TowerWeb Ransomware Removal Guide

Do you know what TowerWeb Ransomware is?

If you are a rather careless user, e.g. download software from unreliable sources, surf questionable websites, and, most importantly, tend to open spam emails, it is only a question of time when you encounter TowerWeb Ransomware. This ransomware infection is a new serious infection that might enter the computer without permission. It has been found that it has several different versions, and you might encounter any of them. All these versions are very similar, i.e. they all try to convince users that all their files are encrypted and put a message in full-screen that does not allow users to access Desktop, including the Start menu, programs, and files, and only the email (e.g. and used in these messages as well as the sum of money the threat asks to pay might differ. Yes, the main goal of TowerWeb Ransomware is to obtain money from users, so it enters computers, puts the message on Desktop, and performs other activities to convince users to pay money. Unfortunately, there are some users who are willing to do that because they cannot access their Desktops and use their computers. Even though the ransom TowerWeb Ransomware asks is not very huge, if compared to sums of money other ransomware infections ask, you should still not do that as it is possible to remove the message from Desktop by tapping Alt+Tab simultaneously. Of course, you still need to delete the ransomware infection from your computer fully because it will keep restarting your computer and deleting files. Also, it will launch after the system reboot and then will put an irritating message on your screen again.TowerWeb Ransomware Removal GuideTowerWeb Ransomware screenshot
Scroll down for full removal instructions

Our team of specialists has managed to find out that none of the versions of TowerWeb Ransomware encrypt files even though they all say that files have been encrypted and users need to pay a ransom to unlock them. Below are provided excerpts from messages TowerWeb Ransomware might set:



Your computer files have been crypted and moved to a hidden encrypted partition of your computer. Without the decryption password you will not get them back. No matter what you do the files will not re-appear and be decrypted until you pay.

Once payment is received you will get the decryption password and simple instructions to restore all your files and computer to normal instantly. Email us if you need assistance or have paid.



Your computer files have been encrypted and moved to a hidden ENCRYPTED partition in your computer.

You must pay $100 USD within 24 hours or $150 after 24 hours in Bitcoins to get them back. After 72 hours all files will be deleted including your operating system.


As you already know, this ransomware infection says that users need to pay a ransom to unlock their computer and files. Unfortunately, some users believe that it is the only way to get rid of TowerWeb Ransomware, especially when they notice that the computer is restarted every 60 seconds and the pop-up, which appears before the restart, informs them that they can solve this program only if they pay money.

You should not believe any word written in the ransom note covering your screen because it only seeks to scare you and lure you out of money. Also, you should know that you can stop these annoying system restarts without paying money by tapping Win+R and entering the command shutdown -a. What is more, specialists suggest that you do not send money also because this will not help you to recover files. Specialists have found that this infection might delete several files from %USERPROFILE% and %TEMP% directories every time the computer is restarted. As we have already told you, there are versions of TowerWeb Ransomware that do not do anything (only put a message on Desktop) as well, so you should tap Alt+Tab and check your Desktop. If your files are gone, we suggest that you use a data recovery tool you can download from the web after you erase TowerWeb Ransomware. In case you notice your files in their original places, you should not do anything but just erase the infection from the system.

It is clear that all ransomware infections enter computers illegally. In the case of TowerWeb Ransomware, this computer infection usually enters computers the moment users open spam email attachments. These attachments usually look like harmless .pdf and .doc documents, so people open them without fear and make a huge mistake. You might be exposed to serious computer infections, including ransomware, if you download programs from file-sharing and similar third-party websites too, so we suggest being careful all the time. If you are sure that you cannot protect your system without any help, you should let an automatic tool do this job for you.

The system restart will not help you to get rid of TowerWeb Ransomware because this computer infection creates the Value in HKCU\Software\Microsoft\Windows\CurrentVersion\Run to launch itself again after the system restart. Therefore, we suggest erasing it from the computer fully instead of trying to find another way to disable it. Below the article you will find the manual removal instructions that will help you with the removal process. You should also know that you can erase the ransomware infection automatically.

Remove TowerWeb Ransomware

  1. Tap the Windows key + R simultaneously.
  2. Type shutdown -a in the box and click OK.
  3. Tap Ctrl+Shift+Esc simultaneously.
  4. Click on the Processes tab to open it.
  5. Locate the process of the ransomware infection (its name is the same the malicious file has).
  6. Right-click on the process.
  7. Select End Now.
  8. Close the Task Manager and tap Win+R again.
  9. Type regedit.exe in the box. Tap Enter.
  10. Move to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
  11. Right-click on the Value, e.g. My App and select Delete.
  12. Find and delete the malicious file from the system.
  13. Empty the recycle bin and reboot your computer.

In non-techie terms:

If TowerWeb Ransomware has managed to enter your computer, it is very likely that other infections are installed too and now are silently performing activities without your knowledge. You can find out whether they are really there by scanning the system with an automatic scanner, e.g. SpyHunter. If the scanner finds anything, delete those untrustworthy programs as soon as possible in order not to experience security-related problems again.