Severity scale:  

WantMoney ransomware. How to remove? (Uninstall guide)

removal by Ugnius Kiguolis - - | Type: Ransomware

WantMoney ransomware makes data encryption complicated procedure

WantMoney ransomware wallpaper

WantMoney ransomware is a file-encrypting virus that targets Chinese and English speaking computer users. The malicious program is designed to encrypt files with AES cryptography. During encryption procedure, malware not only appends a specific file extension but renames files as well.

The virus renames files by appending random letters instead of the original file name. Want Money ransomware uses this scheme to corrupt data on the targeted computer:


Following data encryption, crypto-virus a ransom note called “_Want Money_” in .bmp and .text files where hackers ask to pay 0.1 BTC. The BMP file becomes affected computer’s desktop picture that resemble’s the skull we have already seen in Petya ransomware.

In the text file, criminals provide detailed data recovery instructions. Victims have to transfer the money and send an email to (or with their unique ID number:

After payment please send an email to the specified email-address
letter name: the Request to decrypt the (W APROSAM to decrypt)
Content email: your ID + your billing information
after sending you will receive a reply, the reply message contains the key , type it into the text box to decrypt the file.

Additionally, WantMoney virus shows a pop-up window with ransom demanding information and provides Bitcoin wallet address where victims are supposed to send the money.

However, following these instructions is not recommended.[1] Crooks may never give you working decryption software. For this reason, it is recommended to focus on WantMoney removal. Once the virus is wiped out from the system, you can restore data from backups or try alternative recovery methods.

If you do not have backups, data recovery possibilities are not high because WantMoney might be capable of deleting Shadow Volume Copies by executing vssadmin.exe delete shadows /all /Quiet command. However, there’s always a chance that this malicious program fails to do that. In this case, you can call yourself lucky.

Talking about virus elimination, you will need to obtain are reputable anti-malware software, such as Reimage. If you cannot install or update security software, you will need to run a computer in Safe Mode with Networking in order to remove WantMoney malware.

Methods used for ransomware’s distribution

There are several ways how file-encrypting program can end up on the system. Therefore, to avoid ransomware, you have to learn about them and do not fall for crooks’ tricks.

  1. Malicious spam emails. It’s the most popular distribution method that relies on social engineering. These emails often look legit and include infected attachment, usually in Word, PDF or ZIP files. Once opened, this file drops malware payload on the system.
  2. Malvertising.[2] Criminals might create malware-laden ads and display them on both legitimate and high-risk websites. Often these ads are aggressive, eye-catchy and offer great deals. However, clicking them might lead to the installation of malware.
  3. Fake downloads/updates. Security experts from Norway[3] point out that users who download illegal programs or other content are often at risk to install ransomware or other malware. The same problem exists with downloads or available update alerts that show up in the form of a pop-up.
  4. Exploit kits. Malicious programs often take advantage of outdated software and their security flaws. Thus, installing latest updates from the official sources is the most important prevention tip.

Additionally, crypto-malware might still find the way to your PC. For this reason, you should strengthen your computer’s security with antivirus software and create backups.

Complete deletion of the WantMoney ransomware virus

WantMoney removal requires system scan with reputable and powerful malware removal software. We suggest using Reimage or Plumbytes Anti-MalwareNorton Internet Security, but you can choose your preferred tool as well. However, if you consider manual elimination method, we want to discourage you because this task is difficult and can be performed successfully only by IT professionals.

However, if you cannot install security software and remove WantMoney automatically, you have to take additional steps in order to disable the virus. Follow the guide below.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.

If you decided to select another anti-spyware, uninstall Reimage from your computer.
Press mentions on Reimage
Alternate Software
Alternate Software

To remove WantMoney virus, follow these steps:

Remove WantMoney using Safe Mode with Networking

Follow these steps to remove WantMoney ransomware automatically:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove WantMoney

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete WantMoney removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove WantMoney using System Restore

System Restore method also helps to disable malware and run its removal.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of WantMoney. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that WantMoney removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove WantMoney from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by WantMoney, you can use several methods to restore them:

Data Recovery tool – alternative tool to restore data

Thousands of victims of the ransomware have already taken advantage of this recovery software and managed to restore some of the files without paying the ransom:

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by WantMoney ransomware;
  • Restore them.

Windows Previous Version might help to restore individual files

Victims who have enabled System Restore before ransomware attack can restore files by taking advantage of Windows Previous Versions feature:

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

WantMoney decryptor is not available yet.

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions