Piiq is a Ransomware cryptovirus that blackmails its victims for their money by encrypting their files and using that as leverage. To make the victims pay, Piiq demands from the users a ransom payment for the private decryption key that will unlock the files.
To remove Piiq properly, it is important that you understand exactly how this Ransomware operates and what issues it may cause. That’s why, in the paragraphs below, we will try to give you as much information as possible about the features of the infection and the different options you have at the moment.
The Piiq virus
The Piiq virus is a Ransomware infection that encodes user files with a complex algorithm. In this way, the Piiq virus renders the files inaccessible and blackmails the victims for a ransom in order to access them again.
Many security researchers claim this malware is the most problematic and dangerous type of malware a computer user can face. Typically, the contamination with Ransomware happens when the users click on an infected email attachment, a fake ad, a misleading hyperlink, or a fake pop-up message. Sometimes, a Trojan Horse virus that the user may have caught earlier can also help the infection process by acting as a backdoor for the Ransomware.
Once the file-encryption process gets completed and all the target files are inaccessible, Piiq will show a ransom-demanding message on the screen of the infected computer. This is the moment when the victim discovers that they have been contaminated. Sadly, most of the time, the entire file-encryption process can run unnoticed in the background of the system. This gives an advantage to the hackers behind the Ransomware that allows them to surprise their victims with their ransom message and to scare them into paying as soon as possible in order to regain access to their files.
The Piiq file encryption
The Piiq file encryption is a file-encoding process that converts user files into unreadable pieces of data. As soon as the Piiq file encryption process gets completed, a ransom-demanding notification appears on the screen, requesting a fixed amount of money in exchange for a decryption key.
The Ransomware creators are typically unscrupulous people and the victims can’t be sure that if they pay the required amount they will really get back the access to the encrypted data. Therefore, the last possible course of action one should take is to pay off the requested money to the hackers. Before that, the victims should focus on how to remove the Piiq or Ddsg infection from their computers. This is extremely important if they want to be able to use the machine for the creation of new files in the future or if they want to connect file backup sources. With an active Ransomware in the system, every new file they store there will most likely fall under the same encryption so removing the virus is a must!
The removal of the infection is even more important in case it has been delivered to the system with the help of a Trojan Horse because the presence of this malware can lead to new contamination. That’s why both the Piiq Ransomware and the Trojan Horse that has brought it to the computer it should be deleted as soon as possible. The instructions in the removal guide below will guide you through the process but we also highly recommend you scan your computer with the attached professional removal tool that is linked on this page.
Some threats reinstall themselves if you don't delete their core files. We recommend downloading SpyHunter to remove harmful programs for you. This may save you hours and ensure you don't harm your system by deleting the wrong files.
Before you start Here are a couple of important notes that you must bear in mind before you proceed with the removal steps.
- The first thing we should point out is that it is preferable if your PC stays disconnected from the Internet while you are completing the steps – this may prevent Piiq from communicating with the server of its creators, and thus help you with the removal process.
- Next, we strongly recommend that you disconnect any USB flash memory sticks, smartphones, external HDDs, or any other devices that have storage space of their own because the Ransomware may try to lock the data that’s saved on them.
- Thirdly, before you start the removal of Piiq, you must first decide whether you’d go for the ransom payment (which we do not recommend) or try alternative recovery methods to restore your files. If you decide on the former option, it is better to leave the Ransomware on your PC for the time being – removing Piiq may make it impossible to get the decryption key from the hackers even after you pay them. Of course, after you make the payment, you should still remove the virus.
- Finally, know that the Ransomware may have already deleted itself from your PC after encrypting your files in order to make the decryption process more difficult. If Piiq seems to have automatically removed itself, then you should directly go to our How to Decrypt Ransomware article, skipping the current guide.
Remove Piiq Ransomware
To remove Piiq, all rogue programs and processes must be eliminated, after which you should revoke the system changes that the virus may have made.
- Uninstall anything from the Programs and Features window that you think could be the reason for the Ransomware infection.
- Try to single out the virus process in the Task Manager and disable it.
- Open the Startup list and the Hosts file and restore them to their regular states, and then visit the System Registry and clean it from Ransomware items.
- To remove Piiq, the final thing you ought to do is clean the Temp, AppData, LocalAppData, ProgramData, and WinDir folders from anything placed in them by Piiq.
You can find details about each step down below.
Access the Control Panel through the Start Menu and open Programs > Programs and Features. If you find a program that looks like it could have been the one that brought the Ransomware virus to your system, Uninstall it.
Note 1: Look for recently installed programs – it is likely that the program responsible for the malware attack was installed not long before the Piiq virus encrypted your files.
Note 2: Some uninstallation wizards may give you the option to keep in the system personalized settings or other non-essential data related to the program you are in the process of removing. When you are uninstalling a potentially undesirable/malicious program, you should never use those options – everything needs to be deleted.
WARNING! READ CAREFULLY BEFORE PROCEEDING!
Press from your keyboard [Ctrl] + [Shif] + [Esc] and then click the Processes button from the top of the Task Manager window that opens. You must now identify and quit the Ransomware process (if it is still running).
To make singling out the rogue process, it may help if you sort the list by order of virtual memory or CPU usage, since Ransomware processes usually require a lot of both of those resources. Look at the ones that are consuming the most of your system’s resources, and then pay attention to the names of each process. When/if you find one that looks questionable, write its name in Google, Bing, or another trusted search engine service and see what comes up in the search results. This should usually let you know if you are dealing with a rogue process.
Another helpful thing you can do to find out if the process may be harmful is to right-click on it, open the File Location folder, and scan everything that’s’ in it for malicious code. We strongly recommend using the following online scanner to test the location folder files. No installation s required to use this scanner, and it’s free to use on our site.
A single file detected as a threat in that folder is enough to confirm that the process is malicious.
If, whether by looking up the process, scanning its files, or both, you determine that the process is harmful, Quit it and then delete everything in its folder.
Once the rest of this Piiq removal guide is completed, delete the location folder as well.
It’s important to prevent Piiq from launching its rogue processes again – to make sure that doesn’t happen, boot your PC into Safe Mode.
There are several fodlers where you may find malware data that needs to be deleted. However, you msut first make hidden files and folders visible on your PC. To do that, open the Start Menu, type Folder Options, press Enter, and then select the View section in the next window.
Find the Show hidden files, folders, and drives setting and enable it and then disable the Hide extensions for known file types and Hide empty drives in the Computer folder options. After that, exit the window by clicking on OK.
Next, copy the lines shown below, one by one place them in the Start Menu search bar, hitting Enter after each one.
When you get to each respective folder, delete all data in it that has a creation/last modification date after the Ransomware’s arrival, and also delete all files and folders located in the Temp folder.
Now you must clean the Startup items on your PC – to do that, click the Start Menu, type msconfig, and open the app that appears. In it, select the Startup tab and make sure that every unfamiliar item or item with an unknown developer (manufacturer) shown there gets deselected, after which click on OK.
Next, go to Computer/(C:)/Windows/Syste32/Drivers/Etc and open the file named Hosts. It will ask you to pick a program with which to open it – pick the Notepad app. In the file, copy everything below “Localhost” and send us what you copied in the comments. We will have a look at your comment, and after we determine if the text there has been added by Piiq, we will inform you in a reply to your comment and tell you if it needs to be deleted from the Hosts file.
For this last step, you must go to the system’s Registry and clean it. You can find the Registry Editor in the Start Menu, by typing regedit. Open the app that shows up in the search results (should be regedit.exe) and click on OK when asked if you are sure you want to start the app.
Next, from the menu labelled Edit, go to Find and use the search bar to look for Piiq items in the Registry. Anything that gets found must be deleted, but remember to repeat the search after each deletion to see if there are any more Piiq items left in the Registry.
Once everything related to Piiq is deleted, check the next locations from the left panel of the Registry Editor for suspicious items.
- HKEY_CURRENT_USER > Software
- HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Run
- HKEY_CURRENT_USER > Software > Microsoft > Internet Explorer > Main
By suspicious, we mean any item with a name that looks random and/or too long – something like this “3289rjf983489th420r9uj98grh829rj48et“.
If the manual steps didn’t help Many Ransomware viruses are helped by Trojans, Rootkits, and other secondary threats, which could be the reason Piiq may be still on your PC. If you haven’t been able to eliminate this Ransomware thus far, we advise you to use a specialized anti-malware tool to fight the malicious program and to delete any additional harmful software that may be helping it. A tool we can recommend for this job is the one linked on the current page – it can help you clean your computer from any threat as well as boost its overall protection against all sorts of malware.
How to Decrypt Piiq files
To decrypt Piiq files, you should first the methods that do not involve paying the ransom because otherwise you’d be risking your money. Before you attempt to decrypt Piiq files, however, you must delete all traces of the Ransomware that may still be on your computer.
One way to ensure that no rogue files are left in the system is to use the free online scanner we have on our site to test for rogue code any files that you deem suspicious. After you’ve ensured that the system is clean, it is time to visit the detailed How to Decrypt Ransomware article that we have here and try the data-restoration methods suggested in it.