Petya.a Virus Removal (+File Recovery) (July 2017 Update)

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.


This page aims to help you remove Petya.a Virus for free. Our instructions also cover how any Petya.a Virus file can be recovered.

The current article is focused on a freshly discovered Ransomware infection called Petya.a Virus. The recent news headlines are usually full of warnings about threats of this type, and if you have been this unfortunate to catch this one, on this page, we will do our best to help you remove it. Petya.a Virus is a file-encrypting virus, which is capable of blocking the access to your most used files such as documents, images, videos, projects, work files, archives and more. By doing this, the malware basically makes you vulnerable to the hackers, who stand behind it, when they start to blackmail you into paying ransom in exchange for decrypting your data. All the typical characteristics of this cryptovirus, as well as the general behavioral traits of the Ransomware as a whole, are thoroughly discussed in the paragraphs that follow. Take your time and read them carefully because you are facing one of the most hazardous cyber threats that are currently roaming around the internet and if you want to effectively deal with it, you need to be well informed about your options.

Spreading methods of Petya.a Virus:

The malicious viruses from the Ransomware type most often spread through email spam, infected attachments, fake ads or links, Trojan horse infections or some compromised web pages. To prevent them from sneaking inside your system, do not open messages from strangers or from companies/organizations you do not recognize. You should be especially cautious with messages that show tempting offers, or simply invite you to open a document that looks important (e.g. tax alignment, invoices, summaries, etc.). Some mid-range viruses also attack their victims through unsafe Remote Desktop ports or malware-infected ads. Do not forget to use sophisticated passwords and stay away from sites that look insecure or unclear. It is also very important to protect your computer or your computer network by installing legitimate security software.

Petya.a Virus – a threat created to bring money to its unscrupulous criminal developers!

Petya.a Virus is a malicious program from the Ransomware type, which has been created by a group of anonymous hackers, with the sole idea to bring them money by blackmailing the online users for the access of their own data! This threat usually applies an encryption to each and every file that is found on the infected computer and even is able to change the extensions, in order to make it impossible for any program to recognize and open the encrypted files. The malware modifies these files by altering their structure using a specific encryption algorithm that uses a public key, and once encryption is complete, the files can only be recovered using a private key. That private key is kept by the hackers, who control the Ransomware, and they put a ransom notification on the victim’s desktop, where they ask ащк money to send it. In order to look more trustworthy, sometimes the hackers may offer a “free decryption” option. However, this does not mean that they really will offer some great decrypting solution for a few lucky ones – they simply may offer the testing of the private decrypting key by enabling decryption of one or two files of your choice, which are usually no more than 1 MB in size. If the victims don’t complete the ransom payment fast, the hackers usually threaten to destroy the private key and leave the affected files encrypted forever.

Petya.a Virus Removal


 

Step1

Restoring basic Windows functionality
Before you are able to remove the Petya.a  Virus from your computer you need to be able to access it in the first place. Since the ransomware will prevent Windows from booting itself your first job is to repair the Master Boot Records (MBR) of your drive.
 
To do that you’ll need your original Windows OS DVD (or an USB bootable drive for advanced users)
  1. Insert the DVD (or the USB) into the computer, then run the computer and choose to boot the OS from the DVD/USB. You may have to change Windows boot priorities from the bios by pressing Del
  2. When Windows boots from the DVD/USB select Windows Repair
  3. Open the Command Prompt and write the following commands inside:     enter: bootrec / fixmbr, bootrec / fixboot and bootrec / rebuildbcd
  4. Your Windows OS should now be able to boot normally. You can proceed with the removal of the virus as usual.

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. If you want a fast safe solution, we recommend SpyHunter. 

>> Click to Download Spyhunter. If you don't want this software, continue with the guide below.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

malware-start-taskbar

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/




Scan Results


Virus Scanner Result
ClamAV
AVG AV
Maldet

After you open their folder, end the processes that are infected, then delete their folders. 

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.

Step3

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:

msconfig_opt

Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.

Step4

WARNING!
To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!

Step5 

How to Decrypt Petya.a Virus files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

The file decryption options:

If you don’t want to pay ransom to a group of cyber criminals just to get access to what is rightfully yours, then you are probably looking for alternative solutions. Indeed, we need to warn you that there is very little chance of restoring your files, because once Petya.a Virus enters the system, a number of processes begin, one of which is designed to delete the Volume Shadow copies. With this in mind, even the decryption key that the hackers offer you may fail to bring your files back to normal and if you go for the ransom payment the chance is you will give your money in vain.

Then what options do you have? The best way to recover your files is by using file backups. Unfortunately, not many users feel the need to create backups and realize the importance of such data copies when it is too late. If your files have been encrypted by Petya.a Virus but you have some backups, don’t hesitate to use them instead of paying the ransom. Also, we have a special file-restoration section at the end of this page, which you may like to try to retrieve some of your files. However, before you begin with your restoration attempts, we highly recommend you first to remove the Ransomware infection from your system. The instructions for that are published in the removal guide below. If you don’t do that, there is a high risk that everything you manage to recover to get encrypted again and then you may lose even your backups.

SUMMARY:

Name Petya.a
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery Tool Currently Unavailable
Detection Tool We generally recommend SpyHunter or a similar anti-malware program that is updated daily.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.


  • HowToRemove.Guide Team

    The guide here is one of the only method so far. If your machine has been infected by this virus, there aren’t really that many options to choose from. On the flip side, giving it a try can potentially resolve the issue but you cannot know unless you try. It realy depends on the current situation.

  • Nabeela tabu

    So once the system is infected, there is no way of recovering the files? All the files which are encrypted, no solution to decrypt?

    • HowToRemove.Guide Team

      You can always try our guide below the article. We cannot guarantee success but it might still work for you if you are lucky. Nonetheless, giving it a try is still better than doing nothing or, alternatively, paying the ransom.