Anonpop Ransomware Removal Guide

Anonpop Ransomware is a new infection that might enter your computer secretly if you actively surf the web these days. Even though specialists call it a ransomware infection, we have to note that it differs to a great extent from other ones that are prevalent on the web these days. We consider Anonpop Ransomware quite a unique infection because it does not encrypt files even though it says that it does so. Instead, it deletes all the files users keep on their computers, including pictures, documents, presentations, and other valuable files. Fortunately, there is a way to recover these files, for example, you can use free data recovery software that can be downloaded from the Internet, or you can use Shadow Volume Copies. Of course, you will have to remove Anonpop Ransomware first because this infection places a message on the screen in order not to allow users to access their Desktops and thus use computers normally. In addition, it is going to perform other activities that will make your computer unusable. Anonpop Ransomware is described in a detailed way in this report. Also, specialists working at 411-spyware.com will explain to you how to remove this infection.

As you already know, in reality, Anonpop Ransomware differs from other ransomware infections even though it says that it locks files as well. Instead of doing that, it deletes all the files from %USERPROFILE%\Documents\, %USERPROFILE%\Downloads\, %USERPROFILE%\Music\, C:\Program Files\Google\, %AppData%\Local\Temp, D:\, F:\, G:\, and other directories and drives that usually contain the most valuable information and media files. Once it finishes doing that, it downloads the .jpg image and then puts it on Desktop in order to make it impossible for users to access their files, browsers, and programs. It is very likely that it does that in order not to be removed easily. Also, it seeks to convince users to pay the ransom. We are sure that the main goal of Anonpop Ransomware is still to extort money from users even though it deletes files instead of locking them. This excerpt from the ransom note only confirms that:

Your computer and files ae encrypted

$125 within 24 hours, $199 after 24 hours

Operating system and files deleted after 72 hours

It asks to pay the ransom in Bitcoins and also instructs users to write an email to websupport16@yandex.com (in some cases, the provided email is supportfile@yandex.com) for more information. To be honest, there is no point in writing an email to cyber criminals, especially if you are not going to pay money because we can assure you that it will ask you to do so. In fact, you should not contact cyber criminals also because your files have already been deleted and the decryption key they promise to send you, even if it exists, will not help you to recover them.

Cyber criminals understand that not all the users are planning on paying the money, so they try to scare them into doing that. It has been found that this infection creates the Value in the Run registry key. In addition, it will add the startup item. It means that it will not disappear even after the system restart. What is more, it has been noticed that Anonpop Ransomware will keep showing alerts with the text “Pay your ransom to get our files and computer back. Shutting down in 60 seconds. Email: supportfile@yandex.com for assistance.” Unfortunately, it is not a joke – it will really turn off your computer after 1-2 minutes. In fact, it will keep doing that unless you remove it fully. We suggest doing that right now if you want to be able to use your computer.

In order not to allow similar threats to enter your system in the future, you need to install security software on your PC and ignore spam emails you receive. It is because ransomware infections often enter systems when users open legitimate-looking email attachments. For example, it has been found that Anonpop Ransomware usually enters after users download the .zip archive, e.g. complaint375935.zip and open the .pdf file they find inside the archive. Of course, we do not say that it is impossible for a ransomware infection to find another way to sneak onto the computer as well.

It is extremely hard to remove ransomware infections, so we have placed the manual removal instructions below the article to help you. Keep in mind that these instructions will help you to delete Anonpop Ransomware only, which means that you will still have to scan your computer with a trustworthy scanner to remove other existing threats. Unfortunately, your files will not be recovered if you remove Anonpop Ransomware; however, as we have already told you, it is possible to recover them using reliable file recovery software.

Remove Anonpop Ransomware manually

1. Tap the Windows key + D to access Desktop.
2. Tap Win+R.
3. Enter cmd and tap Enter.
4. Type shutdown /a and tap Enter.
5. Tap Ctrl+Shift+Esc and open the Processes tab.
6. Locate the anonpop process (the name of the process will be the same as the name of the malicious file), right-click on it, and select Delete.
7. Launch RUN once again by tapping Win+R.
8. Enter regedit in the box and click OK.
9. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
10. Find the anonpop Value (might have a different name).
11. Delete it.
12. Locate the malicious file you have downloaded, e.g. spam email attachment.
13. Remove it.
14. Empty your Recycle bin and reboot your computer.