Computer locked by SGAE Virus (Ransomware Removal Help)

SGAE virus is a risky ransomware that locks your computer from anything but its warning page to prompt you pay the “penalty fine” timely to unlock the computer because you are suspected to have violated the local laws. Be aware of such a nasty pest and never let it do the trick on you.

The screenshot of SGAE virus

Once infected, you computer screen will show the fake message from this ransoware, claiming that your computer is locked by the local office and you are required to pay a fine to get your computer unlocked timely. And there gives a reason that you are guarded by the local government because you’ve taken part in malicious tasks online or visited illegal websites. To be convincible, this virus displays your IP address and other information on the warning screen, so that you may skip further investigation to pay the fake fine. However, even if you pay that and get your computer unlocked, you will still get nothing but a messed up system with terribly risky potentials and even worse you get your sensitive data, financial data leak. The above image of this ransomware is its Spanish version displaying the message in Spanish. Actually, this virus now mainly encounters in Spain. However, if such thing occurs on your computer someday, never take it serious and just ignore whatever it says and move to the below guide to get rid of it instantly.


Step 1

Boot the infected computer to safe mode with command prompt.

In Windows XP, hold the F8 key till the below window appears and then use the arrow key to highlight the Safe Mode with command prompt. Press Enter.
Step 2

Once the Command Prompt appears you have few seconds to type in explorer and hit Enter.

If you fail to do it within 2-3 seconds, the SGAE ransomware will take over and will not let you type anymore.
Step 3

If you managed to bring up Windows Explorer you can now browse into:

* Win XP: C:windowssystem32restorerstrui.exe and press Enter

* Win Vista/Seven: C:windowssystem32rstrui.exe and press Enter

Step 4

Follow the steps to restore your computer into an earlier day.
Step 5

Restart the computer to normal mode.
Step 6

Open the Windows Registry Editor to find out the below registry entries of this ransomware and then remove them all. So do its associated files.
  • HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar10
  • HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbarLocked
  • HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{8AD9C840-044E-11D1-B3E9-00805F499D93}
  • %systemroot%System32
  • %systemroot%System32 (64bit)
  • %systemroot%System32drivers
Step 7

Download the malware scanner Anvi Smart Defender (direct download) to full scan your system and remove the renaments of SGAE virus.
You may also refer to the removal guide for FBI Moneypak infection which is very similar. Wish you good luck.
Social Share Toolbar
Leave a comment


Leave a Reply

Your email address will not be published. Required fields are marked *

Are you human? Click the Apple...