Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

+1 -800-456-478-23

View Categories

How To Remove Ransomware From Your Infected Computer

5 min read

With  nasty malware like Locky making the rounds—encrypting its victims’ files, and then refusing to unlock them unless you pay up—ransomware is a serious headache. But not all ransomware is so difficult.

You can remove many ransomware viruses without losing your files, but with some variants that isn’t the case. You need to apply some specific tips and tricks for ransomware. The process varies and depends on the type of invader. Some procedures involve a simple virus scan, while others require offline scans and advanced recovery of your files. We categorize ransomware into three varieties: scareware, lock-screen viruses, and the really nasty stuff.

Scareware #

fakeav example
An example of a fake antivirus app. 

The simplest type of ransomware, aka scareware, consists of bogus antivirus or clean-up tools that claim they’ve detected umpteen issues, and demand that you pay in order to fix them. Some specimens of this variety of ransomware may allow you to use your PC but bombard you with alerts and pop-ups, while others might prevent you from running any programs at all. Typically these invaders are the easiest type of ransomware to remove.

Lock-screen viruses #

kovter ransomware
The Kovter ransomware locks down your computer, displaying a fake notice claiming to be from several government authorities. 

Next is the ransomware variety we call lock-screen viruses, which don’t allow you to use your PC in any way. They display a full-size window after Windows starts up—usually with an FBI or Department of Justice logo—saying that you violated the law and that you must pay a fine.

The really nasty stuff #

locky ransomware
A ransomware program called Locky has quickly become one of the most common types of malware seen in spam.

Encrypting malware—such as Locky—is the worst variant, because it encrypts and locks your personal files until you pay up. But even if you haven’t backed up your files, you may have a chance to recover your data.

Removing ransomware #

Before you can free your hostage PC, you have to eliminate the hostage taker.

If you have the simplest kind of ransomware, such as a fake antivirus program or a bogus clean-up tool, you can usually remove it by following the steps in our malware removal guide. This procedure includes entering Windows’ Safe Mode and running an on-demand virus scanner such as Malwarebytes.

If the ransomware prevents you from entering Windows or running programs, as lock-screen viruses typically do, you can try to use System Restore to roll Windows back in time. Doing so doesn’t affect your personal files, but it does return system files and programs to the state they were in at a certain time. The System Restore feature must be enabled beforehand; Windows enables it by default.

windows7 advanced boot options
You can usually bring up the Advanced Boot Options of Windows 7 by pressing F8 during booting.

To start the restoration process using System Restore, follow these steps depending on your OS version:

Windows 7 #

  1. Shut down your PC and locate the F8 key on your PC’s keyboard.
  2. Turn the PC on, and as soon as you see anything on the screen, press the F8 key repeatedly. This action should bring up the Advanced Boot Options menu.
  3. Select Repair Your Computer and press Enter.
  4. You’ll likely have to log on as a user. Select your Windows account name and enter your password. (If you don’t have a password set, leave that blank.)
  5. Once logged on, click System Restore.

Windows 8, 8.1, or 10 #

windows10 recovery
You can get to the recovery options of Windows 8, 8.1, and 10 by holding shift when rebooting from the Windows login screen.
  1. If your PC boots to the Windows login screen, hold the Shift key, click the power icon, and select Restart.
  2. It should reboot to the recovery screens.
  3. Select Troubleshoot > Advanced Options > System Restore.

If you can’t get into the recovery screens, you can use the Windows installation media (disc or USB drive) for your particular version/edition to access the recovery tools. You’d boot up to that install media, but click Repair your computer on the main menu before proceeding with the installation.

If System Restore doesn’t help and you still can’t get into Windows to remove the ransomware, try running a virus scanner from a bootable disc or USB drive; some people refer to this approach as an offline virus scan. Our favorite bootable scanner is from Bitdefender, but more are available: AvastAVGAviraKasperskyNorton, and Sophos all offer antivirus boot-disk software.

If you still have no luck after trying Safe Mode and an on-demand scanner, performing a System Restore, and running an offline virus scanner, Please submit a ticket HERE.

show hidden files windows7
Showing hidden files in Windows 7 takes a couple of clicks.

Recovering hidden and encrypted files #

With that out of the way, it’s time to repair the damage. If you’re lucky, your PC was infected by malware that didn’t encrypt your data. If it appears you’re missing stuff though, the malware may have merely hid your icons, shortcuts, and files. It usually does this by making the files “hidden.” Here’s how to check, depending on your OS version:

Windows 7 #

  1. Open Computer.
  2. Press the Alt key and select Tools.
  3. Click Folder Options and select the View tab.
  4. Select Show hidden files, folders, and drives, and then click OK.

Windows 8, 8.1, and 10 #

  1. Open a File Explorer window.
  2. Select the View tab on the top pane.
  3. Check Hidden items.
show hidden files win10
Showing hidden files in Windows 8 and after is a cinch.