How to remove Nemty Ransomware (Virus Removal Guide)

Nemty Ransomware

Nemty Ransomware, or Nemty virus, is a computer virus that was discovered towards the end of August 2019. The ransomware drew attention from its code which made references to the Russian president and antivirus vendors.

Nemty Ransomware

Example of _NEMTY_Lct5F3C_-DECRYPT.txt ransom note (Source: Twitter)

When a computer is infected with Nemty Ransomware the virus will encrypt files giving them a new file extension such as ._NEMTY_Lct5F3C_ and drop a ransom note named _NEMTY_Lct5F3C_-DECRYPT.txt on the desktop and throughout directory folders.

The ransom note provided by Nemty Ransomware contains an explanation of what happened and provides instructions on how to pay the ransom to recover encrypted data.

Nemty Ransomware is distributed by RIG exploit kit

Nemty Ransomware is currently distributed from RIG exploit kit and targets systems with outdated technology. Exploit kits such as RIG utilize vulnerabilities in Internet Explorer and Flash Player which used to be popular tools but are now becoming obsolete. Although these systems may be nearing their grave, many companies depend on them.

Most of the time this type of ransomware gains access to a system through email, downloadable content, and advertisements.


Nemty Ransomware removal steps:

Step 1: Use Malwarebytes to Scan for Ransomware

Step 2: Use HitmanPro to Remove Remaining Trace Files

Step 3: Use CCleaner to Clean Your System and Update Programs

Step 4: Secure Your Computer

Step 5: Recover Your Files

Troubleshoot


Step 1: Use Malwarebytes to Scan for Ransomware

Use Malwarebytes to scan your computer for Ransomware and other malicious programs that may be on your system.

1. Download Malwarebytes.

FREE DOWNLOAD BUY NOW

Why should you buy the premium version?

Malwarebytes Premium has real-time protection that automatically protects your computer and other devices from viruses, spyware, and malware. With Malwarebytes Premium you can stay ahead and safely browse the web with confidence.

2. Double click the executable file or icon, such as mb3-setup-1878.1878-3.7.1.2839.exe to begin installing the program.

3. When you have installed Malwarebytes, click the Scan Now button to begin scanning your computer.

4. When the scan is complete, click the Quarantine Selected button to remove all threats detected by Malwarebytes.

Step 2: Use HitmanPro to Remove Remaining Trace Files

Use HitmanPro to scan your computer for remaining trace files that may be leftover.

1. Download HitmanPro. Fill out the information on their website and download the executable file.

FREE DOWNLOAD BUY NOW

Why should you buy the full version?

HitmanPro is a little different than your usual security program. It goes beyond simply removing viruses, it completely eradicates all traces and remnants of the infection. HitmanPro is also designed to run alongside your Antivirus program which makes it a match up great with Malwarebytes Premium.

2. Double click the executable file or icon, such as HitmanPro.exe to begin installing the program.

3. When you have installed HitmanPro, click the Next button to begin scanning your computer.

4. When the scan is complete, click the Next button to remove all threats detected by HitmanPro.

Step 3: Use CCleaner to Clean Your System and Update Programs

Use CCleaner to clean your system, repair settings that may have been modified by malware, and update programs (if needed) so they’re current with the latest security patches. Outdated software can leave a computer system vulnerable, it is important to regularly update your Operating System and the programs on your machine to avoid any mishaps.

1. Download CCleaner.

FREE DOWNLOAD BUY NOW

Why should you buy the professional version?

CCleaner Professional has the power of real-time automation, so your computer always stays clean, safe, and fast. CCleaner Pro bundles privacy protection, system cleaning, and more with outstanding customer service.

2. Double click the executable file or icon, such as ccsetup556.exe to begin installing the program.

3. When you have installed CCleaner, click the Analyze button to begin analyzing your system.

4. Once analyzation is complete, click the Run Cleaner button to clean your system.

5. Now, let’s run through the Tools section; Go to Tools.

6. Uninstall: Is there a program you missed uninstalling before? CCleaner can often show you programs that are hidden from the Control panel.

7. Software Updater: Are there any programs to update? Make sure to keep the programs on your computer up-to-date to avoid issues with security vulnerabilities.

8. Startup: Go through the Windows, Scheduled Tasks, and Context Menu tabs. Are there any suspicious startup keys enabled? If so, highlight them with your mouse and click the Delete button to remove them.

9. Browser Plugins: Go through the tabs for each browser installed on your computer. Are there any suspicious plugins installed? If so, highlight them with your mouse and click the Delete button to remove them.

10. Finally, let’s clean up the registry. Get out of the Tools area and go to Registry.

11. Click the Scan for Issues button and follow the instructions.

12. Once the registry scan is complete click the Fix selected Issues… button and follow the instructions to fill all the selected issues found in your computer’s registry.

Step 4: Secure Your Computer

It’s time to secure your computer to ensure that something like this is unlikely to happen again. Consider these best practices to provide a heightened layer of protection and privacy:

Use Antivirus with layered protection

Antivirus will real-time layered protection has the ability to stop emerging threats like ransom and hackers from gaining access to your computer, phone, or tablet. Antivirus programs also remove malware that is already on your computer, protect you from visiting malicious websites, stop known and unknown Ransomware attacks, and prevent the programs on your device from being used against you. Check out these highly recommended Antivirus programs to add a layer of security to your computer, phone, or tablet:

Use a VPN

Put up an indestructible wall around you and your data while your computer is connected to the internet. With a VPN you become anonymous over the internet and no one can determine who you are. This is an advantage when it comes to keeping eavesdroppers and hackers away from your data.

With a VPN your data is encrypted and when you connect to the internet your communications travel through a personal tunnel that can’t be penetrated or even logged by your VPN provider, ISP, or anyone else. No one can see what you’re doing and this doesn’t just include your Internet Service Provider, it includes hackers and government agencies.

Recommendations:

Step 5: Recover Your Files

NAME DESCRIPTION DOWNLOAD
Shadow Explorer Restores lost or damaged files from Shadow Copies Download (Free)
Photorec Recovers lost files Download (Free)
Recuva Recovers lost files Download (Free) | Buy

Troubleshoot

There are other solutions to consider if you run into issues when removing Nemty from your computer.

System Restore

If a restore point has previously been established on your machine you will be able to perform a system restore in order to restore your machine to a date and time before it was infected. You will lose files on your computer that were obtained prior to the restore point.

There are several options to restore your computer. Most computers have their own restore software that can be found by performing a search. Additionally, computers that run the Windows Operating System have a default restore program that can also be found by performing a search.

A boot screen that can be used to access options to restore your computer can be reached by rebooting your computer and pressing the F8 key once the manufacture screen is displayed.

Recover To Factory Settings

A system recovery (or reset) will recover your computer to factory settings. You will lose the current programs and files on your computer.

There are several options to recover your computer to factory settings. Most computers have their own recovery software that can be found by performing a search. Additionally, computers that run the Windows Operating System have a default recovery program that can also be found by performing a search.

A boot screen that can be used to access options to restore your computer can be reached by rebooting your computer and pressing the F8 key once the manufacture screen is displayed.

Sean Doyle

Sean Doyle is a tech author and engineer with over 20 years of experience in cybersecurity, privacy, malware, Google Analytics, online marketing, and other topics. Sean's content has been featured in numerous publications.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.