'Notice From Microsoft Corporation' Ransomware

What is 'Notice From Microsoft Corporation' Ransomware?

If you suddenly got a full-screen message “Notice from Microsoft Corporation” and you cannot turn it off, then your PC has become infected with 'Notice From Microsoft Corporation' Ransomware. You must remove this malware because it was designed to lock your computer’s screen and, allegedly, encrypt your files. Its creators want to extract money from you, but you must not comply with their demands because that will only embolden them. There should be a free unlock/decryption tool underway, and we have composed a manual removal guide that you can find below. So you can emerge from this situation without sustaining any damage and with your money still in your pocket.

What does 'Notice From Microsoft Corporation' Ransomware do?

If this program infects your computer, then it will lock your computer’s screen and encrypt many of your files. Let us discuss the lock screen first and then move on to file encryption. Our malware analysts have tested this ransomware, and it appears that its developers have modeled this program after a Microsoft security error. The message states something along the lines of you conducting illicit actions on your PC that includes using a pirated version of Windows, sending spam mail, distributing pirated content via torrents and so on. While this is not true, the developers use scare tactics to convince you to contact their tech support to fix the problem, but all they want is to extract money from you. They even go so far as to claim that you can face jail time of up to 12 years. The Lock screen kills Explorer.exe and prevents you from using your PC normally. It shows the lock screen window constantly, and you cannot turn it off.

It appears that this particular program was configured to encrypt many of the files on your PC with the ZhuangZi encryption algorithm. However, ZhuangZi is a fake encryption method used to scare people into thinking that their files have been permanently damaged. The reality is that this algorithm is non-existent, so 'Notice From Microsoft Corporation' Ransomware will not encrypt your files. Allegedly, this ransomware should append your files with a .Harzhuangzi file extension, but there is no proof that it does that.

The cyber criminals behind this ransomware claim that if you do not pay 0.5 BTC within a week’s time, all their documents, databases and other files will become undecryptable. However, that is a lie, and you should not take their bait. However, it is important to note that if you pay the ransom, receive the unlock password and enter it, the program will not unlock your PC because of a fault in the code. Your PC will remain locked, so we believe that the only way you can unlock your PC is by deleting this ransomware, but before we discuss that, let us take a look at how this program is disseminated.

Where does 'Notice From Microsoft Corporation' Ransomware come from?

Our cyber security experts have found that this malware is disseminated via email spam. The ransomware is included as an attached file named CashBillPending(Autosaved)1.pdf.exe. It features a double extension, so it poses as a PDF file while being an executable. Researchers say that, if you run this file, then it will drop a copy of itself in %WinDir%\Cursors or %WinDir%\Cursors. Furthermore, the executable can be renamed to VshostD.exe, Vshostde.exe, Vshostdo.exe, VshostE.exe, and Vshostpic.exe, Microsoftsecteam.exe, or Cash Bill Pending 1.exe or keep the original Cash Bill Pending (Autosaved)1.sfx.pdf.exe. There might be other name variations, but these were the ones found by our malware analysts. So you have to be careful when opening files sent from unknown email addresses as they can contain malware.

How do I remove 'Notice From Microsoft Corporation' Ransomware?

We hope you found this article useful. As you can see, 'Notice From Microsoft Corporation' Ransomware is a malicious program that can prevent you from using your PC, but you can get rid of it easily. Do not bother purchasing the decryption password because it does not work. We suggest you use SpyHunter or our manual removal guide to get rid of this malicious program. Note that you have to boot your PC in Safe Mode with Networking to download the anti-malware program or use the guide to delete it manually.

Removal Guide

1. Hold down Win+E keys.
2. In the File Explorer’s address box, type the following addresses and hit Enter.
   • %WinDir%\Cursors
   • %Temp%
3. Locate Cash Bill Pending (Autosaved)1.sfx.pdf.exe, VshostD.exe, Vshostde.exe, Vshostdo.exe, Vshostpic.exe, VshostE.exe, Microsoftsecteam.exe or Cash Bill Pending 1.exe
4. Right-click the malicious executable and click Delete.
5. Empty the Recycle Bin.
6. Then, Hold down Win+R keys.
7. Type regedit in the box and press OK.
8. Go to HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\shunimpl.dll
9. Locate value name "command"
10. Right-click it and click Delete.
11. Then navigate to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
12. Find value name “shunimpl.dll”
13. Right-click it and click Delete.

Download Removal Tool100% FREE spyware scan and
tested removal of 'Notice From Microsoft Corporation' Ransomware*