The Popcorntime Ransomware seems to be still under development, but on the basis of what we know so far, the malicious application seems to be extremely dangerous. Even if it targets only to specific locations on the computer, the threat comes from the ability to encrypt a wide range of different file types. After the encryption process, the developers of malware should demand a ransom by you or to get the decryption tool, they infect the computers of other people. We recommend in any case, to make quick decisions, which they might later regret. First, you could read the rest of the article and learn more about this malicious program. Users who want to reject the demands of cybercriminals and delete the Popcorntime Ransomware as soon as possible, should look at the instructions below.
Our researchers report that the malicious application could be; based on the basis of an fine malware called HiddenTear Ransomware so, you could use the same cryptosystem which is known as AES-256. In addition, we believe that you could spread the infection via spam E-mails, suspicious attachments, etc.. If the Popcorntime Ransomware is updated to encrypt all data in the system, users who have non-replaceable data on the computer, you might feel compelled, to spread the infection itself, to obtain the decryption tool and to unlock such data. But remember that the cyber criminals with which you have to do it, seem to have no conscience; so, who knows whether this would actually keep their promises. For this reason, we recommend not to spread the ransomware.
Once the victim the installer pop counterattack in the Ransomware executes the malware should create a directory entry in the path HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Usually, malicious software developers program their infections to act that the threat itself each time could run if the user restarts the computer. In this case the malware should demonstrate again the warning message, which appears directly after the encryption process. The interesting part is that during the encryption the malicious application can show a fake window with the progress during installation you. In other words, this means that while you wait for a program or update to install, the threat could encrypt the data on your computer.
First, the Popcorntime Ransomware was programmed to encrypt data only in a specific test folder, but the latest reports indicate that the malicious program could now be able to lock data in such places as the desktop, my documents, etc.. Also, the affected files should receive an additional extension called .filock, for example image.jpg.filock. The threat can encrypt files, such as images, videos, audio files, photos, various documents, etc. Then, the malware should run restore_your_files.txt, restore_your_files.html or open a separate window with the ransom demand. According to the message, you have limited time, either to pay the ransom itself or become infected, which would pay at least two users.
Apparently the cyber criminals demand from their victims to transfer a Bitcoin on your account. This seems to be a small sum, but if you convert a bit coin in US dollars, you get about $780. The amount you could risk so is pretty high and there is no way to sure that the developer of the Popcorntime Ransomware will provide the decryption tool. In other words there is the risk that you will lose not only the encrypted data, but also the funds. Therefore, we recommend that users not to pay the ransom and to get rid of the infection because there is no guarantee at all.
There are two main options that pop counter to eliminate the ransomware. First, the user can scroll a bit down and follow the displayed instructions for removal. She will show you how to find the files in conjunction with the malicious application and deletes them one at a time. The other option, to delete the malware, is the use of a reliable antimalware tools. She should be installed on the infected computer, so that the user can use his scan tool to find the created files of the malicious program. Then you could press the distance to clear the infection and other possible threats.
Remove the Popcorntime Ransomware
Warning, multiple anti-virus scanners have detected possible malware in Popcorntime Ransomware.
| Anti-Virus Software | Version | Detection |
|---|---|---|
| Malwarebytes | 1.75.0.1 | PUP.Optional.Wajam.A |
| VIPRE Antivirus | 22702 | Wajam (fs) |
| ESET-NOD32 | 8894 | Win32/Wajam.A |
| K7 AntiVirus | 9.179.12403 | Unwanted-Program ( 00454f261 ) |
| McAfee-GW-Edition | 2013 | Win32.Application.OptimizerPro.E |
| McAfee | 5.600.0.1067 | Win32.Application.OptimizerPro.E |
| Baidu-International | 3.5.1.41473 | Trojan.Win32.Agent.peo |
| Dr.Web | Adware.Searcher.2467 | |
| Malwarebytes | v2013.10.29.10 | PUP.Optional.MalSign.Generic |
| Kingsoft AntiVirus | 2013.4.9.267 | Win32.Troj.Generic.a.(kcloud) |
Popcorntime Ransomware Behavior
- Slows internet connection
- Steals or uses your Confidential Data
- Changes user's homepage
- Popcorntime Ransomware Shows commercial adverts
- Modifies Desktop and Browser Settings.
- Installs itself without permissions
- Shows Fake Security Alerts, Pop-ups and Ads.
- Popcorntime Ransomware Deactivates Installed Security Software.
- Integrates into the web browser via the Popcorntime Ransomware browser extension
- Redirect your browser to infected pages.
- Popcorntime Ransomware Connects to the internet without your permission
- Distributes itself through pay-per-install or is bundled with third-party software.
- Common Popcorntime Ransomware behavior and some other text emplaining som info related to behavior
Popcorntime Ransomware effected Windows OS versions
- Windows 10
- Windows 8
- Windows 7
- Windows Vista
- Windows XP
Popcorntime Ransomware Geography
Eliminate Popcorntime Ransomware from Windows
Delete Popcorntime Ransomware from Windows XP:
- Click on Start to open the menu.
- Select Control Panel and go to Add or Remove Programs.
- Choose and remove the unwanted program.
Remove Popcorntime Ransomware from your Windows 7 and Vista:
- Open Start menu and select Control Panel.
- Move to Uninstall a program
- Right-click on the unwanted app and pick Uninstall.
Erase Popcorntime Ransomware from Windows 8 and 8.1:
- Right-click on the lower-left corner and select Control Panel.
- Choose Uninstall a program and right-click on the unwanted app.
- Click Uninstall .
Delete Popcorntime Ransomware from Your Browsers
Popcorntime Ransomware Removal from Internet Explorer
- Click on the Gear icon and select Internet Options.
- Go to Advanced tab and click Reset.
- Check Delete personal settings and click Reset again.
- Click Close and select OK.
- Go back to the Gear icon, pick Manage add-ons → Toolbars and Extensions, and delete unwanted extensions.
- Go to Search Providers and choose a new default search engine
Erase Popcorntime Ransomware from Mozilla Firefox
- Enter „about:addons“ into the URL field.
- Go to Extensions and delete suspicious browser extensions
- Click on the menu, click the question mark and open Firefox Help. Click on the Refresh Firefox button and select Refresh Firefox to confirm.
Terminate Popcorntime Ransomware from Chrome
- Type in „chrome://extensions“ into the URL field and tap Enter.
- Terminate unreliable browser extensions
- Restart Google Chrome.
- Open Chrome menu, click Settings → Show advanced settings, select Reset browser settings, and click Reset (optional).