How to remove PelicanC.dll virus and restore encrypted files

Ransomware is one of the most dangerous and irritating type of programs. These viruses penetrate your system and encrypt all files in it, asking a ransom for their decryption. Most of the users do not understand what modern cryptography is, so we will explain the situation in few sentences. There are extremely strong encryption algorithms that are used by governments and military forces of many countries, and these algorithms are in the free access on the Internet. Hackers use them to encrypt user's data, and without a private key there is no way to decrypt data. Actually, there are two ways to beat these algorithms: to hack the scammer's C&C server and extract the master key from there, or to crack the virus itself, and retrieve the key. In most cases, the victims of the virus can only hope that the knowledge of malware fighters will be more complete than the knowledge of scammers.


Another important parameter related to decoding is the number of victims of the virus. Ransomware is created almost every day, but not all viruses of this type become really famous. Some viruses, for whatever reason, stop working, infecting just a few hundred computers. Of these few hundred users, only a few are looking for support on the Internet, and quite a few of the victims find those sites on which they can really receive help. Thus, ransomware might not be very complex for experienced malware fighters, but they just will not start working on it.


Today's article is dedicated to the virus, called PelicanC.dll and it is not spreading well. If you are not lucky enough to infect your computer with this virus, we will tell you what to do and how to clean your computer from it.


PelicanC.dll ransomware virus


Like other similar viruses, PelicanC.dll penetrates computers via spam e-mail. Scammers create a bait message depending on what audience they target, and send it from several (or several dozen) free mailboxes. Messages other than text contain a script disguised as a Word document or an Excel spreadsheet that the user would have to open if the message were true. In fact, scammers, like 99% of modern hackers, cannot penetrate through the protection of hundreds of computers at the same time, and then resort to social engineering. Most often, letters are executed in the form of notices of receipt of the prize (parcel, letter, inheritance or something else), and to receive the prize you need to open the attached document and fill it. Clicking on the file with the "document" launches a script that installs the virus or downloads it from the scam server. After that, the encryption process begins, which can last from several minutes to several hours, depending on the number of files stored on the computer and its performance.


Upon completion of the process, the user receives a message with redemption requirements and contacts for communication. Previously, scammers almost always indicated the amount of ransom, but now they prefer to determine it on their own, after receiving a report on the number of files and their estimated value. The average repurchase amount varies from $100 to $3000 and even higher. If you see a message with requirements, then all the files are already encrypted and you should think about the choice that needs to be made.


The victim of the virus has a choice: to pay or not to pay. Having paid for the ransom, you may POSSIBLY get your files back, but there is no guarantee. When dealing with scammers you cannot rely on their decency, so that you can lose not only files but also money. If you do not want to pay the ransom, chances are good that specialists will soon be involved in the fight against this virus, and it will be hacked, and the extracted keys will be used to create the decryption program. In any case, you have only one reliable way to get your files back - this is a usage of a previously made backup. If there is no backup, or it was stored on the computer itself - then you just need to clean the computer of the virus, and save the files in a separate folder, waiting for the release of the decryption program.


How to remove PelicanC.dll Virus

If you are not going to pay scammers, and thereby encourage them to create the next virus - then you should remove PelicanC.dll from your computer. You can do this either manually or with the help of an antivirus program, however we recommend the second option. It's not about the reliability or efficiency of manual removal, but that to get the result you will need an in-depth knowledge of the computer and viruses. You will need to find all the virus files hidden in the system, and delete them without leaving a trace. Otherwise, the virus can recover, and infect the computer again, also striking new data. To remove PelicanC.dll, we recommend you to use our instructions and Spyhunter antivirus which will quickly and without additional difficulties clean any virus of your system.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.

Removal instruction




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files encrypted by PelicanC.dll

In this entry we have already told that the operator whose machine is captured with encrypting virus has only one 100% safe technique to recover files: to upload the backups. All other methods that we describe here can't guarantee the outcome. The only advantage of backups is that they are kept on an external drive, and are not sensitive for PelicanC.dll's exposure.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


All other manners depend on the OS in-built services, and their efficiency may be decreased by the virus itself and the lack of practice. We can advise you two supplementary decryption methods. They are: Shadow Volume Copies service and the restore via special decryptor. Decryption via special decryption program is very efficient, but unfortunately, such a tool does not yet exist. But you should watch the web-sites of the respectable AV software developers who often develop such decryptor. By-hand decryption with help of Shadow Volume Copies might be done right now. You can use the built-in functionality of Windows OS, but, we offer you more user-friendly tools that will seriously facilitate your task. These programs are called Recuva and ShadowExplorer. Both programs are toll-free, you might get them on the official web-pages, with step-by-step instructions for their use.




Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 5.00 [1 Vote]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience