Ransomware Removal Guide

Do you know what Ransomware is?

If you become a victim of Ransomware, you can say goodbye to your personal files. As painful as that might be, there is no way out of the mess created by the infection and, let’s be honest, you yourself. If you took care of your operating system and its protection, you would not need to worry about the health of your personal files and the computer itself. Now, all your files are encrypted, and we cannot offer you a solution that would ensure complete decryption. Although the situation is pretty much desperate, you should not let your hand down until you remove Ransomware. This malicious threat must be deleted as soon as possible, and if you read this report till the end, you will learn how to get rid of the ransomware all by yourself.

According to our research team, Ransomware is a variant of the malicious Crysis Ransomware, also known by the name “Dharma.” If you end up utilizing an anti-malware program, depending on the one you choose, the name of the threat could be different too. The execution of this malware is pretty dynamic, and while some users might execute it by opening spam email attachments created specifically for the distribution of malware, others could seem to find no explanation at all. Overall, regardless of how the threat slithers in, the encryption process starts shortly after. Once files are encrypted, they cannot be read, and the “.id-[unique ID].[].vanss” extension is added to their names for quick identification. Even if you remove this extension, the files will remain locked.

After encryption, Ransomware launches a window entitled “” The message represented via this window informs about the files being encrypted and asks to send a unique ID code to The message also reveals that victims are expected to pay a ransom in Bitcoins to have files decrypted, but no specific sum is revealed. In fact, it is suggested that the “price” depends on how fast the victim responds. The message also warns against using third-party software for decryption, and while we would suggest not paying attention to this warning, our researchers did not find any software that would help anyway. The malicious Ransomware also creates “FILES ENCRYPTED.txt” on the Desktop to introduce victims to the same email Ransomware Removal Ransomware screenshot
Scroll down for full removal instructions

You are in luck if your personal files are backed up. In that case, your files – or copies of them – are perfectly safe, and you do not need to worry about loss. Even if that is not your situation, you do not want to waste any time to delete Ransomware. And what about paying the ransom? If you want to waste money, it is your decision. Of course, we do not recommend it. When it comes to removal, it is best for you to employ automated anti-malware software, but you might also be able to delete the threat manually. Our research team created a step-by-step guide (see below) that explains how to remove Ransomware from the Windows operating system manually. Just remember that even if you succeed, you will never be safe until you employ reliable security software and back up your files.

Remove Ransomware

  1. Launch RUN (tap Win+R keys at the same time) and enter regedit.exe into the box.
  2. In Registry Editor, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  3. Delete 3 values representing Info.hta and malicious .exe files with random names.
  4. Exit Registry Editor and then launch Windows Explorer (tap Win+E keys at the same time).
  5. Enter %APPDATA% into the bar at the top to access this directory.
  6. Delete the file named Info.hta.
  7. Delete Info.hta from these directories too:
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %WINDIR%\System32\
  8. Delete a malicious [random name].exe file from the same directories:
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %WINDIR%\System32\
  9. Exit Explorer and then move to the Desktop.
  10. Delete the file named FILES ENCRYPTED.txt (it might have copies too).
  11. Empty Recycle Bin.
  12. Install a trusted malware scanner and run a full system scan.

In non-techie terms:

Anyone dealing with Ransomware is in a sticky situation. If this infection gets in, it encrypts files without any notice. Unfortunately, decrypting files is not possible. Even if you submit to the demands introduced to you by the ransomware creators via the window and the file created, you are unlikely to have your files decrypted. Without a doubt, you might feel torn if you do not have backups and if you cannot decrypt files manually. Unfortunately, paying the ransom is, most likely, a waste of your money. Whatever happens with your files, you need to delete Ransomware ASAP, and we suggest doing that using anti-malware software. Another option you have is to remove the infection manually, which you can try to do using the instructions above.