Petya Ransomware Virus Removal

Welcome to our Petya Ransomware removal instructions. This article intends to help you remove Petya Ransomware from your system and is designed to work for all Windows versions.

We have received a lot of complains about “ransomware entfernen”, showing that our readers from Germany have been predominantly affected. It turns out you should be careful with a file named “bewerbungsmappe-gepackt.exe”. According to statistics, a certain type of virus is blowing up these recent years. Not only that, but the most popular instances of it have made millions of dollars for the developers. You may or may not know its name, but you can already guess that Petya Ransomware is of the same type. In this article we shall educate you on this new danger that has been rising in numbers. While you could just skip to the uninstall instructions for Petya Ransomware written below, we highly recommend you don’t skip on the following paragraphs. Reason being is that it’s imperative you know what you’re dealing with before you actually start doing anything. There’s a chance you can damage your system if you do something wrong. You should however look for the file named “bewerbungsmappe-gepackt.exe” and delete it immediately.

Petya Virus
Petya Ransomware Virus

The software in question is the so called ransomware. Just by looking at the name one can form a relatively accurate assumption on what it does. As for the etymology of the word, it is made out of two parts. The second half “ware” is usually used at the end of any word that describes a type of software. The first half is what sets this one apart. Ransom works not only for hostages in real life, but also for taking PCs as ones in the virtual space. You’d be surprised at how effective it is too. Petya Ransomware uses various methods to achieve the same goal, to extract as much money from as much people as they can without being noticed or much less apprehended by the law authorities. So the question about “ransomware entfernen” becomes even more pertinent.

How is Petya Ransomware distributed?

Petya Ransomware is distributed in the form of a payload hidden inside a Trojan virus. You might be wondering why this is the case. In particular the file believed to be gulty for spreading the Petya Virus is “bewerbungsmappe-gepackt.exe”. Well, as you may or may not know Trojans are one of the most popular way to infect multiple computers over a short time span. Its name isn’t just for show after all. A user can get infected by a Trojan by downloading virtually anything. It takes experience and knowledge to differentiate which downloads and websites to avoid in hopes of preventing an infection. Even so, this is not a guaranteed way to prevent an infection and Trojans can be located even in downloads you thought were secure. You can never be too safe, so its recommended you have some sort of an anti-virus or removal software to deal with these threats.

How Petya Ransomware Operates?

When it finds itself inside your PC, it begins preparations. It firstly starts securing itself inside your OS by creating as much copies as it can, hiding in the deepest reaches of your file system. At this point, it is safe to being deployment of its payload. In other words, it releases the contents it carries. Sometimes it downloads them silently instead from a remote server. When the payload is set up, in our case Petya Ransomware, the real infection begins. Usually most ransomware encrypt your files with a powerful algorithm. Often it’s 128bit AES, but can vary a lot. The more bits the algorithm has, the more powerful and unbreakable it is. 128bit is hard enough to be impossible for normal systems. Any encrypted file with this algorithm is essentially unrecoverable, unless you revert your entire Operating System to a previous restore point or backup. That’s why it’s important to catch it while it’s still busy encrypting. Usually high CPU usage is one of the signs of this event being in progress.

If it successfully finishes its deployment, it often displays some sort of threatening message with the sole purpose of scaring you and causing you to panic. At that point you might be inclined to pay the requested sum of money to the developers just to get it fixed in a fast manner. Do not be fooled! These people will only get motivated even more if you complete their request. There’s also no chance that you won’t get infected by the same software after some time passes. You also contribute to helping spread even more instances of Petya Ransomware to other people. Instead of paying them, it’s a much smarter chance to try our removal instructions outlines below. You also have the even easier option of downloading our removal tool to uninstall the ransomware.

Threat Petya Ransomware
Classification Ransomware
Security Alert
High. Very dangerous, high might be understating it.
Negative Effects Encryption of your personal files.

Petya Ransomware Virus Removal

IMPORTANT!!!

It appears this Ransomware Virus is of the screen-locker type. What this means is you will first need to do some preparations before you can actually log-into your OS and start removing the virus. Also although the people behind Petya Virus claim it uses a RSA-4096 and AES-128 encryption it is entirely possible that this is just a front. As of right now it is not entirely clear whether the Petya Ransomware Virus actually does anything more than lock you out of your device. To fix this please follow these instructions.

Preparation: You need to repair the Master Boot Records of your PC. In order to do that you will need the Windows installation CD. Once you put it in your DVD drive, select the boot Windows from CD/DVD option. Once Windows boots from the CD/DVD select Windows Repair. Now you will need to open the Command Prompt. On most Windows OS versions you can do that by typing Command Prompt in the Search Field and clicking on the corresponding action. If you are running on a Windows 10 though, you can do that by opening Start Menu => All apps=>Windows System=> locate Command Prompt. Once you run it you need to do the following:

Type bootrec / fixmbr and hit enter.

Type bootrec / fixboot and hit enter.

Type bootrec / rebuildbcd and hit enter.

You can now reboot your system and proceed with the removal of Petya Ransomware Virus.

Step 1

Reveal Hidden Files. If you don’t know how to do this, ask us in the comments.

Step 2

Start Button => Search=> Copy/Paste “notepad %windir%/system32/Drivers/etc/hosts” => Enter.

Hosts File

If you notice other IPs different from the localhost IPs – you might be in danger!

Localhost IPs

Ask for additional help in the comments.

Step 3

Right click on the Taskbar => Start Task Manager.

Start Windows Task Manager

Navigate to Processes.

Processes in Task Manager

Locate any suspicious processes associated with Petya Ransomware. Right click on the process = > Open File Location => End Process = > Delete the directories with the suspicious files.

Step 4

Start Button => Search => Type:

  • %AppData%
  • %LocalAppData%
  • %ProgramData%
  • %WinDir%
  • %Temp%

Type in Search

Hit Enter after each new search. Check each Folder and delete recent entries.

Step 5

Get Your Files Back!

The only way you can do that is by backpedaling to a moment when you were not infected. You can achieve this in one of two ways:

  • System Restore. Start Button => Search field => Type System Restore => Enter.
    Choose a Restore Point.
    Restore Point
    Click Next until the process has been completed.
  • Google and Download a Program called ShadowExplorer. Install and open it => Choose the Drive letter (C:, D:, F:, etc.) and date you want to restore information from => Right click on the files you want restored => Export.

If you run into any trouble – ask us for help in the comments section!

SHARE
Previous articleBlock WordPresscore.com Referral Spam in Google Analytics
Next articleFrom Around The Web Ads Removal
Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded MobileSecurityZone.com , a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people. In his off time he is an avid book reader, occasional PC gamer and affectionate football spectator. Daniel would hardly begrudge anyone who might call him a computer nerd, yet this might be just the thing one needs in case of a security issue.
  • Quartermaster

    The new systems that I have bought in the last 2 years have not had Windows installation DVDs included. What then?

    • Hello,

      So you don’t have any Windows CD/DVD? We suggest you contact the vendor you have bought your system from.