Do not pay ransomware demands
Check nomoreransom.org first — free decryptors exist for many ransomware families.
Safe Mode scan
- Boot into Safe Mode with Networking (hold Shift, click Restart → Troubleshoot → Advanced → Startup Settings → F5).
- Download and run Malwarebytes Free — full scan.
- Download and run AdwCleaner (Malwarebytes product) — targets adware and PUPs.
Second opinion scan
Run ESET Online Scanner or Kaspersky Virus Removal Tool after Malwarebytes. Different engines catch different threats.
Check startup entries
Open Autoruns (Sysinternals). Review every startup entry — right-click suspicious items and Search Online. Delete anything clearly malicious.
After cleanup
Change all passwords from a clean device. Enable 2FA on email and banking. Consider a fresh Windows install if you suspect a rootkit.