WannaCry Virus Ransomware Removal (+File Recovery)


How irritating is this virus?

This page aims to help you remove WannaCry Virus for free. Our instructions also cover how any WannaCry Virus file can be recovered.

Ransomware is a type of malicious software that is known to either lock the infected PC or encrypt the personal user files that are stored on it and demand a ransom payment from it victim if the latter wants to regain access to their computer or files. Today, we will be focusing on one particular piece of malware that falls under the Ransomware category. It’s name is WannaCry Virus and though it has been recently released, the number of computers that have already fallen prey to it is quite significant. The goal of this article is to acquaint its readers with the main characteristics of WannaCry Virus and the Ransomware viruses in general. Note that one of the main reasons why this type of harmful software is so successful has to do with the fact that the a lot of users lack the necessary knowledge that is needed to successfully fend off any potential Ransomware attacks.

The two main Ransomware types

As we stated in the article’s introduction paragraph, if a Ransomware virus infects your computer there are two options: it can either lock your computer and prevent you from being able to do anything on it or separately lock each of your personal files via a method known as encryption. The first type of Ransomware viruses – the ones that directly lock your PC, are generally considered to be less advanced (with a few exceptions). Most of them simply display a big banner on your screen that hides everything from folders and programs to the Start Menu and the Task Manager. However, those are generally easier to deal with and as soon as the malicious program is gone, your PC will be back to normal.

Unfortunately, if your machine has been attacked by WannaCry Virus, then you are dealing with a so-called crypto-virus – Ransomware that uses encryption to lock the personal files that are on the PC. Here, it is important to note that if the virus manages to lock your files, even if you succeed in removing the infection, the data will remain locked. The only way to unlock the files is through a specific key. Obviously, the hacker wants you to pay for that key if you want to regain access to your files. We advise you not to go for that. Remember that even if you send the money to the virtual criminal, the latter might still not send you the decryption key. For that reason, we have done our best to provide our readers with a removal and decryption guide for those of you who have had their files locked by WannaCry Virus. We ought to mention, though, that the effectiveness of the guide is not guaranteed and whether it helps you or not really depends on the specific situation you’re in. Still, we believe that opting for our guide is much preferable when compared to sending money to anonymous cyber-criminals.

Detection issues

Obviously, if it were easy to detect Ransomware, it would not have been such a global software issue. We regret to inform you that in order to spot a Ransomware infection one needs to be both very vigilant and also very lucky. First of all, keep in mind that most antivirus programs are incapable of spotting an attack by this type of malware (especially if it is a newer virus version). The reason for that is the fact that typical Ransomware does not cause any actual harm to either the computer or the files that are on it. Furthermore, the encryption method used by crypto-viruses like WannaCry Virus is actually not inherently hazardous. It is a very popular data protection technique and most security programs do not see it as a threat even if it is being executed by nasty Ransomware. Still, there are certain security applications that claim to detect incoming Ransomware attacks but you should know that no antivirus program is flawless and in addition to that, hackers always seem to be a step ahead of the developers of protection software.

Secondly, know that most of the symptoms that are caused by this type of virus are quite subtle and most users are unable to notice them. Still, what one should generally expect from a Ransomware attack is an increase of RAM and CPU time that is used on the PC as well as a reduction of the free HDD storage space that seems to have occurred for no visible reason.

Computer security

The tips provided below are crucial for the future security and protection of your computer and personal files against dangerous malware viruses the likes of WannaCry Virus. Be sure to read them carefully and remember them for future reference.

  • One of the most important rules when it comes to maintaining a safe PC is to be responsible when browsing the Internet. Many people land all sorts of malware just because they are not careful with what sites they visit and what they click on when using their browser.
  • Another important factor that needs to be taken into consideration is the fact that online spam is everywhere and it is oftentimes used to carry dangerous threats such as Ransomware. Generally, it is easy to recognize spam when you see it – all that it takes is a little vigilance and thoughtfulness.
  • Backing up your data is essential when talking about anti-ransomware precautions. If you do not have a back-up of your important files and only have them stored on your computer’s hard drive, make sure to back them up ASAP (unless your machine is already infected by WannaCry Virus).
  • Last but not least, make sure that your firewall is turned on at all times and that your machine is equipped with a reliable security program. A common Ransomware distribution method is the use of Trojan horses. Having your firewall enabled and a reliable antivirus program installed will greatly increase the protection of your machine against Trojans.

SUMMARY:

Name WannaCry
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms There aren’t many symptoms that Ransomware viruses cause. The most usual one is increased consumption of system resources such as CPU time, HDD space and virtual memory.
Distribution Method Illegal and harmful websites, Trojan horse viruses that allow the Ransomware to get inside the PC, spam messages, etc.
Data Recovery Tool Currently Unavailable
Detection Tool We generally recommend SpyHunter or a similar anti-malware program that is updated daily.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.

WannaCry Virus Ransomware Removal


Step1

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. If you want a fast safe solution, we recommend SpyRemover Pro. 

>> Click to Download SpyRemover Pro. If you don't want this software, continue with the guide below.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

malware-start-taskbar

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/




Scan Results


Virus Scanner Result
ClamAV
AVG AV
Maldet

After you open their folder, end the processes that are infected, then delete their folders. 

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.

Step3

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:

msconfig_opt

Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.

Step4

WARNING!
To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!

Step5 

How to Decrypt WannaCry Virus files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!