Coverton Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 1155
Category: Trojans

Coverton Ransomware is an infection that enters your system without any permission and locks your files with “a cryptographically strong algorithm AES-256 with encryption key RSA-2048.” The only way to get your files back is to pay a ransom of three Bitcoins, which at the moment is 1249.68 USD and that is a rather large sum. However, there is no point in wasting money, if you do not have many irreplaceable files on your computer or if you have their copies somewhere else. In that case, you can remove the malware from your computer and retrieve some of your data by copying it from removable media, etc. If you want to avoid similar infection in the future, you should read this article and learn more about Coverton Ransomware. Also, we will add the removal instructions that you could use at the end of the article.

Our researchers inform us that your computer might have caught this infection while visiting malicious websites. In this case, it could be enough for you to enter the site that contains malware, especially if your computer is not protected with a security tool. On the other hand, it is possible that you received this ransomware through spam emails too. For instance, it could have been a text document from an unknown sender with a random title, etc. The software that installs malicious executable files settles in the %TEMP% or %USERPROFILE%\downloads directories. Eventually, the malicious executable files with random names appear in %ALLUSERSPROFILE%\Start Menu\Programs\Startup, %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup and in other locations that will be listed in the removal instructions that you can find below the article.

The ransomware encrypts all the main document and image formats and adds .Coverton extensions to your files. This infection does not lock your screen or block any programs from running. It simply puts all the instructions in “!!!-WARNING-!!!.txt” or “!!!-WARNING-!!!.html” files in the same locations with the encrypted data. The instructions explain what happened to your files and how to unlock them. Like many recently created ransomware programs, it demands you to pay a ransom in Bitcoins. Further instructions can be reached if you download the Tor browser and open the given link with it. Once you get there, you should learn how to buy bitcoins and exchange them to Coverton Decryptor, and for that you have almost four days. If you are late with the payment, Coverton Ransomware creators claim that they will double the ransom.

All in all, it is for you to decide if you want to pay the ransom, but since the payment is rather high, we would advise you to think about such option very carefully because there is no guarantee that you will get this Coverton Decryptor, and you might end up wasting your savings. Naturally, you can also delete this malware if you do not plan to fulfill these cyber criminals' demands. If you are an inexperienced user in these matters, we would advise you to install a legitimate antimalware tool because deleting this infection might be quite complicated and a security tool would do all the job for you. What makes manual removal so hard is the fact that most of the malicious files that you should delete have random names. Therefore, it could be difficult to find them, depending on how much data you have in particular locations. If you think that you can manage to deal with Coverton Ransomware on your own, take a look at the instructions below the text. They will list all the locations where these malicious executable files could be hiding. Also, should you need any help, you can always leave a comment here.

Erase Coverton Ransomware

  1. Open the Explorer.
  2. Insert these locations separately:
    %TEMP%, %USERPROFILE%\downloads
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %USERPROFILE%\Microsoft\Windows\\Start Menu\Programs\Startup
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Start Menu\Programs\Startup
  3. Search these directories one by one for any recently downloaded suspicious executable files with a random name.
  4. Right-click the malicious executable file and select Delete.
  5. Insert these locations into the Explorer separately: %WINDIR%\System32; %WINDIR%\SysWOW64
  6. Find "crrss.exe" and right-click to delete it.
  7. Remove the !!!-WARNING-!!!.txt and !!!-WARNING-!!!.html files.
  8. Empty your Recycle bin.
Download Remover for Coverton Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Coverton Ransomware Screenshots:

Coverton Ransomware
Coverton Ransomware
Coverton Ransomware


Your email address will not be published.


Enter the numbers in the box to the right *