Last Updated: July 4, 2012
Ransomware is malicious software that restricts access to a computer until a ransom is paid. It displays a fake warning message and asks you pay a fee to unblock the computer. It will frequently disguise itself as the police or FBI. Ransomware can be difficult to remove; however, it is not impossible. This guide provides instructions on how to remove ransomware from Windows operating system.
Contents
Option 1 - Start in Windows Safe Mode |
Option 2 - Use HitmanPro's Force Breach Mode |
Option 3 - Use a Bootable Antivirus CD |
Option 1 - Start in Windows Safe Mode
Certain types of ransomware won't run in safe mode. To start in safe mode, restart your computer and press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. You will see a black screen with a number of options. Use the arrow keys to select the Safe Mode with Networking option, and then press the Enter key.
If the ransomware doesn't start in safe mode, follow Step 1 and 2 in this malware removal guide (while in safe mode). If the ransomware starts in safe mode, move on to Option 2.
Option 2 - Use HitmanPro’s Force Breach Mode
On another computer, download HitmanPro: Download here (32-bit), (64-bit) - Homepage
Copy the downloaded HitmanPro file to a USB flash drive. After the file is copied, plug the USB flash drive into a USB port of the infected computer. Now press the Ctlr key and the O key together. You should see a window that is similar to the one below. From there, find the USB flash drive and open it. While holding down the left Ctrl key, open the HitmanPro file. Keep the Ctrl key pressed until the HitmanPro window appears. This will stop the ransomware. Then click the Next button. Check the box that says No, I want to perform a one-time scan, and then click Next. Once the scan is complete, click Next. Click Activate free license, and then click Next to remove the ransomware. After you use HitmanPro, follow Step 1 and 2 in this guide to remove any remaining threats.
Option 3 - Use a Bootable Antivirus CD
A bootable antivirus CD can be used to scan your computer for malware without having to boot into Windows. Many antivirus companies provide free bootable CDs. They are extremely effective at removing malware from a computer.
Below are three highly recommended bootable antivirus CDs. I recommend using Kaspersky Rescue Disk.
Kaspersky Rescue Disk (230 MB) - How to create and use Kaspersky Rescue Disk
Avira AntiVir Rescue System (240 MB) - How to create and use Avira Rescue CD
Dr.Web LiveCD (180 MB) - How to create and use Dr.Web Live CD
- Burn the antivirus ISO file onto a CD using CD burning software.
- Insert the CD into the infected computer's CD-ROM drive.
- Enter the computer's BIOS, set it to boot from the CD, and reboot the computer. How to Boot from a CD
- Scan for and remove the ransomware using the bootable CD.
If the above steps don't work, seek expert analysis.