Remove WannaCry ransomware From Your Windows PC

 

Are your all important files slowly and gradually getting decrypted by WannaCry ransomware? Are you asked to pay an extortion amount to get access to your own data? If these situations prevails in your computer system then you need to go through this article for assistance. This article will provide you complete information about the removal of WannaCry ransomware.

Threat Summary

Name WannaCry ransomware
Type Crypto Ransomware
Detected On 12th May, 2017
System Affected Windows PC
Symptoms Encrypts files and demand ransom to provide decrypting tool
Evil-effects Keeps encrypting files if you don't pay the ransom, makes file completely inaccessible
Encryption Technique RSA
Ransom Amount $300-$600 in Bitcoins

 

Short Explanation Of WannaCry ransomware

WannaCry ransomware is a data locker ransomware which encrypts your important data and makes it completely inaccessible to you. It encrypts the file using RSA algorithm and append the file encrypted with the extensions .wcry, .wncryt or .wncry. After the successful encryption it drops a text file in each targeted folder with the name as @[email protected] or Please Read Me!.txt and shows a ransom note in a program window which is known as Wanna Decrypt0r. The ransom amount varies from $300 to $600 in a Bitcoin wallet address.

WannaCry ransomware is also known as WannaCrypt0r or WannaDecrypt0r which evolved on May 12, 2017. It spread in about 150 countries and had affected large number of computers across the globe within a minimum period of time. It aims at those Windows computers which are outdated. WannaCry ransomware has recently attacked Boeing which is the world's largest aerospace company. The most affected sector which has suffered a lot due to WannaCry ransomware is health-care.

How WannaCry ransomware Attacks your PC?

WannaCry ransomware generally invades your PC through spam emails messages or attachments to an email. Spam email messages are those mails which produces immense aggression inside the user to know about the information which resides inside the email. The spam developer make advantage of your nature of greed by attaching a corrupt executable file to the email message which contains WannaCry ransomware. As you open the attached file the ransomware infiltrates into your computer system at the mean time. There are some other ways of infiltration which can be opted by this ransomware like peer-to-peer sharing of data over networks, freeware, visiting some suspected sites.

 

What Are The Ill-Effects Of WannaCry ransomware?

There are several Ill-effects of WannaCry ransomware. Some major effects which can lead to severe damage to your files in the computer system are listed below:

  • It continues to encrypt your file in the PC until you pay the ransom.
  • It can make your data permanently inaccessible even if you pay the ransom.
  • It can steal your personal data like credit card or debit card details if you opt the option to pay the ransom electronically using your personal debit and credit cards.

How To Remove WannaCry ransomware From Your PC?

You must not pay the ransom amount demanded to get the decrypting tool as this behavior of your's will certainly boost up the spirit of the cyber criminals and they will again perform such dubious activities. So you should use some software which should be among the best ransomware removal tools to scan and wipe the WannaCry ransomware out of your PC.

Free Scan your Windows PC to detect WannaCry ransomware

rmv-notice

Remove WannaCry ransomware From Your PC

Step 1: Remove WannaCry ransomware in Safe Mode with Command Prompt

  • First of all disconnect your PC with network connection.
  • Click restart button and keep pressing F8 key regularly while system restart.

F8-keyboard

  • You will see “Windows Advanced Options Menu” on your computer screen.

Windows Advanced Options Menu

  • Select “Safe Mode with Command Prompt” and press Enter key.

safe mode with command promt

  • You must login your computer with Administrator account for full privilege.

daver

  • Once the Command Prompt appears then type rstrui.exe and press Enter

picture6

  • Now follow the prompts on your screen to complete system restore.

Step 2: Remove WannaCry ransomware using MSConfig in Safe Mode:

  • Power off your computer and restart again.
  • While booting press the “F8 key” continuously to open “Windows Advanced Options Menu”.

F8-keyboard

  • Use the arrow keys to select “Safe Mode” option and press Enter key.

Safe mode

  • Once system get started go to Start menu. Type “msconfig” in the search box and launch the application.

msconfig01

  • Go to the Startup tab and look for files from %AppData% or %Temp% folders using rundll32.exe. See an example below:

C:\Windows\System32\rundll32.exe C:\Users\username\appdata\local\temp\regepqzf.dll,H1N1

  • Disable all the malicious entries and save the changes.
  • Now restart your computer normally.

Step 3 : Kill Malicious Process Related To WannaCry ransomware

  • Press Alt+Ctrl+Del buttons together.

ctrl+alt+del

  • It will open the Task manager on your screen.
  • Go to Process Tab and find WannaCry ransomware related process.
  • Click the End Process Now button to stop the running process.

Step 4 : Remove WannaCry ransomware Virus From Registry Entry

  • Press “Windows + R” key together to open Run Box.

Win+R

  • Type “regedit” and click OK button.

Type-regedit-to-open-registry

  • Find and remove WannaCry ransomware related entries.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Now hopefully you have completely removed the WannaCry ransomware virus from your computer. If you are still get ransom message from the threat or unable to access your files, then it means that virus still remain into your computer. In such situation you don’t have any other option except removing this virus using any powerful malware removal tool.

Whereas if you have any backup of your infected or encrypted files, then you can also reinstall your Windows OS. This will erase all your files and data as along with the WannaCry ransomware infection. You will get a completely empty computer system with no files. Now you can use your backup to get your files. If you don’t have any backup then using malware removal tool is a better option for you.

freescan1

If you have any query or question regarding your computer, then you can easily ask your problem to our experts. Go to the Ask Any Question page and get the answer for your query directly from out experts.

footer-1

Skip to toolbar