Reveton Trojan. How to remove? (Uninstall guide)

removal by Ugnius Kiguolis - -   Also known as Trojan:Win32/Reveton.A | Type: Trojans
12

Reveton Trojan (you can also find it named as Trojan:Win32/Reveton.A) is a harmful program, ransomware, that presents about itself for its victim through seemingly legitimate alert from The FBI Federal Bureau, Canadian Security Intelligence Service (CSIS) or other reputable service. In addition, this malware tends to 'lock' its target computer down and starts demanding the money in order to restore the access to it. To push you into doing this, it claims: 'Your PC is blocked due to at least one of the specified reasons below' and claims that you have been spreading or watching copyrighted content or doing other things that are illegal. Under no circumstances we recommend you to pay a 'fine', which is aggressively required by Reveton trojan on its alerts. Instead of sharing your money with scammers. remove Trojan:Win32/Reveton.A without any delay.

WHAT ARE THE SIGNS OF REVETON TROJAN INFECTION?

In most of the cases, Reveton Trojan is spread through Citadel botnet, which can be planted in programs that seem to be safe. On the moment it settles down, this scamware hijacks the browser and executes its own malicious processes leading its victims to continuous redirections and system slow downs. This trojan means a great danger to user's personal data which is stored on the PC because it has also been found to serve as a backdoor trojan. With its help hackers get ability to access the affected PC and monitor Internet activities or steal personal information.

HOW TO REMOVE REVETON TROJAN?

In order to remove Reveton Trojan, run a full system scan with reputable anti-malware program, such as Reimage or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus. If you can't launch your anti-spyware, follow these steps:

1. Take another machine and use it to download Reimage or other reputable anti-malware program

2. Update the program and put into the USB drive or simple CD.

3. In the meanwhile, reboot your infected machine to Safe Mode with command prompt and stick USB drive in it.

4. Reboot computer infected with Reveton trojan once more and run a full system scan.

do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Reveton Trojan you agree to our privacy policy and agreement of use.
Reimage is recommended to uninstall Reveton Trojan. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Reveton Trojan (2013-09-24)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing Reveton Trojan (2013-09-24)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Reveton Trojan (2013-09-24)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing Reveton Trojan (2013-09-24)

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author

Removal guides in other languages


  • Whambo

    !!DO NOT USE THE PROGRAMS MENTIONED IN THIS ARTICLE!!
    I dont know if the people here are vendors or what. Read below if you really want this thing off your computer…

    HOW TO REMOVE

    Start computer in safe mode WITH NETWORKING. Follow directions below. If safe mode is an issue, there is a way to get to your desktop in normal mode with possible conditions below

    Download, update, and run Malwarebytes FREE version from http://www.malwarebytes.org/ (If you have nerer heard of it and dont feel good about downloading it after getting burned by this virus already, just google it, there is information everywhere telling of its effectiveness.) These days you DO need to register for the free version, but its the only program that really roots garbage like this out. If you are having trouble getting onto the internet with safe mode (Be sure to choose safe mode with networking) there is a way to unlock your computer in normal mode. Read below.

    SOLUTION TESTED ON

    Windows Vista Home Premium – 64bit, Service Pack 2 and using the Aroura variant of the Firefox browser

    HOW TO UNLOCK YOUR COMPUTER IN NORMAL MODE

    1: Start the infected computer normally. Let it start completely so the malware has a chance to start too.

    2: Press Ctrl+Alt+Delete to bring up the screen that lets you open up the task manager. (If you have tried this already you know that when you try to bring up the task manager it just returns you to the FBI threat page. This is not what were going for here… So dont worry. Go on to step 3.)

    **This is where timing comes into play. Youre going to have to be quick here.**

    3: After pressing Ctrl+Alt+Delete there should be a red power-down button/icon in the lower right hand corner of the screen. (It is an icon, not a button with text) Press the power down button and be ready to act quickly.

    4: As the computer shuts down the FBI page should disappear and you should be able to see your desktop for a moment. (How long this is probably depends on the speed of your computer, but all should give you long enough to do what you need to do here.) While you can see your desktop as the computer is shutting down double-click any program/program-shortcut there. If things go for you as they did for me, a screen should pop up telling you that there are programs are still running, giving you a choice to “Force Shutdown” or “Cancel”. CHOOSE “CANCEL” QUICKLY.

    5: You should have control of your PC at this point in normal mode. This enables you to have your full range of options for removal. After you have reached this point you need to download or update Malwarebytes and run the program. (If you want to run another virus scan you trust first, go for it. But Malwarebytes should be run as well. I intend to run it 3 times to check for stray files.)

    Good Luck!

  • 2-spyware.com support

    Thank you for the input but, MalwareBytes in not the only one product which removes spyware. In fact there are lots of spyware parasites where removal with rkill and malware bytes are far more complicated than using other reputable antispyware solution.

    We recommend malwareBytes along with other reputable products and testing which is the most optimal solution.

  • Norman

    The way I got rid of it was by rebooting in safe mode with network (Used the F8 button on the keyboard), running MalwareBytes then Norton Power erase lastly. Both Malwarebytes and Norton power erase are free.

  • Alexander Alesenko

    Believe it or not guys, I just kill one on my XP by turning power switch off. With all viriety of this ransomware I cant say for sure was it Reveton or just some scripted replica. Though, if I got this one, then this simple way might help someone to remove it also.

  • don

    Help, the fbi window pops up in safe more too, any ideas?

  • John

    i have microsoft security essentials, and it is preventing and quarantining the impact of the FBI screen, but not removing the visus, but allows me to get the right SW to do that. it detects it hitting my PC about every 2 secs and puts it in quarantine.

  • John

    Also Microsoft as 2 different programs that you ban download and install to a self booting CD or USB stick using a clean computer of the same architect. (32 bit or 64 bit) The work by booting the computer into a pe environment which allows them to scan and remove the virus/malware having a chance to run. Also there is at least 1 program to unhide what the program has hidden (only if you have not cleared the temp files). I have used the Microsoft programs on infected computers that would not boot properly with good results. Also sometimes the malware installs a root kit which most antimalware and antivirus programs have problems with and it re-installs itself with every re-boot. Also consider using an anti-rootkit scanner to cure the recurrent portion of the problem.

  • Thomas

    Whambo, I did the exact thing you described to get my desktop back in my control, just took a little time to figure it out. Wish Id had seen your post, but it does work. However, Malwarebytes did not find the Trojan for me, even after supposedly successfully updating and running a scan. I had to use a USB to reboot via a Hitman Pro reboot, described in other articles. With my particular Trojan, safemode or any sort did not work.

  • Thomas

    To clarify a bit, I was able to use my infected PC to download Hitman Pro via a USB drive and start the process of Trojan removal. The next day, after another update, Malwarebytes DID find some baddies and removed them.

  • al hayman

    ICSPA (Reveton Trojan) rode in on an Adobe upgrade, and seized the machine. Jumped the firewall and the virus protector (McAfee). Was able to boot to safe mode and then go to a restore point a few days earlier. Then downloaded a new virus protector and it cleaned the system.

    Check the name of the Trojan in your registry by regedit, and then CTRL F with the name of the Trojan. Delete each entry. Do a “Find Next” till no more entries appear. The malware hides all over the place.