How to Remove Poteston Ransomware

What is Ransomware?

A Ransomware is a type of malware that prevents a victim from using their own computer unless they pay the ransom. The infection generally spreads through tricking users into opening an infected attachment or visiting a particular website that contains a ransomware intermediary.

How Does Ransomware Spread?

Ransomware spreads through tricking users into opening an infected attachment or visiting a particular website that contains a ransomware intermediary. The infection generally spreads through email attachments, instant message content, and spam email messages. The email attachment might appear to have an important, but non-malicious attachment with the message "Attn: From: Important Person" or "Important Message from ____". The user might also be tricked into visiting a malicious webpage that includes a malicious browser plug-in that downloads the ransomware.

How Does Poteston Ransomware Work?

Poteston Ransomware works by encrypting the files on the victim's computer and displaying an alert screen that says, "Poteston Ransomware has encrypted your files and photos. Poteston Ransomware wants a one-time payment of $300 to decrypt them. Once you have made this payment, Poteston will send you your decryption key."

Potston ransomware also uses a technique called executable file packing which is used to move certain parts of malicious code into an executable file that appears similar to a legitimate program that should be installed. Potstown takes advantage of this feature by using the executable file packing technique to hide its malicious activities such as retrieving data from infected computers and sending it back to Potston's servers or stealing bank account credentials.

How to Remove Poteston Ransomware

Poteston ransomware can only be removed manually by following the instructions below. A quicker option would be to not engage with the ransomware at all, and follow the steps below in order to remove Poteston Ransomware for a more thorough and efficient removal.

Step 1: Scan Your Computer

Install any antivirus or anti-malware software on your device that you have available, then scan your computer for Poteston Ransomware malware infections. You may find that it is uninstalled automatically after uninstalling Potston Ransomware because of its close relationship with this type of malware. Regardless, make sure to get your computer scanned in order to find out if it has been infected or not so you know exactly what needs removing.

Step 2: Remove Poteston Ransomware Related Files from Registry

Once you have scanned your computer for Poteston Ransomware related infections, you should implement the steps below to remove Poteston Ransomware.

Open Control Panel. If you have Windows Vista installed, then click Start and select Control Panel as shown in the screenshot below. If you have Windows 7 or 8, then click Search and type "control panel" as shown in the screenshot below.

When the Control Panel app opens, click "Uninstall a program" as shown in the screenshot below.

In the list of installed programs, locate Poteston Ransomware and uninstall it. For some unknown reason, it is recommended that you reboot your computer from Safe Mode by booting it up in Safe Mode with Networking before uninstalling Poteston Ransomware.

Step 3: Delete Poteston Ransomware Files from Windows Registry

Poteston Ransomware files often make their way into your Windows registry, or a part of your registry that is used for important system tasks. In order to successfully remove Poteston Ransomware, we must get rid of these malicious files from the Windows registry, so download regedit and follow these steps:

Download and run the Regedit program. On Windows Vista/7/8, press the Windows Key to access the Start Menu. Type in "regedit" and hit Enter.

On Windows Vista/7/8, press the Windows Key to access the Start Menu. Type in "regedit" and hit Enter. Navigate to [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon].

Right-click on Winlogon and select "Permissions," then make sure that it is set to Administrators=Full Control.

Navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] as shown in the screenshot below.

Right-click on Winlogon and select "Permissions," then make sure that it is set to Administrators=Full Control.

Restart your computer and log back in manually when prompted.

How to Protect My Computer From Ransomware

Potston Ransomware is known for infecting computers and attempting to extort money from the victim in exchange for access back to their computer. The user might also be tricked into visiting a malicious webpage that includes a malicious browser plug-in that downloads the ransomware.

Below are steps you can take to avoid being infected with Potston Ransomware:

1. Install any Software updates on your computer

2. Use an Antivirus on your computer.

3. Use strong passwords and update them frequently to prevent hackers from breaching your account credentials of your Social networks, Email Ids & World Wide Web Accounts.

4. Disable AutoRun for all drives

5. Enable a Firewall to prevent your computer from getting infected from malicious programs that may try to spread through your USB Drives or other external media.