Petya.a Virus Removal

One particularly nasty virus called Petya.a Virus is what we are going to be focusing on in today’s article. This virus program belongs to a highly dangerous malware type that is referred to as Ransomware due to the fact that it is normally used to blackmail and pressure users into paying a ransom to the hacker who has attacked their PC. What Ransomware uses as leverage in order to blackmail its victims is their own personal files. Ransomware viruses like Petya.a Virus normally use a process called encryption that allows the malware to lock the files of the attacked user making their documents inaccessible without a specific key. This key is the object of the blackmailing scheme and it is said that if the user makes the ransom payment, the would be sent the said key. However, it ought to be noted that in reality, oftentimes users might actually not receive the means to unlock their data even after they pay the requested money. After all, people who use Ransomware are criminals that cannot be trusted and there’s simply no way of knowing whether or not you are going to get your data unsealed even after you make the money transfer. With this in mind, we have developed a guide, which could potentially help some of our readers, who have already been attacked by Petya.a Virus. There are instructions on how to get rid of the virus as well as on how to recover the encrypted data. Bear in mind that our instructions aren’t universal and might not help each and every one of you that are currently dealing with the malicious Ransomware. Nevertheless, giving our guide a try costs nothing and is much safer and more preferable in contrast to giving in to the demands of an anonymous hacker.

Things that make Ransomware a worldwide issue

It’s no secret that malware programs the likes of Petya.a Virus are presently some of the worst forms of malware that one can have the misfortune of encountering. One main reason for that is the fact that a typical Ransomware virus would normally be able to stay under the radar during the process of encrypting the files that it has targeted on the infected PC. What makes this possible is that most conventional antivirus tools are rather ineffective against this sort of threats. Since the encryption that is being used on the files doesn’t harm anything (neither the files, nor the PC system), most antiviruses won’t be triggered and won’t detect that there’s anything unwanted going on with the computer. Another thing that makes Ransomware particularly sneaky and stealthy us the overall lack symptoms. At times, during the encryption process, there might be CPU and/or RAM spikes which could lead to a slight system slowdown or the free physical memory of the PC might seem slightly decreased but those are relatively difficult to notice especially on more powerful computers.

One other thing worth mentioning here is that the removal of a Ransomware virus would not solve the whole issue. Once the files have been encrypted, it is irrelevant for their restoration whether the virus remains on the PC or not – even after the malware program is removed, the locked data would stay that way until additional measures to unseal the files are undertaken. However, it is still important to remember that before any actions are taken towards the recovery of the locked-up data, the virus must still be removed so that it won’t be able to re-encrypt anything that gets potentially unlocked.

How to protect your computer against viruses of the Ransomware type

The easiest way to deal with a potential virus threat such as Petya.a Virus is to take the necessary measures that would allow you to keep your machine safe and secure. This includes being careful when browsing the internet, having a reliable anti-malware tool at your disposal, having your operating system fully updated as well as backing up your important personal data on a regular basis. All of this must be done in order to provide your machine with the best protection possible against not only Ransomware but other types of viruses as well. Bear in mind that there are a lot of different ways through which Petya.a Virus can infect your PC. It could come from a spam e-mail or from some misleading, shady browser advert. Additionally, Trojan horses are oftentimes used to infect computers with Ransomware, which is also the reason why it is still essential that you have a good, high-quality antivirus program on your computer. All in all, if you truly wish to keep your personal files and documents safe and accessible, you should really try to stay away from any potential online threats and hazards.

Petya.a Virus Removal

Prior to starting to execute the steps from the guide, we advise you to either bookmark this page or open it on a separate device since throughout the process of completing the guide, you might need to exit your browser.

1: Using Safe Mode

Restoring basic Windows functionality
Before you are able to remove the Petya.a Virus from your computer you need to be able to access it in the first place. Since the ransomware will prevent Windows from booting itself your first job is to repair the Master Boot Records (MBR) of your drive.
To do that you’ll need your original Windows OS DVD (or an USB bootable drive for advanced users)
  1. Insert the DVD (or the USB) into the computer, then run the computer and choose to boot the OS from the DVD/USB. You may have to change Windows boot priorities from the bios by pressing Del
  2. When Windows boots from the DVD/USB select Windows Repair
  3. Open the Command Prompt and write the following commands inside:     enter: bootrec / fixmbr, bootrec / fixboot and bootrec / rebuildbcd
  4. Your Windows OS should now be able to boot normally. You can proceed with the removal of the virus as usual.

2: Spotting the process

Open your Task Manager using the Ctrl + Shift + Esc key combination. Next, go to the processes tab and carefully look through the list for any shady entries. Usually, malicious processes will be consuming large amounts of CPU and RAM and will either have no description or will have a suspicious-looking one.

Once you identify the virus’ process, right-click on it and select Open File Location. Delete everything in the folder that opens if you are sure that the process was malicious. If you are not sure, contact us in the comments.

Go back to the Task Manager and end the potentially harmful process.

3: Hosts file IP’s

Go to your start menu and in the search field, paste the following address: notepad %windir%/system32/Drivers/etc/hosts. Select the first result and look at the bottom of the newly opened notepad file. See if there are any IP’s below “Localhost” and tell us in the comments if there were any IP addresses. 

4: System Configuration Startup Programs

Type System Configuration in the Windows search bar and open the first result. Go to the Startup tab and take a look at the list of startup programs (on Windows 10, the Startup programs can be seen in the Startup Section of the Task Manager). If any of them look shady or have unknown manufacturer or a manufacturer with a sketchy name, uncheck those entries and click on OK.

5: Registry

Open the Run window (WinKey + R), type regedit and press Enter. Once the Registry Editor opens, press Ctrl + F and type the name of the virus. Select Find Next and delete whatever gets found that has the virus’ name. Do that with all search results.

6: Deleting potential virus files

Open the Start Menu and separately type each of the following locations: %AppData% %LocalAppData% %ProgramData% %WinDir% %Temp% . Open each of those folders and sort their contents by date. Delete the most recent files and folders. When you open the Temp folder, delete everything in it.

About the author

Adrian Bitterson

1 Comment

  • Hello,

    that solution doesn’t work – it says “Total identified Windows installations: 0”
    Any ideas?

Leave a Comment