How to clean ransom virus


Once your files got encrypted with ransom virus there is no way to decrypt yet. the only way is to pay the perpetrators and there is no guarantee that you actually will get the decryption key. So backup backup backup you files !!! to offline media like external disk, USB Disk On Key or to some cloud backup.

in this example we will clean files that got encrypted with OSIRIS ransom virus but you can change the setting to fit any other types, Open powershell as administrator and runĀ  :

get-childitem -path c:\*.osiris -Recurse | move-item -Desination "Destination_Drive:\Folder" -Force -Exclude "Destination_Drive:\Folder"
get-childitem -path c:\osiris*.htm -Recurse | move-item -Desination "Destination_Drive:\Folder" -Force -Exclude "Destination_Drive:\Folder"

this will move all the infected files to folder for later decrypt if possiable .

Next, Scan with antivirus software like spyhunter or kaspersky removal tool and remove all trace of virus.

Restore from Shadow copy or backup . how to setup windows 10 shadow copy

Good luck

Leave a Reply

Your email address will not be published. Required fields are marked *