Wanna Cry Virus Removal (+File Recovery) June 2017 Update

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.


How irritating is this virus?

This page aims to help you remove Wanna Cry Virus for free. Our instructions also cover how any Wanna Cry file can be recovered.

The general topic of the text below is the infection caused by a ransom-demanding, file-encoding program, popular as Wanna Cry Virus. As you could be expecting, this actual program is awfully malicious and falls into the Ransomware group.
Basically, this categorization means your most commonly modified data might become hijacked via a complicated encryption process you might not be able to stop or reverse. Despite that, it’s ultimately worth reading the next paragraphs to get informed and choose how to proceed with such malware.

Talking in brief about Ransomware:

Ransomware is known as the most malicious virus category and is believed to have originated in Russia. The very first examples of such viruses are known to have appeared at the end of the 20th century. Back then there used to be two types of ransom-requesting programs:
*file-locking-up, the subgroup Wanna Cry Virus belongs to that is expert at encrypting some files from drives:
*screen-locking,  the subcategory, whose members are only  able to target the screens of all kinds of devices  as computers/ laptops/ phones and tablets;  and block them, demanding your money for making them accessible.

The most frightening Ransomware group – the file-encryption causing viruses,  and how these viruses normally function:

  • First of all, such malicious programs can enter your computer on their own or with some help. The contamination could occur in many ways. Nonetheless, it is likely to take place via email letters and their attachments, and as soon as you load any of them, an infection could follow. It is even possible that such a letter may even include a Trojan virus. One more possible case is to get infected by this malicious piece by loading contagious web pages. What’s more, you might end up infected if you open/ follow a malicious advertisement – clicking on such ads is likely to redirect you to a contaminated web page, where many forms of malware may automatically infiltrate your PC.
    However, there are many other potential sources like torrents and video-sharing websites. In this case the method of infecting is almost similar: – you get infected by this virus automatically-  once you get exposed to it.
  • The next circle of the process of contamination is the review, which Wanna Cry Virus may perform of all your disks and drives. Such a research targets all you storages and is focused on finding the data, which has been accessed most often. Following that, Wanna Cry Virus normally prepares a list with all such files.
  • Then, the encryption process takes place. Wanna Cry Virus usually proceeds with making all the enlisted files inaccessible. Right after every single data piece from the aforementioned list has been encrypted, you get a special notification about that. Typically, such an alert includes all the info about paying the required ransom – and sometimes even some more scary threats about the future of the encoded data.

Will paying off the ransom be enough to solve such a serious issue?

To our mutual misfortune, in the general case – this is NOT what follows.  In fact, the hackers may just keep your files encrypted forever once they have received your money.

If we were you, we would never agree to pay any criminals – at least not until we have made every possible attempt to solve the issue ourselves.  The following may help indeed:

  • See and pay/ask an expert for some help and assistance. Perhaps some professionals have their own manner of dealing with such dangerous viruses.  Moreover, it is INDEED wiser to pay for tips or know-how,  and possibly save your data, than to simply give money to the harassing hackers. Nevertheless, even some of the professionals with experience in this field might admit to being incapable of finding a real solution to the problem with Wanna Cry Virus.
  • Check whether you are able to remove this contamination via following the advice in our well-designed Removal Guide. That may really help you, but still, you receive no guarantee of its positive consequences.

What could indeed  work when it comes to Ransomware:

There is only one known method of successfully fighting Ransomware and- surprise-  its name is prevention. This has always been the most effective choice. What you have to do is to make an effort to BACK UP all your important files as often as you can until doing so becomes a habit. Creating such habits may save you from all sorts of threats.

 

SUMMARY:

Name Wanna Cry Virus
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery Tool Currently Unavailable
Detection Tool We generally recommend SpyHunter or a similar anti-malware program that is updated daily.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.

Remove Wanna Cry Virus


Step1

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. If you want a fast safe solution, we recommend SpyHunter. 

>> Click to Download Spyhunter. If you don't want this software, continue with the guide below.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

malware-start-taskbar

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/




Scan Results


Virus Scanner Result
ClamAV
AVG AV
Maldet

After you open their folder, end the processes that are infected, then delete their folders. 

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.

Step3

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:

msconfig_opt

Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.

Step4

WARNING!
To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!

Step5 

How to Decrypt Wanna Cry Virus files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


  • Andrew Smith

    Wow this virus only took a few hours just to notice and now there are new versions well this is something to follow

     
  • HowToRemove.Guide Team

    They should be removed from the file. Do not forget to save the changes after you delete the unwanted IP’s.

     
  • HowToRemove.Guide Team

    Yes, it is possible. This particular malware spreads via all sorts of methods and most of them are really sneaky and hard to pick before it’s already too late. Anything relatively fishy and shady-looking should be regarded as a potential threat.