PewDiePie Ransomware Removal Guide

If you have never heard about a battle going on between a famous YouTuber called PewDiePie and an Indian company named T-Series, you might be forced to learn about it after encountering PewDiePie Ransomware. Since the battle is about who has more subscribers, the malicious application locks the user’s screen and demands him to subscribe to PewDiePie’s YouTube channel. Such a request is quite unusual considering most of the ransomware applications are designed for money extortion. The malware is also persistent since it creates a few tasks in different Startup folders. Thus, if you unlock your screen, but do not erase PewDiePie Ransomware, it should lock the screen once again with the next restart. Because of this we highly recommend getting rid of the threat if you do not want it to disturb you ever again. To learn more about it, you should continue reading this report, and if you wish to know how to eliminate it, have a look at the instructions located below the article.

Our specialists believe the threat is most likely being spread through Spam emails. It would mean PewDiePie Ransomware could enter the system with some malicious email attachment received from an unknown sender. You might be surprised to learn that a lot of users receive such threats because of their curiosity and carelessness. Every time you receive a file you were not supposed to get, data from someone you do not know, or in other words attachments raising suspicion, you should either delete them or check them with a reliable security tool to be sure. Keep in mind other ransomware application can encrypt your files and even ask you to pay a ransom to get them back, so the next time you launch a malicious file, it could cost you much more than a denied access to the PC.

First, PewDiePie Ransomware should create the earlier mentioned Startup tasks to ensure it will be able to launch again when the user restarts the computer. Then it should lock the user’s screen by displaying a black borderless window. Inside of it victims should see the following sentence written in red letters: “You Have Been Fucked By PewDiePie RansomWare.” The rest of the message ought to explain that the user has two days to subscribe to the PewDiePie channel through the provided YouTube link. About in the middle of the message, there should be a clock showing the remaining time left to subscribe too. Getting rid of this screen is tricky mostly because the malware blocks Task Manager. As a result, killing the malicious application’s process to close its window is out of the question. As you realize, restarting the computer is no us either since it will only relaunch PewDiePie Ransomware.

Our researchers say the only solution is to restart the computer in Safe Mode with Networking. This way you will have two options to eliminate it. The first one is to delete PewDiePie Ransomware manually by erasing all its created files. The instructions located below can show you how to do this. The other option is to install a reliable security tool and scan the computer with it. This way you could eliminate this ransomware and other possible threats by just pressing the given deletion button.

Restart your system in Safe Mode with Networking

Windows 8/Windows 10

1. Tap Win+I or go to the Start menu and click the Power button.
2. Tap and hold Shift and click Restart.
3. Select Troubleshoot and choose Advanced Options.
4. Pick Startup Settings and press Restart.
5. Press the F5 key and reboot your system.

Windows XP/Windows Vista/Windows 7

1. Open Start, press Shutdown options and click Restart.
2. Tap and hold the F8 key when your computer is restarting.
3. Wait till you see the Advanced Boot Options window.
4. Choose Safe Mode with Networking.
5. Press Enter and log on to your computer.

Delete PewDiePie Ransomware

1. Tap Win+E.
2. Go to these locations:
   %TEMP%
   %USERPROFILE%\Downloads
   %USERPROFILE%\Desktop
3. Find the malicious file opened before the system got infected, right-click it and select Delete.
4. Navigate to these paths separately:
   %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
   %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
   %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
   %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
5. Search for files named svchost.exe, right-click them and select Delete.
6. Close File Explorer.
7. Empty Recycle Bin.
8. Restart the computer.