Severity scale:  
  (94/100)

Hackerman ransomware virus. How to remove? (Uninstall guide)

removal by Olivia Morelli - - | Type: Ransomware
12

Things to know about Hackerman ransomware virus

A new ransomware dubbed Hackerman virus has been spotted by malware researchers this week, and this one seems to be looking for Spanish-speaking victims. The ransomware is yet another malevolent program based on educational HiddenTear ransomware project, which means that it is likely to be decryptable. The virus attempts to encrypt victim’s files stored on the compromised computer and connected drives, then creates and saves Leeme Por Favor.txt (Please read me) ransom note on computer’s desktop. During the encryption procedure, virus applies encryption algorithm on each file individually and once it corrupts it, it appends .locked extension after the original file extension. As a result, a file that is entitled document.txt becomes document.txt.locked. Such file can no longer be opened or manipulated via any program – it simple becomes worthless. Losing all personal files means a disaster to everyone, and can seriously scare the computer user. Nobody wants to lose precious memories, weeks of hard work, or gigabytes of favourite music. To respond to user’s desire to get personal files back, the virus leaves a message containing instructions on how to transmit the ransom payment to criminals. What is interesting is that it asks to deposit 500 in the OXXO (popular chain of convenience stores from Mexico). In Spanish, the ransom-demanding message looks like this:

Has sido juankeado por hackerman, depositame 500 en el oxxo a cambio de tus packs.

If you have been infected with this malicious program, we suggest you to remove Hackerman malware using anti-malware software instead of paying the ransom to criminal dubbed Hackerman. Most likely he doesn’t care about your files and just wants you to donate your money to him. Do not follow commands of a criminal, and implement Hackerman removal right away.

Hackerman virus provides the message from criminals in Spanish language

When did the ransomware take control of your PC?

If this virus found a way into your computer system recently, it means that your PC is not protected well enough and that it is open for further malware attacks. Ransomware can be stopped with a help of powerful anti-malware, but if you do not have it, then it becomes very easy to deliver this illegal program to your system and execute it there. Most of the time, criminals deliver ransomware executables via email. They send legitimate-looking messages and attach documents that seem to be secure at the first sight. However, once opened, they either immediately infect the system or activate a malicious script that downloads the malicious program from the Internet. Criminals no longer need to send .exe files to infect the system – they can deliver the virus in .doc, .pdf, .dll or .js format files. Sometimes the victim just needs to enable Macros in such hideous document in order to activate the malicious code that reaches certain server and downloads the ransomware from it. However, Hackerman virus seems to be using the most primitive dissemination method and currently it is being distributed via malicious email spam campaigns.

Remove Hackerman ransomware from the system

Ransomware virus is not a simple piece of software. It does not drop an uninstaller after infecting the system. To remove Hackerman virus, the user needs to gather registry keys, executive files, ransom note and other components related to it and remove them all at once. This can be quite a challenging task, so we suggest you delegate it to a good anti-malware software. In order to start Hackerman removal procedure, use these instructions and set some things up to prevent the virus from blocking your anti-malware tool.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Hackerman ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Hackerman ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual Hackerman virus Removal Guide:

Remove Hackerman using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Hackerman

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Hackerman removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Hackerman using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Hackerman. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Hackerman removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Hackerman from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Hackerman, you can use several methods to restore them:

Decrypt .locked files using HiddenTear decryptor

HiddenTear decryptor reportedly can decrypt files encrypted by all versions of ransom-demanding viruses based on this educational virus’ source code. However, we strongly recommend you to backup the encrypted data and import it to an external storage device to have an intact copy of it in case this decryption tool fails to work. Then test the decryptor on the compromised files stored on the infected PC. Before using it, remove Hackerman ransomware first! To decrypt files, you will have to use two programs developed by a malware expert M.Gillespie:

  1. If you do not have the decryption key, use this HiddenTear BruteForcer tool to figure out what it is. To brute force the key, use a .png file from Sample pictures folder as an example. Warning: do not use a .zip file as an example of encrypted file!
  2. Use the key in HiddenTear decryptor to restore your files.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Hackerman and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions


  • Reynold

    Funny picture. However, I just wanted to say that this virus attempted to hack my system today, but anti-malware program stopped it. Thanks God!

  • Stigma

    Hack3rman. What a lame nickname for a programmer..

  • bethesda

    I cannot understand how did I get infected with this Mexican virus.

  • Sunflower

    I have removed the virus but I need to find out how to backup my files. Anybody wanna tell me how do I do that?