TowerWeb Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 774
Category: Trojans

If TowerWeb Ransomware has infiltrated your system, there is a chance that you will lose important files in this attack. In fact, there could be different versions of this screen locker ransomware out there. The sample we have tested deleted certain files but our research also showed that there could be variants that do not do that. This infection pretends to be a crypto ransomware; however, we have found that it does not do any encryption, only claims so. Once it is initiated, this malware locks your screen with its ransom note. You cannot get your files back or use your system until you pay the demanded ransom fee; at least, this is what this infection wants you to believe. One thing is for sure, though: We do not advise you to rush to transfer the fee because it will not give your files back. If you are lucky, it is only your screen that has been locked. Otherwise, you may lose some important files that could be recovered with certain software. If you want to protect your computer, we suggest that you act quickly and remove TowerWeb Ransomware ASAP because this malware restarts your system every minute.

It is very important to understand how this infection has entered your computer so that you can protect your operating system from similar threats next time. Both user reports and our research show that this ransomware is mainly distributed on the web in spam e-mails. The attached file in these mails is the executable of this infection. Therefore, the worst you can do is open this mail, download the attachment, and run it. However, this is exactly how users activate this dangerous threat. This attached file can pretend to be a photo or a text file with macro capabilities, such as a .docx and .pdf file. The trick these criminals use is to fool your spam filter and you as well that the sender of such a mail will look totally legitimate and the subject will seem very important for you to check. This subject can be a mail delivery error, a problem with your credit card, an undelivered package, an unpaid invoice of some kind, and the like. It is quite possible that most users would open such a mail and would want to check out the attached fake invoice or any other document. Unfortunately, the moment you open the file, you infect your computer and even if you delete TowerWeb Ransomware right away, it could be too late to save your files.

Once this malware infection starts up, it creates a registry entry in order to be able run as soon as Windows loads. This way you can never be really safe unless you remove TowerWeb Ransomware because every minute it will run and delete all your files in %USERPROFILE% and %TEMP% folders and then, it will also empty the Recycle Bin. At least, this is what happened in our case but it is also possible that your version does not even do anything to your files and just simply locks your screen to scare you. Practically, the moment you run the downloaded file, it pops up the ransom note image and blocks your screen. This image includes a Guy Fawkes mask that is famous for being used by the global hacker group called Anonymous. This note claims that all your files have been encrypted and you can only recover them if you pay the $125 US dollars fee within 24 hours. If you fail to do so, this amount is raised to $199 dollars. You are given an e-mail address ( to contact these criminals. You are asked to pay this fee in Bitcoins and an address is also provided for that. We know that seeing such a screen could scare you enough to fall for it. But you should know that even if you pay up, there is a good chance that you will not be able to recover your files, which most likely have not been encrypted anyway. Since your system reboots every single minute, this is how much time you have to remove TowerWeb Ransomware. So let us tell you how you can manage that.

First, you need to know that you can actually move from this lock screen by using the Alt+Tab combination. Once you make this screen disappear, you need to cancel all shutdown requests to stop your system from automatically restarting. When this is done, you can delete the malicious file and the registry entry to make sure that no leftovers of this dangerous infection remain. Please follow our step-by-step instructions below this article. It is possible that you are not up to this task if you are an inexperienced user. In that case, we advise you to download and install an up-to-date anti-malware application that could erase this threat and protect your system from any other malware infections. When you have finished cleaning your system, you can try to download a reliable file recovery program, such as Recuva, which might help you if your files have been deleted. If you are an inexperienced user, you may want to ask a friend or a professional to help you out with this. If you need any assistance regarding the removal of TowerWeb Ransomware, please let us know by leaving a comment.

How to remove TowerWeb Ransomware from Windows

  1. Use the Alt+Tab key combination to get rid of the lock screen.
  2. Tap Win+R and enter “shutdown –a” (this is supposed to stop the automatic shutdown of your system). Clik OK.
  3. Tap Win+R again and enter “taskmgr” to bring up Task Manager.
  4. Choose the malicious process (it has the same name as the executable file you downloaded).
  5. Click End task and exit the Task Manager.
  6. Find and delete the malicious file (where you downloaded it).
  7. Tap Win+R and enter regedit. Click OK.
  8. Delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\My app" registry value name. Keep in mind that this value name (“My app”) could be different for each variant.
  9. Close the Registry editor.
  10. Empty the Recycle Bin and reboot your system.
Download Remover for TowerWeb Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

TowerWeb Ransomware Screenshots:

TowerWeb Ransomware
TowerWeb Ransomware


Your email address will not be published.


Enter the numbers in the box to the right *