How to Remove Ransomware

Last Updated: January 4, 2013

Ransomware is malicious software that restricts access to a computer until a ransom is paid. It displays a fake warning message and asks you pay a fee to unblock the computer. It will frequently disguise itself as the police or FBI. Ransomware can be difficult to remove; however, it is not impossible. This guide provides two methods for removing ransomware.

If you have any questions or comments about this guide, please leave a comment.

Contents

Method 1 - Start in Windows Safe Mode
Method 2 - Use HitmanPro Kickstart



Method 1 - Start in Windows Safe Mode

Certain types of ransomware won't run in safe mode. To start in safe mode, restart your computer and press and hold the F8 key while your computer starts up. You must press F8 before Windows begins to load. You will see a black screen with several options. Use the arrow keys to select Safe Mode with Networking and press the Enter key.
 

If the ransomware doesn't start in safe mode, follow Step 1 and 2 in this malware removal guide (while in safe mode). If the ransomware starts in safe mode, move on to method 2.


Method 2 - Use HitmanPro Kickstart

Note: You will need a USB flash drive to use this method.

On another computer, download and open HitmanPro: Download here (32-bit), (64-bit) - Homepage

When HitmanPro opens, click the kick icon at the bottom of the screen. 

Now, insert the USB flash drive into a USB port on the computer. Then follow the on-screen instructions to install Kickstart. Once the installation is complete, remove the flash drive and insert it into the infected computer. Then follow these steps to boot the computer from the flash drive:


1. Restart or turn on the infected computer (make sure the USB drive is plugged in).

2. Go to the boot menu of the computer. To access the boot menu, you need to press a specific key while the computer starts up. Different computers have different ways of accessing the boot menu. The boot menu keys are listed below.
  • Dell: F12 
  • HP: ESC (boot device options)
  • Other: F12
Note:
  • You must press the key before Windows begins to load. 
  • If your computer doesn’t have a one-time boot menu, you will have to change the boot order in the BIOS. How do I change the boot order?

3. You will see a boot menu that is similar to the one below. From there, look for one of the following options: USB Device, Removable Devices, USB brand name (e.g. SanDisk, Kingston). Use the arrow keys to select the appropriate option and then press the enter key. 


4. Follow the on-screen instructions. It may take several seconds for HitmanPro to open. When HitmanPro opens, click the Next button. Select the box that says No, I want to perform a one-time scan, and then click Next. Once the scan is complete, click Next. Click Activate free license, and then click Next to remove the ransomware. Restart the computer and remove the USB flash drive. After you use HitmanPro, follow Step 1 and 2 in this guide to remove any remaining threats.


  Common Ransomware Threats

Many computer users encounter the following threats:

- FBI MoneyPak ransomware (Citadel Reveton)
- EUROPOL virus
- U.S. Cyber Security ransomware
- West Yorkshire Police Ukash
- Internet Complaint Center (locks computer)