Monday, May 12, 2014

How to Decrypt Files from CryptoWall - Remove CryptoWall


Screenshot of CryptoWall:



Brief introduction about CryptoWall:

CryptoWall is an irritating computer virus which belongs to the ransom-ware family.Once it gets into the target PC, CryptoWall infection encrypts files by renaming them into DECRYPT_INSTRUCTION.HTML, DECRYPT_INSTRUCTION.TXT, and the DECRYPT_INSTRUCTION and pops up the message which claims that in order to get the key to decrypt files you need to 500 US dollars. To further scare computer users, this nasty virus also sets a limited time.

However, only a few of victims are lucky and get their data back after paying the virus, most victims lost both their files and money. As there is little decryption possibilities and no guarantee whether your files will be encrypted or not after the paying, it is recommended that you do not pay the virus.

While, to protect another files from being damaged and infected, you should remove CryptoWall  virus from your system as soon as possible. Otherwise, you will not only put your files into a dangerous situation but also give the virus a chance to mess up your pc. CryptoWall  virus will cause the poor running speed, windows freeze, unstable internet connection and many other kinds of PC issues as time pass by.

Follow the manual removal guide and video as below to get rid of this nasty computer virus right now.

Video on how to remove CryptoWall:




CryptoWall manual removal guide:

Step one: Disable any suspicious startup items that are made by infections.

Press Ctrl+Alt+Delete or Ctrl+Shift+Esc >> Click Task Manager >> More details >> Startup tab >> click on the items that added by the virus >> Click Disable

 


Step two: Show hidden files and folders in win 8.

1.Start screen >> Control Panel >> Appearance and Personalization >> Folder Options

 

 2. The Folder Options box pops up >> Check Show hidden files, folders, or drives >> Apply

 

Step three: End all the harmful Processes in win 8:

Press Ctrl+Alt+Delete or Ctrl+Shift+Esc >> Click Task Manager >> Right click all the harmful Processes >> End task
 

Note: If you want to check the background processes, please click More details. Click the processes you want to end, and click End Task.

Step four: Search the infected PC to find out all the malicious files as below and then delete all of them:
 
%AppData%\<random>.exe
%CommonAppData%\<random>.exe
C:\Windows\Temp\<random>.exe
%temp%\<random>.exe
C:\Program Files\<random>



Step five: Remove vicious registry entries of the virus:

1.Press Win+R to activate the Run window >> Type “regedit” or “regedit.exe” to the search bar >> Click “Ok” if you are asked if you want to open Registry Editor

 

2.Find out all the harmful keys, right click them and Delete.


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wpm
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe


CryptoWall automatic removal guide:

 

Step one: click here or the icon below to download automatic removal tool SpyHunter

 
http://www.pcresolvers.com/spyhunter.php

 

Step two: follow the instructions to install SpyHunter

 



 

Step third: run SpyHunter to detect and automatically uninstall CryptoWall

 


There may be some other issues such as windows registry errors in your system. To avoid potential risk and to ensure your computer security, you are suggested to use RegCure Pro to optimize your system after CryptoWall removal.

 

Step four: click the icon below to download RegCure Pro

 
http://www.pcresolvers.com/regcure.php

 

Step five: follow the instructions to install RegCure Pro

 




Step six: run RegCure Pro to optimize your computer


Note: If the manual steps are complicated for you to go through CryptoWall removal, you could feel free to download SpyHunter to uninstall CryptoWall program automatically.





3 comments:

anergos said...

OK VIRUS IS REMOVES BUT HOW DO I BRING MY FILE SBACK. FOR EXAMPLE, I HAVE A FILE NAMED ABC.JPG, I TRY TO OPEN IT AND THE MESSAGE IS THAT THE FORMAT IS NOT RECOGNIZED ETC. THERE MUST BE A WAY TO DECRYPT-RECOVER...SOMETHING---THE FILES. IT IS GOT TO BE. BUT...WHA IS IT. ANYONE?

Antonio Cardoso said...

Everyone is tell us the same, how to remove virus,...that is easy. The dificult part is...to recover the files, nobody can do it, so change the title of this subject "How to Decrypt Files from CryptoWall "!
I will keep on, working, on decrypt the files.

Kevin Coe said...

The only way to recover your files are:
1) pay the ransom, and pray that it works (I've heard of people that pay and got it fixed, and I have heard of people paying and not getting fixed)
2) recover the file with MS VSS if it was enabled
3) restore file from backup (tape, disk, etc..)

Post a Comment