Home Forums Security Center Tutorials How to use CCleaner by Piriform to remove ransomware

This topic contains 0 replies, has 1 voice, and was last updated by  Sean Davis 3 years, 5 months ago.

Viewing 1 post (of 1 total)
  • Author
  • #21526

    Sean Davis

    Did you know that you can use CCleaner by Piriform to remove ransomware?

    The instructions below detail how to use the free or full versions of CCleaner to get rid of common and dangerous ransomware such as the FBI virus.

    1. Install CCleaner by Piriform.

    Purchase CCleaner for $24.95*   Free Download
    2. Open CCleaner and navigate to the Registry tab and click Scan for Issues.You can choose to save a backup of the registry if you wish before CCleaner scans the registry. Once issues are found click the Fix selected issues… button.

    CCleaner remove ransomware registry

    3. A small blue and white window will appear that displays all issues found in the registry. You may choose to fix each issue at once by clicking the Fix Issue button per each issue or automatically repair all registry issues found by clicking the Fix All Selected Issues button.

    CCleaner remove ransomware fix all selected issues

    4. Next navigate to Tools > Startup and look for a Windows key or registry you do not recognize such as (bd_ulylzs) and click the Delete button to remove it. Also, you should manually remove the directory for this by navigating to Windows Start Menu and typing %AppData% into the search field and pressing Enter, then searching for a directory similar to the Startup such as  _bd_ulylzs. Also, make note of the date of the file, try and make a connection with the file and the date your computer became infected and remember the date for the next step.

    CCleaner remove ransomware Startup

    5. Next, go to AppDataLocalTemp as opposed to roaming for the user infected with malware. Delete the files with a matching ‘date modified’ to the aforementioned file you previously deleted in step 4. There may be as much as 3 files and an empty directory including 2 jar_cache*string of numbers*.tmp files, and a random file [dPebbSq].  This will remove the ransomware infection from your computer but to ensure that ransomware is completely removed it is recommended to scan your computer using Malwarebytes Anti-Malware software.

Viewing 1 post (of 1 total)

The forum ‘Tutorials’ is closed to new topics and replies.