How to remove Puma virus and restore encrypted files

Puma infection is the worst threat that you can meet in the Web as a common user literally can't uninstall it. The exclusive event when you can beat an encrypting virus is when you aren't facing a real one, but a dummy, that covers your screen and attempts to deceive you into making a payment. In any other event, if a virus was developed and adjusted in a proper manner – you can only expect that malware researchers will deal with it. If fraudsters failed somehow, and a malware has any vulnerabilities, that let you to get back files – you'll find a solution on this page.



So, what we'd find if we look inside a Puma? It is built upon a completely legal encryption system which modifies all folders on operator’s machine, so customer can't utilize them in any approach. Of course, a key is also encrypted with another algorithm. In most cases, web-criminals favour RSA and AES methods, which are famous for their complexity and reliability. These methods and the tools built upon them are in public access in the Web, so scammers just need to create techniques of defense, to restrict an access to a virus, and make the reliable update and control system. Some encrypting tools can act in standalone mode, and web-criminals get a report about another "client" as late as he approaches them and transmits his ransom. Other encrypting viruses are very active, and send data to thousands URL's, to confuse the malware-fighters and maximize the work required to defeat a ransomware.


Regardless of ransomware’s kind, the AES and RSA methods are very complicated to decipher them directly. It will take centuries to make all required operations on a regular device and, possibly, 3-4 decades in case of usage of an industrial computer. The best method to beat a high-quality encrypting malware is to hack into it, or break into its server, to receive encryption keys. Some viruses also have a switch, able to stop ransomware's operation completely or to drive it off a particular device. If someone discovers such breaker for this virus, or make a decryption tool, we will update this article.


Here we've gathered several things to inspect, before you can give in and await for a decryptor. As it is written in previous paragraphs, web-criminals also fail, and certain peculiarities of the system may serve you to restore information.


  • If you do not employ the Windows from an administrator's profile – you're really lucky. The point is that your Windows duplicates all data before their uninstalling or modification. Suchlike copies are called Shadow Volume Copies, and the virus has the ways to delete them. If you're employing the user's account – the OS requests for a permission at the very second Puma starts to erase SVC. In case you saw such request and reversed it – then the copies are safe, and could be used to get back the information.
  • If you have a backup, and placed it on an outer flash drive – just remove Puma and use it. Make sure that Puma is uninstalled totally, because if it’s not – all info will be corrupted instantly, including the files that are on a flash drive.


If you revised all these things and you have no chance to get back your data – you should uninstall the virus from your machine and expect when a decryption tool will be developed.

How to remove Puma

Unfortunately, you can't totally escape an installation of software. The virus is incredibly stealthy and you might pass some parts and then regret it (it might happen if you connect an outer data storage with your saved data to a not-completely-purged machine). It also conceals very good, so you literally won’t be able to eliminate it totally with your own hands. Here's your deletion instruction which will assist you to beat this problem. It contains a few manual stages and an optional AV software phase.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

Here's Spyhunter anti-viral software that is not just efficient, but also modern and constantly evolving program that will clear your system of all viruses. Click the link below to download it and delete the virus.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

As you eliminated the virus, or at though learned how to do that, let’s talk about the data restoration. As you know now, if you use an admin entry and you granted the virus an access to the device – you have no method to recover your information except for the previously saved copies. If you use a common account – you might have a chance, but you will need peculiar recovery software. The best ones of them are ShadowExplorer and Recuva programs. You can get these tools simply on their official sites, with thorough instructions.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience