Severity scale:  
  (99/100)

Payms ransomware virus. How to remove? (Uninstall guide)

removal by Olivia Morelli - - | Type: Ransomware
12

What does Payms virus do?

Payms virus is yet another example of ransomware. This threat was created based on Jigsaw virus code, which is reportedly on sale in Dark Web forums for 139 USD. This virus encrypts victim’s files and demands 150 USD, but if the victim does not pay within 24 hours, the ransom price increases to 225 USD. However, it seems that cyber criminals ask for way smaller ransoms than they used to because computer users are already aware of ransomware threats, and also the majority of them refuse to pay the ransom.

Payms ransomware adds .pay, .payms or .paymst file extensions to encrypted files, and leaves ransom notes in the computer system, called Payment_Instructions.txt. You can find a copy of this file on the desktop, as well as in all folders that contain some encrypted data. The ransom note informs the victim that all data on the computer has been encrypted, and there is no other way to decrypt it than to pay a ransom. The note is written in English and Spanish languages, and it also informs that if the victim attempts to tamper with the virus, all files will be deleted. It provides instructions on how to buy Bitcoins and says that the victim must transfer them to a provided address if he/she wants to access his/hers files ever again. According to crooks, they will eliminate the virus and decrypt the data after the payment is made.

Screenshot of note that Payms ransomware leaves on the computer

However, you should not rush to pay the ransom, even if 150 USD or 225 USD does not seem like a big sum of money to you. Cyber security experts have already updated a tool that can decrypt files locked by JigSaw ransomware, and now it can decrypt data that Payms malware encrypts. Therefore, just remove this malware using an anti-malware software (for example, Reimage) and then download this Payms decryption tool. On page 2, you can find detailed instructions how to install the anti-malware program on an infected machine and complete Payms removal.

How to protect your computer from ransomware attack?

Ransomware viruses still spread rapidly, and many computer users still do not know how to protect their computer from them. These facts about ransomware distribution methods will help you to understand how these viruses spread.

  • Ransomware threats can be installed alongside fake software updates; in most cases, they spread in conjunction with fake Adobe Flash Player updates. To install real Java update, you should head to official website of Adobe;
  • Cyber criminals create malicious files, make them look like safe ones (for example, invoices or speeding tickets) and send them directly to victims via email. For this reason, never open email attachments sent to you by unknown people or companies!
  • Think before you click. If you are browsing through unknown websites, refrain from clicking on suspicious ads or links. Advanced cyber criminals use the clickjacking technique to conceal malicious scripts behind safe-looking content;
  • If the computer was infected with a Trojan a while ago, it can also download ransomware or another computer threat and execute it at any moment.

To protect your computer and files from ransomware attack, install a reliable anti-malware software and backup your files to an external drive. Bear in mind that ransomware threats can encrypt files on all removable drives that are plugged into a compromised computer, so it is advisable to unplug the drive from the computer after you import data copies into it. Do not forget to delete suspicious emails from your inbox and resist the curiosity to open them.

How to remove Payms virus?

In order to remove Payms ransomware, you should install a reliable anti-malware program and scan your computer with it. There is a great chance that Payms malware might try to stop you from installing and running the anti-malware program, so we strongly recommend you to start your computer in Safe mode first. You can find detailed Payms removal instructions below.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Payms ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Payms ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual Payms virus Removal Guide:

Remove Payms using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Payms

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Payms removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Payms using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Payms. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Payms removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Payms and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions


  • Ali

    Another variant of JigSaw? Doesnt sound optimistic…

  • marthin

    My wife somehow dropped this virus into our laptop, I am so disappointed, because all of our photos are encrypted now… I should have created backups!

    • 007

      wait there is a decryption tool, just download it!

  • Penelope

    Removed the virus and fixed my files, big THANKS to this site