More and more users are looking for information about how to remove Ransomware from your computer and it is that this type of infections have multiplied in the last years. This malware focuses on extorting the user by locking his computer.
What is Ransomware?
It is a specific type of malware that infects the computer by taking control of it, so that the user cannot access the content.
The hacker demands a payment from the owner of the computer in order to free the device, but he also does so through deception.
What usually appears is a message supposedly from the police informing the user that their computer has been blocked due to the detection of visiting websites related to terrorism, child pornography, downloading files protected by intellectual property rights or other illegal issues. The message advises that it is necessary pay a certain fine in order to regain control of the computer and avoid higher penalties.
This is obviously a scam. The police from nowhere in the world lock computers remotely if they have detected that a crime is being committed through them, much less requires the payment of a fine online.
The account given for the payment of the alleged fine is a anonymous cashcard that is untraceable.
If a message of this type appears, it is clear that what we should not do is pay anything, since it is a scam.
How to remove Ransomware from your computer
After ignoring the message in which we are asked to pay a certain amount to regain control of our computer, we proceed to eliminate the Ransomware.
Keep in mind that the manual removal This malware can be somewhat complex, so if you have doubts it is better to consult a professional.
First of all we will boot the computer in safe modeTo access this mode, once the computer is starting, press F8 and choose Safe Mode. Once we are in the command prompt we write “Regedit” and press Enter.
Now we look for the following registry values and delete them: ctfmon.exe from the HKEY_CURRENT_USER Registry Software Microsoft Windows CurrentVersion Run
You also have to delete the record HKEY_CURRENT_USER shell Microsoft Windows NT CurrentVersion Winlogon Software, but only if the shell registry value is in HKEY_CURRENT_USER and NOT HKEY_LOCAL_MACHINE.
Once this is done, we restart the system again and perform an analysis of the computer with a antivirus to see if there are any corrupted files.
Ransomware-type malware tends to vary a lot, so it can be difficult to remove it. There are specialized sites that are in charge of analyzing the different samples of this malware that users find in order to warn about it.
Threats to computers and smartphones continue to increase, a good example of this is Godless, one of the most recent viruses that we have been aware of.