Nemucod Ransomware Removal

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.


This page aims to help you remove Nemucod. These Nemucod removal instructions work for all versions of Windows.

If you’ve been infected by Nemucod, you probably already found out about it from a disturbing message on your screen, which let you know exactly just how deep trouble you’re in. Never fear, however, we’re here to help and have designed a guide, which will instruct you to remove this pesky virus from your computer. Keep in mind that removing it won’t restore your files, but we might have got that covered too, as you’ll see if you keep reading.

Nemucod is a type of ransomware – malicious software, which has been circulating the web for over two decades now. At first it was only around in Russia, but now it’s more or less everywhere and can infect anyone. Unfortunately, it’s only growing in popularity and the reason for this is largely the crypto currency Bitcoin. See, Bitcoins are practically untraceable and the hackers behind Nemucod and others like it have learned to request the ransom for the encryption keys, which you need for accessing your files, in Bitcoins. This makes them more or less unstoppable; otherwise they’d be doing time in prison and wouldn’t be messing with other people’s computers.

How exactly Nemucod operates and how it gets into your PC

Let’s start from that last part. The majority of instances of ransomware infection occur via email. Most likely you were sent an email with some attachment or a hyperlink, which when you opened unleashed hell onto your system. Inside there was a Trojan horse, which downloaded – without asking for your permission or acknowledgement – Nemucod onto your PC. There. Once that’s been done, it will go about encrypting your files, going completely unnoticed and then prompting the aforementioned message with the ransom note. Depending on how powerful your processor is and the amount of data stored, you do however stand a chance at catching Nemucod ‘in the deed’. You might notice that your computer is running unusually slow and this should send you searching your Task Manager for suspicious processes. Sort those by memory used, because this baby will be using a whole lot of RAM, and if you see it – it’s lights off. Switch off your PC right that moment and turn to a professional for help.

To pay or not to pay

Well, this one is solely up to you. We would advise you not to, because the drawbacks are more to this than there are positive aspects. Let us go over them and we can begin with the only good side to this.

Pro: You pay the ransom, they give you the encryption key, it works and you have full access to your files again. Great!

Cons: You pay the ransom amount; they don’t send you the key. Not so feisty now, right? Or here’s another one: you pay, they DO send it, and it doesn’t work for all your files. Something tells us, they’re not going to care much. And, not to be playing the moral police here, but by giving criminals money – aren’t you supporting them? And these guys are criminals, even if you can’t see them and they haven’t exactly robbed a bank or threatened to kill someone. But, like we said – it’s up to you. We can only offer you to try out the below steps first, because by the very least they will not cause further damage to your data, even if they don’t succeed in recovering all of it.

How to be safe in the future

It goes without saying that a good, proven anti-malware program must be installed and functioning on your computer. We recommend running virus checks frequently to always be sure no malware has made its way into your system. You should also avoid going to obscure websites, which might be harboring viruses and other unwanted programs. These could include, but aren’t limited to open-source download sites, for example. That being said, you should especially avoid downloading anything from websites like these, because there’s no telling what else can come bundled with your desired software or file. And, of course, be very cautious with emails you receive from unfamiliar sources. If the sender seems far too suspicious – simply don’t open the email, but if you have gone so far already, at least abstain from downloading and opening the attachment(s) and/or following the link inside, should there be one.

SUMMARY:

Name Nemucod
Type Ransomware
Danger Level High (Very dangerous, goes unnoticed. Might leave some files encrypted even after decryption)
Symptoms Computer might be running very slow, while files are being encrypted. After this, you will lose access to certain files and will see a ransom note regarding the decryption key.
Distribution Method Typically via email. You might receive a Trojan in the form of an attachment, which when opened will download Nemucod.
Detection Tool Nemucod may be difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Nemucod Ransomware Removal


Readers are interested in:

Step1

Reboot in Safe Mode (use this guide if you don’t know how to do it).

This is the first preparation.

Step2

WARNING!
To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

The first thing you must do is Reveal All Hidden Files and Folders.

  • Do not skip this. Nemucod may have hidden some of its files.

Hold the Start Key and R – copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

 

Type msconfig in the search field and hit enter. A window will pop-up:

msconfig_opt

Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

Step3

Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.

WARNING! READ CAREFULLY BEFORE PROCEEDING!

This is the most important and difficult part. If you delete the wrong file, it may damage your system irreversibly. If you can not do this,
>> Download SpyHunter - a professional parasite scanner and remover.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.

malware-start-taskbar

Step4

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you make a big mistake.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check our for anything recently added. Remember to leave us a comment if you run into any trouble!

Step5 

How to Decrypt files infected with Nemucod

There is only one known way to remove the virus’ encryption that MAY work (no guarantees) – reversing your files to a previous state. There are two options you have for this:

The first is using a system backup. Search for Backup and Restore in the windows search field —–> “Select another backup to restore files from”

Backup

If you have no backups, your option is Recuva

Go to the official site for Recuva and download its free version. When you start the program, select the file types you want to recover. You probably want all files. Next select the location. You probably want Recuva to scan all locations.

Click on the box to enable Deep Scan. The program will now start working and it may take a really long time to finish, so be patient and take a break if necessary.

You will now get a big list of files to pick from. Select all relevant files you need and click Recover.

Did we help? Share your feedback with us so we can help other people in need!

Was this guide helpful?