Please do the following;
Kaspersky Rescue CD
Go to a clean PC.
- Download the .iso image file.
- Create a CD (or flash drive if you prefer).
- At the infected PC: put the disk in the drive and reboot.
Follow the directions here, but you will find some differences.
Download and create a bootable Kaspersky Rescue Disk CD
1. Download the Kaspersky Rescue Disk ISOimage from below.
Karspesky Rescue Disk Download Link (This link will open a new page from where you can download Kaspersky Rescue Disk ISO)
2. Download ImgBurn, a software that will help us create this bootable disk. (If you already have necessary software, use that)
IMGBURN Download Link (This link will open a new page from where you can download ImgBurn)
3. You can now insert your blank DVD/CD in your burner.
4. Install ImgBurn by following the prompts and then start this program.
5. Click on the Write image file to disc button.
6. Under 'Source' click on the Browse for file button, then browse to the location where you previously saved the Kaspersky Rescue Disk ISO file.(kav_rescue_10.iso)
7. Click on the big Write button.
8. The disc creation process will now start and it will take around 5-10 minutes to complete.
Configure the computer to boot from CD-ROM
On some machines,if you restart the computer and repeatedly tap the F11 key it should bring up the Boot Menu, from there you can select to boot from the CD.
IF this doesn't happen then you'll need to configure your computer to boot for a CD like you'll see below.
Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:
1. Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:
2. In your PC BIOS settings select the Boot menu and set CD/DVD-ROM as a primary boot device.
3. Insert your Kaspersky Rescue Disk and restart your computer.
Boot your computer from Kaspersky Rescue Disk
1. Your computer will now boot from the Kaspersky Rescue Disk,and you'll be asked to press any key to proceed with this process
2. In the start up wizard window that will open, select your language using the cursor moving keys. Press the ENTER key on the keyboard.
3. On the next screen, select Kaspersky Rescue Disk. Graphic Mode then press ENTER.
4. The End User License Agreement of Kaspersky Rescue Disk will be displayed on the screen. Read carefully the agreement then press the C button on your keyboard.
5. Once the actions described above have been performed, the Kasprsky operating system will start.
Launch Kaspersky WindowsUnlocker to remove the malicious registry changes
This ransomware trojan has modified your Windows system registry so that when you're trying to boot your computer it will instead launch his lock screen.To remove this malicious registry changes we need to use the Kasersky WindowsUnlocker from Kaspersky Rescue Disk.
1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky WindowsUnlocker.
IF you can't find the WindowsUnlocker button, you can select Terminal and in the command prompt type windowsunlocker and then press Enter on the keyboard.
2. A white colored console window will appear and will automatically start loading the registry files for scanning and disinfection. The whole process will take only a couple of seconds and after this process you should be able to boot your computer in normal mode.
Scan your system with Kaspersky Rescue Disk
1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky Rescue Disk then click on My Update Center and press Start update.
2. When the update process has completed, the light at the top of the window will turn green, and the databases release date will be updated.
3. Click on the Objects Scan tab, then click Start Objects Scanto begin the scan.
4. If any malicious items are found, the default settings are to prompt you for action with a red popup window on the bottom right. Delete is the recommended action in most cases but we strongly recommend that you try first to disinfect , and if it doesn't work chose to quarantine the infected files just to be on the safe side.
5. When all detected items have been processed and removed, the light in the window will turn green and the scan will show as completed.
6. When done you can close the Kaspersky Rescue Disk window and use the Start Menu to Restart the computer.
7. When booted back into Windows Navigate > Start > Computer > C:\Kaspersky Rescue Disck 10.0 Open the folder, inside is log from KRD run named "ScanObject" copy/paste that file to your reply.