A Ransomware virus infection to your PC can be a major issue, especially if you need your computer for your work and/or if you have valuable and important data files stored on the machine. Ransomware viruses normally operate differently than most other kinds of malware. Instead of damaging something on the attacked computer or spying on their victims, most such infections try to block the access to the computer or to encrypt the files that are on its hard drives. That way, the hackers who are conducting the attack would have leverage over the user and would be able to use that leverage in order to blackmail their victim into making a ransom payment. Typically, the targeted user is promised that upon the execution of the payment their PC or data would be made accessible once again. However, the instances where users have gone for that and have made the requested payment without actually getting their computer or files unlocked are many.
After all, the hackers who use Ransomware to harass random users are cyber criminals and there is hardly anything that can make them keep their promise if they decide not to do so. That’s the reason why many experts advise potential Ransomware victims to try alternative methods for dealing with such an issue and we subscribe to such an advice. The central focus in the next lines will be one particular Ransomware program – a cryptovirus called .Promock. Aside from telling you more about this nasty malware hazard, we will also provide you with a potential way of dealing with it in the form of a removal guide with added instructions on how to potentially recover any data encrypted by the virus as .Promock targets the user’s files and locks them via a high-level encryption algorithm. Sadly, we cannot give you any promises that the guide will always work and it is possible that even after you complete all of the steps your data may still be inaccessible. That said, it would still cost nothing to give it a go and you won’t be risking losing your money while at the same time sponsoring some cyber-criminal’s illegal agenda.
The problem with Ransomware
There are probably not many computer users left who haven’t heard about this type of malware. Throughout the past few years Ransomware infections have rapidly become one of the most dreaded and one of the most commonly encountered cyber threats. It’s just that they seem to be so effective and successful that more and more hackers are trying to exploit this form of software viruses. The cryptovirus sub-class is considered to be the most problematic one and sadly the recently released .Promock belongs to this group of malware. One of the central reasons for the success of the Ransomware cryptovirus category has to do with the fact that those viruses use encryption to complete their goals. You see, encryption isn’t actually inherently dangerous as it causes no harm or damage to neither the system nor to the files that are on the computer. The only thing it does is it locks-up the selected files and keeps them inaccessible for anyone who doesn’t have a special decryption key. This key is actually what the user is pressured into paying for when the hacker is blackmailing them. However, since no real damage is caused by the encryption used by the Ransomware virus, most of the time there are no visible symptoms to indicate that there’s an actual malware infection going on inside the targeted machine. In many instances even the antivirus software of the user might fail to spot the ongoing infection on time. Another important thing about the encryption used on the files is that once the data has been locked it is irrelevant whether or not the virus is on the PC – the files would remain locked either way which is why removing the infection, while necessary in order to prevent further encryption, would not actually release the sealed files.
How to avoid Ransomware
The main reason for malware infections in general is user negligence and lack of care. However, if you adopt certain safety habits when browsing the Internet such as avoiding sketchy pages and only downloading stuff from reputed sources, the chances of landing a Ransomware would be rather low. Some other important security tips that we should mention is abstaining from opening any suspicious-looking e-mails and interacting with their attachments as well as not clicking on any questionable online offers, update requests, adverts, etc. One great way of ensuring that your files stay safe and accessible at all times is getting them backed up on a separate device or on a cloud – do that and no Ransomware should be able to reach them as long as you do not connect to the backup if you think that your machine might have been infected.
|Danger Level||High (Ransomware is by far the worst threat you can encounter)|
|Symptoms||In most cases a Ransomware will display no symptoms which is the reason for the high success rate of these viruses.|
|Distribution Method||Such a malware piece might come to your PC through an infected spam email attachment, via a misleading web ad, with the help of a backdoor virus as well as through other similar stealthy methods.|
Remove .Promock Virus Ransomware
Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.
2: Task Manager
Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.
If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.
Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.
3: The Hosts file
Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.
Find where it says Localhost and take a look below that.
If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the virus.
To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.
If you want to avoid the risk, we recommend downloading SpyHunter - a professional malware removal tool - to see whether it will find malicious programs on your PC.
4: Disable Startup programs
Re-open the Start Menu and type msconfig.
Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10, it will send you to the Startup part of the task manager instead, as in the picture:
If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious , disable those programs and select OK.
5: Registry Editor
Press Windows key + R and in the resulting window type regedit.
Now, press Ctrl + F and type the name of the virus.
Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.
6: Deleting potentially malicious data
Type each of the following locations in the Windows search box and hit enter to open the locations:
Delete everything you see in Temp linked to .Promock Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.
The previous steps were all aimed at removing the .Promock Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.