Remove PPTX Ransomware (+File Recovery)

How to Remove PPTX Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

Your files are Encrypted!
For data recovery needs decryptor.
How to buy decryptor:

1. Download “Tor Browser” from https://www.torproject.org/ and install it.

2. Open this link In the “Tor Browser”

http://huhighwfn4jihtlz.onion/sdlsgdewwbhr

Note! This link is available via “Tor Browser” only.

————————————————————
Free decryption as guarantee.
Before paying you can send us 2 file for free decryption.
————————————————————
You unique ID
–

PPTX Ransomware is a nasty virus. It sneaks into your system and corrupts everything. Without any noticeable symptoms, the virus spreads its roots around your entire OS. It corrupts essential files and processes, modifies the Registry, and alters settings. It forces numerous reshuffles on you. The virus gets your system under control and starts its malicious operations. PPTX Ransomware follows orders to lock your personal files. It encrypts your videos, pictures, documents, databases, and archives. It locks them with strong encryption algorithms. You can still see the icon of your files, but you cannot open now edit them. The virus promises decryption tool in exchange for an astonishing sum. PPTX Ransomware drops a ransom note which contains the hackers’ demands. They want you to use Tor browser to contact them. Don’t swing into action, though! Slow things down! The worse thing you can do now is to act impulsively. Don’t give into naivety. You are dealing with criminals. You cannot expect them to play fair. They will double-cross you for sure. Consider the situation. Currently, there is no third-party decryption tool for PPTX Ransomware. Paying the ransom, however, is not advisable. Do not play games with the hackers. If you have file-backups, use them to restore your data. Just make sure that you remove the virus before you start restoring your files.

How did I get infected with?

PPTX Ransomware uses multiple distribution strategies. It lurks behind torrents, fake updates, bundles, corrupted links, and, of course, spam emails. The good old spam messages are still the number one cause of virus infection. The scheme, however, is not what it used to be. The crooks no longer rely on malicious files. They use them, but they also embed corrupted links. You can download the virus just by following a hyperlink. Thus, be very careful with your inbox. Treat all unexpected emails as potential threats. If you receive an email, from your bank, for example, go to their official website. Compare the email addresses listed there to the questionable one. If they don’t match, delete the pretender immediately. Also, bear in mind that you may receive attachments in various forms. If a file asks you to enable the “Editing” mode of your software, proceed with caution. The crooks embed scripts in regular files. When you open such files in “Editing mode,” the scripts download viruses. Always make sure you know what you are approving. Take the time to do your due diligence!

Why is PPTX dangerous?

PPTX Ransomware sneaks into your computer and wrecks everything. The virus corrupts your files and blackmails you. It asks for money to restore your own data. And it’s not shy about the sum. This virus demands about $750 USD paid in Bitcoin. That currency is untraceable. Once you transfer the money, you cannot get them back. Even the police cannot help you. The hackers know what they are doing. They also want you to use Tor browser. This program hides both your and their Geo locations. Don’t test your luck! You cannot win against these criminals. If you make the mistake to contact them, you will only give them a way to contact you back. These experienced criminals know how to manipulate people. They will threaten, intimidate, and terrorize you. They’ll do whatever it takes to get your money. As for their promises, you should not take them seriously. No one can guarantee you that the crooks will keep their word. The criminals tend to ignore the victims once they get the money. They may also not be able to provide a functioning decryption tool. There are cases where the victims paid only to get partly working decryptors. Furthermore, bear in mind that the decryption tool removes the lock, but it doesn’t delete the virus. You may restore your files only to have them re-encrypted hours later. How many times are you willing to pay for your own data? Spare yourself many future headaches. Take action against the virus. Remove PPTX Ransomware ASAP! The sooner this menace is gone, the better!

PPTX Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover PPTX Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with PPTX encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate PPTX encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.