Mischa Ransomware Removal Guide

Mischa Ransomware is a serious computer infection that will appear on your system if another well-known ransomware infection called Petya cannot be installed. In most cases, Mischa Ransomware is installed instead of Petya because the latter ransomware requires the Administrative privileges. If it is unable to gain those rights, Mischa Ransomware is installed instead of it. Mischa Ransomware does not differ much from already existing ransomware infections because it also encrypts a bunch of files stored on the computer soon after it sneaks onto the computer. Like other ransomware infections, this threat will also ask to pay a ransom. Of course, there is one unique thing about it too. Specialists working at 411-spyware.com have revealed that this threat modifies the MBR (Master Boot Record) upon installation. Unfortunately, this means that it will not be easy to get rid of this threat. Do not worry; further in this article we will explain you how to fix the MBR.

It has been noticed that Mischa Ransomware is targeted at companies based in Germany mainly; however, it can sneak onto computers that belong to ordinary computer users as well. We are sure that you will notice if this really happens. First of all, your computer will be restarted and then fake Chkdsk (Windows system tool) will be launched in order to make sure that users do not restart their computers. When the fake Chkdsk procedure finishes or a user attempts to restart the computer, he/she immediately notices a window containing an ASCII skeleton and words “PRESS ANY KEY.” If a user does as instructed, a window with a ransom note appears:

You became victim of the PETYA RANSOMWARE!

The harddisks of your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key.

The message also contains step by step instructions on how to purchase the key for decrypting files. Specialists have found out that this key costs 1.93 Bitcoins (~$875); however, a higher ransom might be set in the future too. On top of that, users have observed that the ransom doubles after 7 days, so if you are planning on purchasing it, you should not wait much longer.

Mischa Ransomware is going to encrypt a bunch of different standard data files having such filename extensions as .docm, .bat, .prf, .srw, .bmp, .gif, .tiff, .mp4, .disc, .iso, .toast, .ccd, .disc, .txt, .lnk, .bak, .pas, .aac, .mts, .m3u, .ram, etc. In addition, it might also touch .exe files. Unfortunately, there is no way to decrypt files for free at the time of writing; however, you should not hurry to pay a ransom because nobody knows whether you will really get the key for unlocking your files. In case you decide not to make a payment, you need to delete Mischa Ransomware as soon as possible. As you already know, it will not be very easy to do that, so we suggest that you continue reading this article.

Many users wonder how Mischa Ransomware managed to enter their systems, so we have decided to talk about the distribution of this threat in a more detailed way. Research has shown that Mischa Ransomware is usually distributed via emails containing a download link to Dropbox. If a user opens it, he/she notices a file, e.g. PDFBewerbungsmappe.exe. It has the PDF icon and looks completely decent at first sight, which explains why there are so many users who download and start it. After they do that, the executable will immediately try to install the Petya Ransomware. In case it is impossible, Mischa Ransomware will be installed instead of it. In order to make sure that similar threats cannot sneak onto your PC again, you need to install a security tool on your computer and do not open suspicious files ever again.

Unfortunately, the only way to make Mischa Ransomware disappear is to repair the MBR. Below you will find our step-by-step instructions that will help you to do that. After doing that, you will also have to reinstall your Windows OS. If you have used Repair&Recovery function to set up Windows, you will also have to delete the malicious file (e.g. PDFBewerbungsmappe.exe) you have launched (do not forget to take care of its copies in %TEMP% too!). Of course, it is possible to do that manually; however, the quicker way would be to acquire a security tool, e.g. SpyHunter and then scan the system with it. A trustworthy scanner would also delete additional threats for you as well.

Remove Mischa Ransomware

Fix the MBR (Master Boot Record)

Windows XP

1. Boot from your Windows XP CD.
2. Press any key when you notice Press any key to boot from CD…
3. Tap R to open Recovery Console in the Welcome to Setup screen.
4. Type 1 and tap Enter when you notice the question Which Windows installation would you like to log onto.
5. Enter the password and tap Enter at Type the Administrator password.
6. Enter fixmbr.
7. If you see the Are you sure you want to write a new MBR message, tap Y and hit Enter.
8. Tap Enter.
9. Remove CD and type exit.
10. Tap Enter.

Windows Vista

1. Boot from your Windows Vista CD.
2. Select your language and keyboard layout.
3. Click Repair your computer at the Welcome screen.
4. Select the OS and click Next.
5. Open Command Prompt.
6. Type these commands: bootrec /FixMbr , bootrec /FixBoot , and bootrec /Rebuil.dBcd .
7. Tap Enter after each of the commands.
8. Remove CD and type exit.
9. Tap Enter.

Windows 7

1. Boot from the Windows 7 installation DVD.
2. Press any key at the Press any key to boot from CD or DVD.
3. Select a language and the layout of the keyboard.
4. Click Next.
5. Select the OS and click Next (the Use recovery tools that can help fix problems starting Windows must be checked).
6. Click Command Prompt at the System Recovery Options window.
7. Type bootrec /rebuildbcd and tap Enter.
8. Type bootrec /fixmbr and tap Enter.
9. Type bootrec /fixboot and tap Enter.
10. Remove the DVD.
11. Reboot your PC.

Windows 8/8.1

1. Insert the DVD and boot from it.
2. Click Repair your computer at the Welcome screen.
3. Select Troubleshoot and open Command Prompt.
4. Type the following commands: bootrec /FixMbr , bootrec /FixBoot , bootrec /ScanOs , and bootrec /RebuildBcd (tap Enter after each of these commands).
5. Remove the DVD.
6. Type Exit and tap Enter.
7. Reboot your PC.

Windows 10

1. Insert the installation DVD.
2. Tap F8 to boot to the Windows Recovery Menu.
3. Open Troubleshoot.
4. Click on Advanced options.
5. Open Command Prompt.
6. Enter bootrec /RebuildBcd and tap Enter.
7. Enter bootrec /fixMbr and tap Enter.
8. Type bootrec /fixboot and tap Enter.
9. Type Exit and tap Enter.
10. Restart your PC.