A close encounter with a Ransomware cryptovirus such as .Pumas could be a really unpleasant experience. This piece of malware is basically created to blackmail its victims by applying a secret file encryption to their personal files and then asking them to pay a ransom to access them. The bad news is that, similarly to most Ransomware representatives, .Pumas tends to be very difficult to remove and to deal with. Usually, there are not many methods which can offer a complete recovery from the attack of the cryptovirus and, more precisely, an effective decryption to the files that it has encrypted.
In case that your system has been infected with .Pumas and the malware has taken your personal data hostage, then you most probably have been told to pay a ransom to the hackers who are behind this malware attack. The challenge of dealing with this nasty blackmailing scheme is to find a way to get your files back, preferably without paying anything to the cyber criminals. Sadly, so far there is no universal solution which can promise you a full recovery. The hackers may offer to send you a special decryption key if you send them the money that they want. In theory, if such a key exists, it should be able to decrypt the data and bring it back to normal. However, nobody can tell you if such a key is really available at the server of the crooks and if they really have the intention to send it to you once you pay. Despite not having a guarantee about the future of their files, some users decide to opt for the payment of the ransom and risk their money by doing so. If you’ve landed on this site, however, we assume that you are looking for alternatives which don’t involve paying the ransom. That’s why, in the next lines, we have prepared a set of instructions and a trusted malware-removal tool which may help you remove the Ransomware and get some of your data back without sending money to the cyber criminals.
|Danger Level||High (.Pumas Ransomware encrypts all types of files)|
|Symptoms||Very few and unnoticeable ones before the ransom notification comes up.|
|Distribution Method||From fake ads and fake system requests to spam emails and contagious web pages.|
Remove .Pumas Virus File Ransomware
Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.
2: Task Manager
Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.
If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.
Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.
3: The Hosts file
Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.
Find where it says Localhost and take a look below that.
If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the virus.
4: Disable Startup programs
Re-open the Start Menu and type msconfig.
Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10, it will send you to the Startup part of the task manager instead, as in the picture:
If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious , disable those programs and select OK.
5: Registry Editor
Press Windows key + R and in the resulting window type regedit.
Now, press Ctrl + F and type the name of the virus.
Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.
6: Deleting potentially malicious data
Type each of the following locations in the Windows search box and hit enter to open the locations:
Delete everything you see in Temp linked to .Pumas Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.
The previous steps were all aimed at removing the .Pumas Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.
How can .Pumas infect you?
.Pumas could sneak inside your computer without you having a clue about it. This may happen if you click on an infected transmitter or interact with malicious content when your system is unprotected. Carriers of the infection could be different commonly encountered files, email messages and attachments, spam, torrents, shady web links, compromised free installers and even Trojan-based threats. Sadly, you cannot really rely on any typical symptoms to detect the Ransomware before it manages to complete its file encryption since there are hardly ever any visible signs of the infection. Since it usually does not mess with your Operating System and its processes, the encryption process may not be detected by the antivirus either. That’s why one of the best things you can do to protect your data from getting taken hostage is to regularly back it up on an external drives or on cloud storages from where you can restore it. This way, even if a sneaky Ransomware threat like .Pumas manages to attack your computer, it will be enough to just remove the infection and copy your files on the clean system. If you don’t have backup copies, however, don’t get discouraged. In the guide above, we have suggested certain methods and file-recovery options which might potentially help you get some of your files back. That’s why, before you consider the ransom payment as an option, please take a look at them.
Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded MobileSecurityZone.com, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.