Do you get a popup at Windows startup saying “You have become a part of large community CryptoWall” ?
Hello! It’s P&T IT BROTHER. Today, we are going to let you know how to get rid of the CryptoWall thing! What is CryptoWall and what does it do ? CryptoWall is a Ransomware Trojan, and the main thing it does on your computer is encrypting your personal files. (in easy word, it locks your files so you cannot open them) When your computer is infected with this CryptoWall, you will notice that many of your personal files are encrypted. How to get your files back ? If you follow the instruction on the popup, IT WILL ASK YOU TO PAY MONEY FOR DECRYPTION! (in easy word, unlocking the locked files) This CryptoWall may infect Windows 10, Windows 8, Windows 7, Windows Vista, and Windows XP.
How to get rid of this CryptoWall from my computer ?
Let’s get rid of it first. For better removal, let’s boot your Windows in “Safe Mode”
For Windows 10 & 8
- Restart your PC. When you get to the sign-in screen, hold the Shift key down while you select Power > Restart.
-
After your PC restarts to the Choose an option screen, select Troubleshoot > Advanced options > Startup Settings >Restart.
-
After your PC restarts, you’ll see a list of options. You need to use the Internet to download Malwarebytes Anti-Malware program. Select 5 or F5 for Safe Mode with Networking.
- When you are in “Safe Mode”, open a web browser (like Google Chrome, Edge, Internet Explorer, Mozilla Firefox) and go to: https://www.malwarebytes.org/
- Download the free version of Malwarebytes.
- Scan your computer and remove everything it detects.
- In Windows Search, type “task manager” and click “Task Manager“
- Under “Startup“, disable anything that are unusual or have unknown Publisher(or manufacturer). Not always, but typically, malware has unknown publisher(or manufacturer). Or disable anything like the picture below.
- Restart your computer.
For Windows 7 & Vista & XP
- Turn on your computer.
- Before you see Windows logo, rapidly hit “F8” key until you see Advanced Boot Options.
- Choose “Safe Mode with Networking” You need to use the Internet to download Malwarebytes Anti-Malware program.
- When you are in “Safe Mode”, open a web browser (like Google Chrome, Edge, Internet Explorer, Mozilla Firefox) and go to: https://www.malwarebytes.org/
- Download the free version of Malwarebytes.
- Scan your computer and remove everything it detects.
- In Windows Search, type “msconfig” and click “msconfig” utility.
- Under “Startup“, disable anything that are unusual or have unknown Publisher(or manufacturer). Not always, but typically, malware has unknown publisher(or manufacturer). Or disable anything like the picture above.
- Restart your computer.
How do I recover my encrypted files & pictures !
When you go to your personal folders like Documents, and Pictures, if you see “HELP_YOUR_FILES” files, that means all the files in that folder are encrypted. Now, we need to get your files back. We are going to use a program called “ShadowExplorerPortable” Using this program, we have a chance to copy your files from your previous(older) Windows status. This does not guarantee 100% success, but let’s try!
- Download the “ShadowExplorerPortable” by click the link: Download ShadowExplorer-0.9-portable
- Unzip the file, and inside the unzipped folder, run “ShadowExplorerPortable.exe“
- Look at the top-left of the ShadowExplorer, and choose a drive that has encrypted files.
- Next to the drive drop down menu, there is a drop down menu where you can choose your older Windows state.
- See if you have a previous Windows status before you get the CryptoWall.
- If there is, choose that Windows state.
- Now browse the personal file location.
- If you found your original folders and files, then select them and do a right-click.
- Click “Export“
- Create or choose a location where you want to save the recovered files.
- Click “OK” and wait until it finishes exporting.
- Go to the selected location and check if your files are recovered.
Thank you for reading! We hope all of you got rid of the CryptoWall!, and don’t forget to install an antivirus program on your computer if you don’t have one. 😀 😀 😀