Severity scale:  

Remove Nuke ransomware / virus (Improved Instructions) - Oct 2016 update

removal by Lucia Danes - - | Type: Ransomware

How hazardous is the Nuke ransomware?

Nuke virus is one of the latest ransomware infections that feature frightening names, such as Apocalypse, CrySiS and terrorize the online community. In other words, the cyber infections really live up to their names, thus, they should be avoided at all costs. In the following article, we will elaborate more about the Nuke ransomware – one of the newer additions to this nasty family of viruses. We will discuss how the virus behaves on the infected devices, how to avoid it, how to lessen the damage if infected and, finally, provide some recommendations for the Nuke removal.

First, we should remind you that ransomware viruses are designed to extort money from the users whose files they forcefully lock after stealthily infiltrating computers. Though new ransomware viruses are getting more advanced, in their essence, they do not differ much from their predecessors. But that does not mean we do not have to talk about them anymore. On the opposite, the more we know about these viruses, the greater chance we have to outsmart them. Let’s look at Nuke, for instance.Image of the Nuke ransomware virus

Questions about Nuke ransomware virus

The primary goal of this ransomware is to infiltrate the computer by stealth. This immediately suggests that some additional, automatic system protection is necessary to block potential attacks if we cannot stop the virus ourselves. Obtaining Reimage Reimage Cleaner Intego or other anti-malware software is a good place to start. If you did not manage to avoid the infection, though, the next step is to lessen the damage. Nuke locks computers with military grade AES and RSA encryption algorithms and, sadly, in most cases it means that full data recovery might be impossible. But you can try diminishing the spread of the infection by disconnecting your computer from the network and initiating the antivirus system scan. You should do that as soon as you notice something suspicious, for instance, if your files feature extensions “.nuclear55” instead of the regular ones, or never-before-seen documents have appeared on your desktop. If applied during the initial stages of the infection, this strategy might help curb the virus and save some of your personal files. Another way to reduce the risk of greater losses is to refuse recovering data using the decryption tools the criminals may push upon you. Though they will give you guarantees, allow to unlock one of your chosen test files (for that you should send them the file via given email under the subject name “FILE RECOVERY“) and promise full system decryption, you should not trust any of this humbug and remove Nuke from your computer. Otherwise, even if you pay, the scammers may run away with your money and your decryption key.

Talking more about the technical side of the virus, an interesting detail worth noting is that the virus is found under a file format .pdb which is untypical to ransomware viruses. These Program Database files usually hold debugging and project state data. Nuke.pdb file, on the other hand, encrypts files, changes desktop background and creates !!_RECOVERY_instructions_!!.html and !!_RECOVERY_instructions_!!.txt files on the infected computer’s desktop. These files contain payment instructions and urge users to contact the cyber criminals via given email address. The users are given 72 hours to pay the 2 Bitcoin worth of ransom (this currently equals around 1280 USD), otherwise, the private RSA key which the criminals introduce as the only chance to recover data will be destroyed. As we have already pointed out, we do not recommend communicating with the cyber criminals and suggest reporting the incident to the responsible institutions. As for the data recovery, removing the virus from the infected device will not unlock your files, but you may try other means to bypass the encryption. We discuss some of these methods below the article. 

Means of ransomware distribution:

With several exceptions, there are three basic strategies used to distribute most of the ransomware infections around. They are all automatic, so Nuke malware creators do not have to sit around and waste their time sending out its malicious files by hand. A large part of the distribution is done via spam campaigns carried out by botnets. Deceptive emails with potentially infectious attachments reach our inboxes every day, so there is no reason why the Nuke virus could not end up there too. Also, there is a high chance of getting infected via malicious links, advertisements or products that you may be randomly offered online. You should be especially careful if your computer is infected with adware-type programs, because these nasty parasites (though not malicious themselves) significantly increase the risk of planting a ransomware on your PC. So, even the least dangerous computer infections may lead to disastrous consequences, so regular system check-ups are simply inevitable.

Can you actually nuke the Nuke ransomware:

Nuke virus is still under constant development, so it is rather difficult analyze it thoroughly. The experts haven’t managed to come up with its decryption tool either. Thus, you simply have no other choice but to remove Nuke ransomware from your computer. Seems too complicated? Well, it sure is doable, though it may require some extra effort. But first, you should try scanning your computer with automatic antivirus tools. If this process does not go according to plan and your antivirus utility crashes, then scroll down below and follow the indicated instructions. These should help stop some of the virus malicious processes and let your antivirus proceed with the Nuke removal. Below these instructions you will also find data recovery guide which we suggest using if you want to try to recover the encrypted data.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Nuke virus, follow these steps:

Remove Nuke using Safe Mode with Networking

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Nuke

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Nuke removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Nuke using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Nuke. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that Nuke removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Nuke from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

Since there has been no decryption tool tool released for this program just yet, we can offer you some other ways you can decrypt your files after the Nuke ransomware attack. We should remind you that you should not pay the extortionist and report them immediately. This is the only way to curb this ransomware from infecting more unsuspecting victims.

If your files are encrypted by Nuke, you can use several methods to restore them:

Try out Data Recovery Pro method

Here we present the steps that could help recover the data encrypted by Nuke using the reputable data recovery tool Data Recovery Pro:

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Nuke ransomware;
  • Restore them.

Take a chance with Windows Previous Versions feature

Below you will find directions on how to use Windows Previous Versions method in order to recover your files. System Restore function should be enabled for this method to work. 

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Check out ShadowExplorer method

Last, but not least, you can also give ShadowExplorer a try. This software locate Volume Shadow Copies of your files, so you can recover them afterwards. 

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Nuke and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

  1. dorothy says:
    October 4th, 2016 at 9:07 am

    My office is in panic. Nuke ransomware has been found on one of our PCs and were afraid it will transfer itself to the whole network! Terrifying

  2. Ioe34 says:
    October 4th, 2016 at 9:09 am

    Well I have been infected with cryptolocker… still waiting for the decryptor. Dont have to much hope with Nuke either

  3. Cerber88 says:
    October 4th, 2016 at 9:11 am

    I think there be some serious hacker network behind all these ransomware viruses. Most of them look identical and the other part features minor variation

Your opinion regarding Nuke ransomware virus