How to remove the Reveton Ransomware (UPDATED)

This piece of malware, known as the Reveton ransomware, is still infecting people. And although the steps I made to remove this malware earlier on in the year still work for some variants, Most variants have adapted so the first method of removal no longer works. That being said, I have decided to write another guide with both methods of removal included.

If you can go into safe mode just fine, this is the guide you will want to follow.

Step 1: In safe mode with networking, open your web browser and go to http://www.malwarebytes.org/

Step 2: Click on free download. Download and Install Malwarebytes Anti-Malware

Step 3: Once Malwarebytes Anti-Malware has been installed, run a full scan.

Step 4: After the scan is complete, it may prompt you to reboot your computer to finish removing any detected items.


If you cannot go into safe mode without the ransomware blocking you from doing anything, or the above method does not work, follow this method. Note that for a few steps, you will need to have access to an uninfected computer if you cannot go into safe mode. These steps are slightly more involved then the above steps, but I have done my best to make it easier to do.

Step 1: Get a flash drive that can store at least 32 MB

Step 2: On an uninfected computer, go here and download the bit version corresponding to the bit type of the uninfected computer.

Step 3: Once the file has been downloaded, insert the flash drive you are going to use.

Step 4: Run the downloaded file.

Step 5: Once you see the start screen of Hitman Pro, click on the little picture of a person preforming a kick at the bottom of the window.

Step 6: You will now see instructions on how to create the Kickstarter Live USB. Click on the flash drive you will be using, then press install kickstart. You will then be presented with a warning that the flash drive will be erased. Click on yes to continue.

Step 7: Once the files have been downloaded and installed onto the flash drive, click the close button and take out the flash drive.

Step 8: Insert the flash drive into the infected computer with the computer turned off. Turn it on and then look for info on how to access the boot menu. If you cannot see any info, keys commonly used for the boot menu are F8, F11, or F12.

Step 9: Restart your computer and start tapping the indicated key. If one key does not work restart the computer and try another key on the above list.

Step 10: Now, select the flash drive with the Kickstart program installed and press enter. Once you see the new screen, press 1.

Step 11: Windows will load normally. After you log in, you will see the ransomware. Wait 15-20 seconds and you will see the Hitman Pro start screen. Click next to start the scanning process.

Step 12: Click No, I only want to perform a one-time scan to check this computer. Then click next.


Step 13: Once Hitman Pro has finished scanning, it will display a list of malware that it found. Click next, and if prompted, choose the 30 day free trial. Hitman Pro will now reboot your computer. Once it boots up, it will be free of the ransomware.