The Windows Club

Clean up a ransomware infected Registry using Kaspersky WindowsUnlocker

Here is one more tool that can help you in your fight against Ransomware, and this one comes from Kaspersky. If your computer is taken control of by a ransomware, blocking all access, and if a pop up appears on your screen demanding that you send a text message to a specified phone number or pay a ransom amount in a particular way, then Kaspersky WindowsUnlocker can come to your rescue. Such ransomware totally block access to your computer or could simply restrict access to select important functions. Paying a ransom is the only option given to you if you want to get access back to your computer.

Kaspersky WindowsUnlocker

In its fight against ransomware in particular and malware in general, Kaspersky Lab has designed this special anti-malware tool that can be launched when your blocked Windows computer is loaded from Kaspersky Rescue Disk.

Kaspersky WindowsUnlocker removes system blocking malware, and allows your to access your operating system, by cleaning up a Ransomware infected Registry.

It will disinfect malware compromised Windows Registry keys of all operating systems installed on the computer, including operating systems installed on different partitions or in different folders on one partition, and disinfect the user Registry trees.

Mind you, it cleans up only an infected Registry and does not perform any actions with files.

The steps involved in this process are:

  1. Download Kaspersky WindowsUnlocker
  2. Burn the image to a DVD/CD/USB
  3. Configure the computer to boot into the BIOS Menu
  4. Boot your computer from Kaspersky Rescue Disk
  5. Run Kaspersky WindowsUnlocker and disinfect the registry.

A log file is also generated that can help you carry out further analysis if required.

Download it from Kaspersky. The download page carries a detailed walk-through that will show you how to use it.

While it is always a good idea to takes steps to prevent ransomware, this post will tell you what to do after a Ransomware attack.