PaySafeCard ransomware virus. How to remove? (Uninstall guide)

removal by Gabriel E. Hall - - | Type: Ransomware
12

PaySafeCard gives away files for 20 dollars. It is still not worth paying

PaySafeCard virus

PaySafeCard virus is yet another file-encrypting virus [1] which encrypts documents using AES encryption algorithm, marks them with .rnsmwre extensions and offers victims to buy out their data using PaySafeCard codes.
The extortionists demand merely 20 USD for the data recovery key and promise that after the payment is made, all files that have been affected will be recovered. According to the instructions on the @ decrypt_your_files.txt ransom note, all the victim has to do is purchase some PaySafeCard codes and pay the criminals. Here is the full transcript of this document:

Your files are encrypted!
There is only one way to get them back: You need to send me a 20 USD PaySaveCard-Code
[Write it into the Console Window!]

You can’t help but notice that the note has probably been compiled quickly, without caring too much about whether the victims know how to perform the payment procedure or not. This might signal that the perpetrators behind this cyber threat are either beginners or simply don’t expect much profit from the virus. It only leaves us some hope that perhaps the virus has flaws in its coding and security experts will come up with a workaround for data recovery. As for now, we can only encourage you to remove PaySafeCard and protect your future data from damage.

PaySafeCard codes is not a particularly novel way for the cyber criminals to collect the ransom from their victims. Ransomware developers have been implementing particular payment method alongside Bitcoins [2] and Ukash Vouchers for quite some time now.

Well-known names such as PadCrypt, CainXPii or Razy emerge among the extortionware that uses it. So, although this ransom payment technique does not come close to the extent in which extortionists use Bitcoins, it is sure getting more popular and brings significant amounts of money. However, you can make the life of the cyber criminals a little less sweet by performing PaySafeCard removal. Although $ 20 is not a particularly large sum to pay for data recovery, it adds to the perpetrators’ budget and only motivates them to continue their malicious activities in the future.

3 main ways ransomware infiltrate PCs

When it comes to PaySafeCard distribution, the criminals most likely stick to the three techniques that ensure the effectiveness of the attacks:

  • Spam emails and their malicious attachments;
  • Malvertising and malicious downloads;
  • Fake software or system updates.

Of course, these are only a few ways extortionists may deploy the malicious executable rnsmwre.exe on the victim’s computer. In fact, you can never be sure when the virus is going to strike. Thus, it would be a smart move to create and keep several backups of your files stored on different devices, external storage drives, USBs, etc.

PaySafeCard removal: things you should know

Before you start PaySafeCard removal process, check whether you have all the right equipment for that. You should install some reputable antivirus tool and make sure it runs the latest version. When you make sure everything is in place, you may then launch the full system scan. If you encounter obstacles and can’t remove PaySafeCard virus, it might be that your security utility is being blocked by the malicious ransomware scripts. You will have to restart your PC in Safe Mode and start over. 

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove PaySafeCard ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall PaySafeCard ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual PaySafeCard virus Removal Guide:

Remove PaySafeCard using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

To enable Safe Mode on your computer and allow your antivirus to complete PaySafeCard virus removal, follow the guidelines below:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove PaySafeCard

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete PaySafeCard removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove PaySafeCard using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

You may as well decontaminate the virus by performing System Restore. Here is a guide explaining how to do it:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of PaySafeCard. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that PaySafeCard removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove PaySafeCard from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by PaySafeCard, you can use several methods to restore them:

Is it possible to recover your files with Data Recovery Pro?

It is may be possible to recover files using this recovery tool, though its effectiveness is not 100% guaranteed. It is still worth giving a try though. You should do that by following the guide below:

How do I activate Windows Previous Versions feature?

You can activate Windows Previous Versions feature only if you had the System Restore function enabled before PaySafeCard infiltration. Here is how you should do it:

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Putting Shadow Explorer to use:

You may try to recover your files using Shadow Explorer. Keep in mind though that this method may not work if the virus has destroyed Volume Shadow Copies of the encrypted files.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from PaySafeCard and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author

References