy. 6. Rent, lease or lend the software 7. Use the software for commercial software hosting services.
Screenshot of files encrypted by "Notice From Microsoft Corporation" (".Harzhuangzi" extension):
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is "Notice From Microsoft Corporation"?
- STEP 1. "Notice From Microsoft Corporation" virus removal using safe mode with networking.
- STEP 2. "Notice From Microsoft Corporation" virus removal using System Restore.
"Notice From Microsoft Corporation" virus removal:
Step 1
Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Windows 8 users: Go to the Windows 8 Start Screen, type Advanced, in the search results select Settings. Click on Advanced Startup options, in the opened "General PC Settings" window select Advanced Startup. Click on the "Restart now" button.
Your computer will now restart into "Advanced Startup options menu". Click on the "Troubleshoot" button, then click on "Advanced options" button. In the advanced option screen click on "Startup settings". Click on the "Restart" button. Your PC will restart into the Startup Settings screen. Press "5" to boot in Safe Mode with Networking Prompt.
Video showing how to start Windows 8 in "Safe Mode with Networking":
Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options".
In the advanced options menu select "Startup Settings" and click on the "Restart" button. In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.
Video showing how to start Windows 10 in "Safe Mode with Networking":
Step 2
Log in to the account infected with the "Notice From Microsoft Corporation" virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.
If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.
Video showing how to remove viruses using "Safe Mode with Command Prompt" and "System Restore":
1. During your computer starting process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.
2. When Command Prompt Mode loads, enter the following line: cd restore and press ENTER.
3. Next, type this line: rstrui.exe and press ENTER.
4. In the opened window, click "Next".
5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the "Notice From Microsoft Corporation" virus infiltrating your PC).
6. In the opened window, click "Yes".
7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remnants of the "Notice From Microsoft Corporation" virus.
If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some viruses disable Safe Mode making it's removal complicated. For this step, you require access to another computer.
After removing "Notice From Microsoft Corporation" virus from your PC, restart your computer and scan it with legitimate anti-spyware software to remove any possible remnants of this security infection.
Other tools known to remove this scam:
▼ Show Discussion