Severity scale:  
  (99/100)

PaySafeGen ransomware virus. How to remove? (Uninstall guide)

removal by Olivia Morelli - - | Type: Ransomware
12

Important information about PaySafeGen ransomware virus

PaySafeGen virus appears to be German-speaking ransomware. It encrypts victim’s files using AES-128 encryption, generates a special decryption key and removes it from victim’s computer to prevent the victim from decrypting files free of charge. Then it displays a ransom note/screen locker, which explains what happened to the computer. It says that all files have been corrupted with AES cryptography and data recovery is impossible without the 128 digit code, which cyber criminals suggest purchasing for 100 Euros. It is nothing but a filthy blackmail, and you should definitely not pay the ransom. The ransom note announces that the decryption key is available for the next 72 hours only, and after that, it shall be destroyed. If the victim does not get a response from criminals for a while, they suggest writing to cry_16@hmamail.com. However, we believe that you should not respond to this cyber attack in any way because files cannot be decrypted. Besides, paying the ransom means funding criminals and helping them initiate even more dangerous malware campaigns sooner. We strongly recommend you to restore your private data using a backup, but firstly, remove PaySafeGen virus. To do it, you should use tools like Reimage or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus. Don’t pay the cyber criminal and do not let him/her to manipulate you.
Screenshot of PaySafeGen ransomware

How did my PC get infected with this virus?

This virus reportedly spreads in the form of a fake Paysafecard generator, which tricks users into installing it. It promises to function like some kind of a cash generator that can generate genuine Paysafecard codes to make the victim wealthier. Of course, that is not true. The funny thing is, this fake code generator asks to pay a ransom by buying an actual PaySafeCard and typing its code into the malicious program. It proves that free cheese comes in a mousetrap only. However, let’s discuss general ransomware distribution techniques.

The fact that ransomware somehow managed to enter your computer system is naturally a bad sign. It indicates that your computer is either unprotected or that your anti-malware tool lacks necessary updates. Besides, you might be practicing unsafe web browsing habits. If you enjoy surfing suspicious Internet sites, watching random “shocking” or “never seen before” videos, or if you like to open every single email that you receive, you become a potential target for cyber attackers. Please avoid browsing shady websites and clicking on random links. Web sites that promise you to provide compelling content but keeps asking you to visit other pages or even install software updates should be considered untrustworthy. They can either redirect you to a malicious domain or convince you to install malicious software packages that include destructive payloads. Besides, you can also activate a malicious payload by opening shady email attachments sent to you by unknown individuals. We have already mentioned it hundreds of times in the past, but we repeat this again – do not open emails or email attachments that are sent to you by unknown people! You can never know what their intentions are.

PaySafeGen ransomware removal options

PaySafeGen virus can infect Windows OS users, so consequently, victims should use anti-malware tools that are compatible with Windows. For PaySafeGen removal, we strongly recommend using the Reimage software. It is a powerful, quick, and reputable tool that has quickly gained popularity among computer users. You might experience some issues trying to launch it while the ransomware is active, so to remove PaySafeGen with ease, we strongly recommend you to run your PC in a Safe mode with Networking first. Follows steps provided below to uninstall the virus.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove PaySafeGen ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall PaySafeGen ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual PaySafeGen virus Removal Guide:

Remove PaySafeGen using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove PaySafeGen

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete PaySafeGen removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove PaySafeGen using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of PaySafeGen. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that PaySafeGen removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove PaySafeGen from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

Currently data encrypted by PaySafeGen cannot be decrypted. Nonetheless, you must try these data recovery options listed below.

If your files are encrypted by PaySafeGen, you can use several methods to restore them:

Restore data with Data Recovery Pro

Are you sitting next to your computer and wondering what to do with that bunch of encrypted and useless files? We suggest you backup them and then try this data recovery tool. Follow these steps to restore your files:

Explore Volume Shadow Copies

Some ransomware viruses fail to remove Volume Shadow Copies, which can become life-savers for those attacked by ransomware. These copies can be used to restore previous file copies, and you can use them in case the virus does not delete them. Follow these instructions:

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from PaySafeGen and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions


  • Lydia

    Ach!!! I cannot understand a word what this virus says!

  • Anton

    Is it possible to get files back.

  • Phoenix63

    Help my files were encrypted i know that everybody says that but i desperately need them right now and i dont want to pay the ransom, there must be a way to restore them without paying such amount of money!

  • dubingi

    Cannot open these files but removed the virus already. Should I delete these files?