How to remove Pumas virus and restore encrypted files

If you've faced an encrypting program and you know that it’s the Pumas virus – here you will find help. We suggest simple and tested advice on Pumas uninstalling and possible manners to restore the encrypted info.

What is Pumas

Ransomware is a roadkill of our society, and we all know that if you can not view your data and you see a ransom note – it’s time to be anxious. It’s a true, by the way. An encrypting virus is the ugliest threat that you might meet on the Internet because a regular user literally cannot eliminate it. The only situation when you can beat ransomware is when you are not facing a true virus, but a phoney, that blocks your screen and tries to trick you into paying a ransom. In all other cases, if ransomware was created and maintained in a right manner – you should only hope that specialists can defeat it. If swindlers failed somehow, and a malware has any drawbacks, which give you an ability to restore data – we’ll explain to you what you can do in our entry.



So, what is ransomware? It consists of an absolutely legal cryptography algorithm which modifies the data on operator’s PC, so you can't use them in any approach. Of course, a key is encrypted too, but with a different method. In most cases, these algorithms are AES and RSA, that have proven themselves the most hard-to decrypt and reliable. The mentioned manners and the programs based on them are freely available in the Web, so swindlers only need to develop security mechanisms, to block an inlet to a virus, and create the flawless update and control system. Some pieces of ransomware may work in standalone mode, and swindlers know about a new victim not before he turns to them and forwards his money. Other ransomwares are highly active, and send reports to thousands servers, to confuse the researchers and maximize the time needed to defeat a ransomware.


Ransomware sort doesn't really matter, as the AES and RSA algorithms are very complex to break them directly. It it requires centuries to perform all needed calculations on a usual machine and, possibly, few decades in case of usage of a mega-efficient computer. The only method to neutralize a powerful encrypting malware is to find vulnerabilities in its code, or hack the Command & Control website, to get a master key. Rare ransomware examples also have a switch that can cease ransomware's operation totally or to make it pass the infected device. If someone finds such switch for Pumas, or create a decryption tool, we'll update this article.


Here we've gathered several possibilities to test, before yielding and looking for a decryptor. As it is written in previous paragraphs, Internet-criminals also fail, and certain characteristics of the system might assist you to get back your data.


  • If you have a copy of the information, stored on the outer drive – just uninstall Pumas and upload it. Make sure that Pumas is removed totally, because if it isn't – all info will be corrupted one more time, including those that were saved on a flash disc.
  • If your system entry has no admin capabilities – it's your lucky day. The point is that the operating system creates copies of any data before they’re eliminated or encrypted. These files are known as the SVC, and Pumas knows how to eliminate them. If you're employing the user's profile – the OS asks for a authorization at the very moment Pumas tries to delete those copies. If you've seen suchlike request and ignored it – your SVC are alright, and might be used to restore the data.


If you revised all these things and you have no chance to recover your information – you should delete Pumas from the computer and expect when a decryption tool will be published.

How to remove Pumas

Unfortunately, you can't fully avoid an installation of an antivirus. Pumas is incredibly tricky and there is a possibility to pass some parts and then suffer from it (for instance, when you line up an outer drive with your backups to a not-totally-purged machine). It also hides very good, so you literally won’t be able to uninstall it entirely with your own hands. According to this, we have created a good deletion directions which can suit all your needs. It contains a few manual stages and one optional antivirus program stage.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

Here's Spyhunter AV software that is not just effective, but is swift and continuously developing program that is able to clean your computer of all harmful programs. Press the button under this paragraph to try it and eliminate the virus.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

When you removed the ransomware, or at least you learned how to do that, let’s think over the info restoration. As we said before, if you logged in from an administrator entry and you granted Pumas an access into the computer – you have no way to restore the files aside from the backups. If you use a common profile – you might have a chance, but you will need especial recovery tool. We suggest you to try ShadowExplorer and Recuva programs. You can download these tools easily on the registered websites of their creators, with thorough guides.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 5.00 [1 Vote]

You have no rights to post comments



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience