SpyHunter Protect Your PC!

Friday, February 27, 2015

Infected by TeslaCrypt and Files Encrypted - What to Do?

 "TeslaCrypt infection!!! A message popping up on the screen and it says that all my important files are encrypted and it asks for $500 to get the private key for decrypting files. Is it ture? What should I do?"

Overview of TeslaCrypt

TeslaCrypt is a ransomware that created abd released by cyber criminals who want to rip innocent users off by scaring them to pay for encrypted files decryption. Promoted by some certain free download and fake update, this new ransom virus can get its infiltration to systems easily.

TeslaCrypt, after altering relevant files and settings of the affected system, searches for your important files, maybe compresses them as a file with password protection, or encrypts each single file. Every time you try to open your document, you will greeted by a warning message telling you that you need to pay and get the code to find your files back.

As for those encrypted files, is there a real decrpter available for infected users to get their corrupt files back? It is really questionable. Facts have been proved that some users pay for those blackmail, but they still have their files encrypted. So it is not advised to pay the money with ease. You are supposed to remove TeslaCrypt without hesitation.

Get Rid of TeslaCrypt Effectively

Plan A: Ransom virus manual removal

1) Reboot your computer into Safe Mode with Networking

2) Disable malicious Startup item.
a. Hit Win+R Keys, type msconfig in the Run box and press OK.
b. Go to Startup tab and then find out TeslaCrypt related item, disable it.

3) Show hidden files.
a. open Control Panel from Start menu and search for Folder Options;
b. under View tab to tick Show hidden files and folders and non-tick Hide protected operating system files (Recommended) and then click OK;

4) Search for associated files and remove.
%UsersProfile%\Application Data\Comcast \crytowall .exe
%UsersProfile%\Application Data\RANDOM 

5) Delete all entries created by the Ransomware

(Hit Win+R keys and then type regedit in Run box to open Register Editor.)
HKEY_LOCAL_\MACHINE\SOFTWARE\MicrosoftWindows\NTCurrentVersion\Winlogon\uninstall cryptowall 

6) Reboot your computer normally to check with the effectiveness.

Video Guide for Ransomware Removal (Reference)


(Should you run into any puzzle that blocks your process, you could download automatic removal tool for professional assistance.)

Plan B: Ransom virus automatica removal

1) Download removal tool SpyHunter


2) Install SpyHunter after downloading

3) Run SpyHunter and start a full scan

  spyhunter3 scan

4) Clean all detected items by clicking the built-in "Fix All" button.

Specially Suggest: 

TeslaCrypt is such an annoying ransomware that should be deleted without hesitation. Hope the manual tips could walk you through the removal process. Should you run into any puzzle, to avoid unwanted damage, you are sincerely suggested to erase TeslaCrypt by starting an automatic removal with SpyHunter from here.