PostNord AB Virus Ransomware Removal

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This article was created to combat and remove the PostNord Virus Ransomware that recently hit Sweden. “Postnord Virus lösning” is probably the most frequent message we’ve encountered on the subject. Most of the infected parties are asked to pay 4000 SKE in a matter of 24 or 48 hours or lose the encrypted files.

Postnord Virus lösning

Everything began when a trojan hit PostNord and started sending emails to unsuspecting users, and these emails themselves were also infected of course, leading to a massive wave of people suddenly getting ransomware messages across their screens and ask for Postnord Virus lösning. This was dubbed by many as  PostNord virusmail.

According to collected data the PostNord Virus is part of the rising trend in malware dubbed “Ransomware.” Most strains of ransomware nowadays stem from the CrpytoLocker and CryptoWall viruses that hit the web roughly in the second part of 2014 and continue to plague users to this date. Ransomware like the PostNord Virus are by far the nastiest viruses common users can encounter. If you are reading this, then you have quickly realized that your files were trapped by a powerful encryption that essentially leaves them useless unless you receive a recovery key. And this can only happen if you pay the ransom, of course. Additionally the PostNord Virus sneaks through a trojan that is very hard to detect for normal defenses and traditional anti-virus programs (preventive measures) like Norton, Kaspersky and the like. Anti-malware (basically removers once the virus is in) programs, such as SpyHunter, for example, have fared better because of the rapid updates of their database. In this case the PostNord Virus is associated with the severans process – or severans.exe in computer terms. We advise all users to search around for severans – something which we will elaborate on in our removal guide below.

In most instances ransomware infiltrate systems through the help of trojans – something that is clearly the case with the PostNord Virus. Once inside, the trojan completely bypasses and fools the system and then employs the ransomware, which starts scanning and collecting data immediately. In creates a self-styled manifesto and then  encrypts your files on restart/ start up. At this point people start asking for “Postnord Virus lösning”. We hope that this article can serve as a “solution” (PostNord Virus lösning means ” a solution for PostNord VIrus”, for anyone english speaking who reads this). 


Name PostNord
Type Ransomware
Danger Level High (Ransomware viruses are among the most dangerous threats you can face)
Symptoms All of your personal data is encrypted and a ransom demand is sent to your via a message on your desktop.
Distribution Method Usually loaded through the help of Trojan Horses, but can also be installed directly from email attachments. SCAN YOUR PC!
Detection Tool Malware and Adware are notoriously difficult to track down, since they actively try to deceive you. Use this professional parasite scanner to make sure you find all files related to the infection.Sponsored

PostNord Virus Removal

STEP 1: PostNord Virus Removal

For Windows 98, XP, Millenium and 7 Users:

Restart your computer. To be sure you don’t miss the time when you need to press it, just spam F8 as soon as the PC starts booting. In the new menu, choose Safe Mode With Networking.

Proceed to Step 2.

For W. 8 and 8.1 Users:

Click the Start button ,then Control Panel —> System and Security —> Administrative Tools —> System Configuration.Administrator permission required


Then check the Safe Boot option and click OK.  Click  Restart in the new pop-up.

Proceed to Step 2.

For Windows 10 Users:

  1. Open the Start menu.
  2. Click the power button icon in the right corner of the new Start menu to show the power options menu.
  3. Press and hold down the SHIFT key on the keyboard and click the Restart option while still holding down the SHIFT key.

Windows 10 will perform the reboot. Next do the following:

Click the Troubleshoot icon, then Advanced options —> Startup Settings. Click Restart.
After the reboot click on Enter Safe Mode With Networking (Fifth Option).


Continue with Step 2.

 STEP 2:

To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Hold the Windows Key and R and copy + paste the following, then click OK:

notepad %windir%/system32/Drivers/etc/hosts

A .txt file will open – don’t touch anything there. If you are hacked and someone has access to your PC, there will be a bunch of other IPs connected to you at the bottom. This is what a hosts file looks like:

hosts_opt (1)

If there are a bunch of strange IPs connecting to you below “Localhost” you may be hacked, and it’s best to ask us in the comments for directions.

Now hold the windows Key and R again but type %temp% in the field and hit enter. Delete everything in that directory.

 STEP 3:

Right click on each of the malware processes separately and select Open File Location. Also, End the process after you open the folder. Just to make sure we don’t delete any programs you mistakenly took for a malware, copy the folders somewhere, then delete the directories you were sent to. There’s a good chance PostNord Virus is hiding somewhere in here.


This is perhaps the most important and difficult step, so be extremely careful. Doing this can damage your PC significantly if you make a big mistake. If you are not feeling comfortable, we advise you to download a professional PostNord Virus remover. Additionally, accounts connected to your credit cards, or important information, may be exposed to the virus.


Look around for severans.exe and terminate it if you see such a process. If you can not, try searching your Program Files for such a file.


Take a look at the following things:

Type msconfig in the search field and hit enter: you will be transported to a new window. 


Go in the Startup tab and Uncheck anything that has “Unknown” as Manufacturer.

STEP 5: How to Decrypt files infected with PostNord Virus

There is only one known way to remove this virus successfully, barring actually giving in the to the demands of the people who created the virus – reversing your files to a time when they were not infected.

There are two options you have for this:

The first is to do a full system restore. This can take care of the file extension for you completely. To do this just type System Restore in the windows search field and choose a restore point. Click Next until done.

system restore_opt

Your second option is a program called Recuva

Go to the official site for Recuva and download it from there – the free version has everything you currently need.

When you start the program select the files types you want to recover. You probably want all files.

Next select the location. You probably want Recuva to scan all locations.

Now click on the box to enable Deep Scan. The program will now start working and it may take a really long time to finish – maybe even several hours if your HDD is really big, so be patient and take a break if necessary.

You will now get a long list of files to pick from. Select all relevant files you need and click Recover.

Did we help? Found an alternative solution? Share your feedback with us so we can help other people in need!

Leave a Comment