Petya Ransomware


This page aims to help you remove the Petya Ransomware Virus. These Petya Ransomware removal instructions work for all versions of Windows. As of today, Germany is currently under siege and we received a lot of “ransomware entfernen” pleads. 

The Petya Virus is a new and very potent addition to the ransomware virus family and for this reason we decided to write this article. You should be very careful with a particular file “bewerbungsmappe-gepackt.exe”, it is possibly related to the Petya Ransomware. If your computer has been infected by it, then you are in a bad spot. This virus behaves in a manner somewhat typical for other ransomware viruses – it encrypts your files and uses them as hostage to extort money for you. Just removing the virus will not be enough to restore your files, additional actions must be taken. We’ll try our best to help you deal with the Petya Virus on your own in our removal guide below, but I strongly recommend that you carefully read the rest of the article if you truly want to learn how to do some ransomware entrfernen. It will give you some basic understanding of ransomware viruses in general, as well as some very handy on how to recognize them in the future.

Petya Ransomware

Petya Ransomware Virus – how it works

Typically once this virus gets inside your machine it will try to remain inconspicuous for as long as possible. It will use the time to convert your files into their converted clones. Only after the conversion is done it will make an announcement on the desktop. Multiple versions do exist, but typically you are required to pay some amount of ransom money in the form of BitCoins to a wallet. BitCoins (BTC) are a new form of online currency that is virtually untraceable and for this reason tends to be quite popular with many shady and downright criminal people and organizations. All transactions related to Petya Ransomware Virus are done via the Tor network, to ensure the total anonymity of the hackers.

Remove Petya Ransomware Virus


Petya Ransomware
Restoring basic Windows functionality
Before you are able to remove the Petya ransomware virus from your computer you need to be able to access it in the first place. Since the ransomware will prevent Windows from booting itself your first job is to repair the Master Boot Records (MBR) of your drive.
To do that you’ll need your original Windows OS DVD (or an USB bootable drive for advanced users)
  1. Insert the DVD (or the USB) into the computer, then run the computer and choose to boot the OS from the DVD/USB. You may have to change Windows boot priorities from the bios by pressing Del
  2. When Windows boots from the DVD/USB select Windows Repair
  3. Open the Command Prompt and write the following commands inside:     enter: bootrec / fixmbr, bootrec / fixboot and bootrec / rebuildbcd
  4. Your Windows OS should now be able to boot normally. You can proceed with the removal of the virus as usual.

Petya Ransomware

The first thing you must do is Reveal All Hidden Files and Folders.

  • Do not skip this. Petya Ransomware Virus may have hidden some of its files.

Hold the Start Key and R copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

Petya Ransomware

If there are suspicious IPs below “Localhost” – write to us in the comments.


Type msconfig in the search field and hit enter. A window will pop-up:

Petya Ransomware

Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

Petya Ransomware

Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


Right click on each of the virus processes separately and select Open File Location. End the process after you open the folder, then delete the directories you were sent to.

Petya Ransomware

Petya Ransomware

Type Regedit in the windows search field and press Enter. Once inside, press CTRL and F together and type the virus’s Name.

Search for the ransomware in your registries and delete the entries. Be extremely careful – you can damage your system if you make a big mistake.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check our for anything recently added. Remember to leave us a comment if you run into any trouble!

Petya Ransomware

How to Decrypt files infected with Petya Ransomware Virus

There is only one known way to remove this virus successfully – reversing your files to a time when they were not infected. There are two options you have for this:

The first is a full system restore. To do this type System Restore in the windows search field and choose a restore point. Click Next until done.

Petya Ransomware

Your second option is a program called Recuva

Go to the official site for Recuva and download it from there – the free version has everything you currently need.

When you start the program select the files types you want to recover. You probably want all files.

Next select the location. You probably want Recuva to scan all locations.

Now click on the box to enable Deep Scan. The program will now start working and it may take a really long time to finish – maybe even several hours if your HDD is really big, so be patient and take a break if necessary.

You will now get a big list of files to pick from. Select all relevant files you need and click Recover.

Recovering your files – Is paying the ransom a good idea?

Some viruses like to present the ransomware note directly, yet others try to be more subtle and offer you to download (and pay for) a program that can fix the problem for you. Whatever the wording may be, the reality is that you are blackmailed for money. Paying the ransom may seem like the easiest and most straightforward solution, especially if you can easily afford the amount of money asked. Unfortunately, the more people decide to pay up, the more ransomware viruses get created. It doesn’t stop there – remember that you are dealing with cyber criminals – they issue no refunds if something goes wrong with their program. Quite a few people got burnt when they decided to pay, but got no workable solution in return.

  • We strongly recommend that you only consider paying as a last resort, after all other options have been exhausted and you still have important files that are encrypted.

The recovery method written in our guide revolves around the restoration of your original, deleted files. Is it far from a perfect solution, but its free and it has already helped a lot of people.

Check your PC for а Trojan, which may have installed Petya Ransomware Virus

Ransomware viruses are very often installed with the help of Trojan horses and Petya Ransomware Virus is no exception to the rule. The file you should be looking out for is “bewerbungsmappe-gepackt.exe”. The Trojan infiltrates the computer first, then blind any anti-virus program that might be present so that it does not detect the download and installation of the ransomware from a remote host. Since your computer has been infected with this virus you stand a very good chance of also having some kind of Trojan on your machine. if you don’t plan to format the whole hard drive after you deal with Petya Ransomware Virus we strongly recommend that you perform an in-depth scan to make sure no Trojan horse remains. These things can easily be reconfigured to install the next round of ransomware (when it’s developed) and make you the victim again! If you don’t have any good anti-malware software installed on your machine feel free to check our recommendation on what we think is the best program for this task.


Name Petya
Type Ransomware
Danger Level High (This is really one of the worst viruses to have on your PC)
Symptoms Generally computer starts to slow down without apparent reason while your files are getting encrypted. Afterwards the virus will reveal its presence and demand ransom payment.
Distribution Method Very often with the help of Trojan horse virus types, but can also be installed in a direct manner. The main culprit is believed to be “bewerbungsmappe-gepackt.exe”.
Detection Tool Ransomware are notoriously difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.

Keep in mind, SpyHunter is a malware detection tool. To remove the infection, you need to purchase the full version. More information about SpyHunter and steps to uninstall.


About the author


Violet George

Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.


  • Hi Sneha,
    we are glad that we could help you. If you have any other problems involving malicious content, remember we are here, we can help you solve the issue. 🙂

Leave a Comment