PClock Encryption Ransomware Removal (Decryption Methods Included)

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you remove PClock Ransomware. These PClock Encryption Ransomware removal instructions work for all versions of Windows, including Windows 10.

A new Ransomware threat is spreading online and infecting users with a malicious script called PClock. This virus is specially designed to blackmail victims for their data by keeping it locked with a strong encryption. Unfortunately, hackers with malicious intentions have turned this criminal scheme into a lucrative “business model” and are using various advanced methods to infect as many people as possible and make them pay ransom. If you landed on this page, the chance is that your data has been encrypted by this threat, but you may not want to pay the crooks. Indeed, it is a good idea to try everything possible to clean the infection on your own instead of submitting to the hackers’ demands. That’s why we suggest you give the removal guide we have prepared a try. We believe that with its help, you will be able to successfully delete the PClock related files from your system and gain back the control over your PC. But before you proceed to the instructions, let us give you some more information about the specifics of this ransomware infection.

How serious can an PClock Encryption be?

Among the known online threats, ransomware is considered as one of the nastiest. It doesn’t really corrupt your system or steal your data, but the encryption it applies sometimes may not be reversible and even after cleaning the infection, the locked files will remain encrypted if there is no decryption solution. That’s why this cryptovirus is a real disaster for the victims, who would lose their valuable work, project files, photos, music and all sort of useful stuff they keep on the hard drive. And since the victims would do almost anything to try to get back their files, the criminals behind the ransomware ask them to pay a certain amount in exchange for a special decryption key. This key is supposed to break the encryption and bring the files back to normal. However, as every hacker knows, it may not really work flawlessly all the time and would surely cost you a lot – the crooks may ask you to pay a sum ranging from a couple of hundreds to a couple of thousands, usually in Bitcoins. That’s why many victims would rather seek for other options to restore their files than risk their money for a key that may not work.

How can you get infected?

Infecting as many people as possible means more money for the crooks, that’s why they use various methods to distribute their malicious payload. Their favorite one is to mask the threat as a seemingly harmless file or application and spread it as an email attachment or a link, hide it in torrents, installation packages, and compromised websites, share it on social media or include the malicious script into misleading ads. In general, it is very hard to detect the threat without good antivirus software since the hackers do everything possible to make the ransomware appear as legitimate as possible. Once the users click on such delusive content, they activate the threat immediately. Trojan horse infections help it to sneak through the system unnoticed and remain there hidden while performing the encryption.

Ransom note reveals the threat.

There are hardly any visible symptoms of a ransomware infection during the encryption process. Sometimes, victims may notice a higher CPU usage, but in general, if not detected by the antivirus, this threat remains hidden and applies a complex algorithm of symbols to all the files that are found on the system. Once everything is encrypted, a ransom note appears on the screen, revealing the harmful results. It contains a message with instructions on how victims can pay the ransom and receive the decryption key. The hackers usually don’t let them think a lot and set a deadline, after which they may threaten to double or triple the sum.

You pay – the crooks fade away!

Usually, dealing with cybercriminals is risky, no matter how you look at it. It’s an uneven bargain where they would always be on the “win-win” side, keeping both your data and the key for it. You could only hope that they would have some mercy and really send you the decryption key once you pay. In most cases, unfortunately, this doesn’t happen and the crooks fade away the moment they see the money, leaving you only with empty pockets and locked files. The more people fall into that trap, the more popular this type of online robbery becomes. That’s why many security experts advise victims not to “sponsor” the ransomware, but seek other options to decrypt their files. The removal guide below would give you some ideas on how to restore some of your data, but before that, it is crucial to first clean the infection.

Cleaning the infection.

Since PClock is a really cunning threat, this process would need your full attention and a bit of understanding about deep system files. But there is no need to worry, because we made sure the steps are explained in detail. In case you meet some difficulty, however, you may also use the PClock removal tool. It will detect the malicious files in just a few clicks and save you from the stress of dealing with them manually. Once you are done, make sure you protect your system with a good antivirus and from now on, make backups of all your valuable data somewhere on an external drive or a cloud. This would surely minimize the risk of data loss in the future, although we wish you never meet such threats again.


Name PClock
Type Ransomware
Danger Level High (Ransomware are by far the worse threat you can encounter)
Symptoms  Hardly any symptoms are observed during the encryption. Once it is completed a ransom note appears on the victim’s screen.
Distribution Method The methods of distribution of this threat vary from email attachments, spam, torrents, applications, seemingly harmless files, to compromised websites and Trojans.
Detection Tool PClock may be difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

PClock Encryption Ransomware Removal



Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.



Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt files infected with PClock

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

Did we help? Share your feedback with us so we can help other people in need!

Leave a Comment