How to remove (uninstall) Petya

Recently, another outbreak of ransomware occurred, which struck hundreds of computers of ordinary users, as well as networks of large Ukrainian, Russian, Polish and Italian companies. Petya ransomware penetrates users' computers both using traditional methods - Trojans and spam via email, and with the help of the already known vulnerability ETERNALBLUE. The highest percentage of infection is provided by this vulnerability, in spite of the fact that it was already patched by Microsoft. For those who follow the news in the world of malware, it's not new that the vulnerability of ETERNALBLUE has been used recently, by WannaCry ransomware virus, whose attack was recognized as the largest one in the last ten years, or even in the entire history of the Internet. A few hours after the first reports on the infection, Microsoft published on its site patch MS17-010, which completely closes the vulnerability and makes Windows immune to the WannaCry virus, as well as to the new version of the Petya virus.

Once again, we can say that the main threat to the security of computers is the indifference of users to the requirements of computer security. After the largest cyber-attack, which affected more than ten countries in the world, no one expected the scammers to decide to repeat the attack in the same scenario, knowing that all users had the opportunity to close the vulnerability. Nevertheless, the creators of Petya decided on this step, and it was successful, since most users did not update Windows. A significant difference between Petya and WanaCry is that it does not have a "shutdown button", and its promotion has not yet been stopped. We are not the first to encounter the Petya virus - it was first discovered in 2016, but at that time the expert managed to crack encryption and restore the files of all the victims. Alas, scammers learn from their mistakes and the new version of the virus will, most likely, be much better protected.

The Petya virus has several striking features, including MFT blocking and MBR rewriting. If to explain in more understandable words - the Petya virus is the only one that really prevents the user from removing himself, and recovering the files. It starts with the system startup and puts a message with your requirements on the screen. The repayment amount for ordinary users is $ 300. All communication with scammers is via email, but unfortunately, the mailbox specified in the earlier versions of the virus is currently deleted, so for most victims, file recovery is impossible.

How to delete Petya Virus

File restore is the main problem that you think about, if you have the encrypting virus in your system. However, the ransomware needs to be deleted to ensure the security of new files. Regardless of what recovery manner you choose, you still have to delete ransomware. If you prefer the restore in manual manner or the load of backups, you must uninstall the ransomware ASAP, and if you are going to pay the ransom - the malware should be deleted when the data will be fully restored. The elimination can be performed with help of specific antivirus program, or by-hand. Each way has its pros and cons, but the biggest difference among them are the requirements. You have to be a seasoned user to perform the removal in manual mode without failures. Practice is needed in order to prevent errors and to neutralize the consequences of error, if it does happen. Uninstall via AV-software does not need any skills of its operator. You just have to download the program, install it and run the scanning process. Below this part, you'll find the detailed set of advices to eliminate Petya. This guide is checked many times by hundreds of thousands of users, they are entirely safe and very plain. If you prefer the real-time defense and total cleanup of PC without any effort on your part - you can buy a good anti-viral tool right now! Download Spyhunter to remove Petya virus automatically

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

Video guide

How to restore files encrypted by Petya

In this article we have already said that the man whose system is infected with Petya has only one totally safe way to get back your files: to use the backup. All other techniques which are described below can't guarantee the efficient recovery. The significant strength of backup copies is that they are stored on an external drive, and aren't sensitive for viral exposure. Other techniques are based on the OS functionality, and their success depends on the virus itself and the absense of practice. We can suggest you two supplementary decryption methods. You may use the shadow copy service, or a special tool to restore the data. Decryption via special decryptor is quite efficient, but unfortunately, this tool does not yet exist. But you can inspect the websites of the famous anti-viral program vendors who could make such tool. Manual recovery with use of shadow copies may be made right now. You may use the basic functionality of Windows OS, but, we advise you new programs, which will significantly facilitate your task. These tools are called Recuva and ShadowExplorer. Both tools are free, you may download them on the official sites, with close instructions for their use. If you need more info about these methods - it can be found in our article about data recovery.




This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.