M4N1F3STO Virus Removal Guide

Click here to visit Original posting

M4N1F3STO Virus Removal Guide

  • Sun, 11 Dec 2016 16:37:59 EST
  • Read 173 times

The M4N1F3STO Virus screen locker is a Trojan that displays a picture of what is intended to be a hacker with the message that the victim's files are being deleted unless .3 bitcoins are sent to an enclosed bitcoin address. Once you enter the correct code, the screen will unlock and another screen will be displayed that contains text saying how the victim was tricked.

Thankfully, the unlock code for this scam could be retrieved from the executable and can be entered into the field to terminate the screen locker. Due to the words used in the code, I do not want to post it on the site. To view the unlock code you can visit this tweet. This screenlocker can also easily be removed simply by reboot into safe mode and performing a security scan from there.

The text of the screenlocker is:

I want to play a game with you. Let me explain the rules:
Your personal files are being deleted. Your photos, videos, documents, etc...
But, don't worry! It will only happen if you don't comply.
However I've already encrypted your personal files, so you cannot access therm.

Every hour I select some of them to delete permanently,
therefore I won't be able to access them, either.
Are you familiar with the concept of exponential growth? Let me help you out.
It starts out slowly then increases rapidly.
During the first 24 hour you will only lose a few files,
the second day a few hundred, the third day a few thousand, and so on,

If you turn off your computer or try to close me, when i start the next time
you will het 1000 files deleted as punishment.
Yes you will want me to start next time, since I am the only one that
is capable to decrypt your personal data for you.

Now, let's start and enjoy our little game together!"

1GmGBH9ra2dqA8CgRg8a8Rngx4qHb2hLDW

Send 0,3 bitcoins to this adress to unlock your Pc with your email adress.
Your can purchase bitcoins from localbitcoins


Once the correct pass code is entered, the alert that is shown will contain this text:

JUST DELETE IT
TO REMOVE IT
HAHA YOU HAVE BEEN
FOOLED

How did the M4N1F3STO Virus screenlocker get on my computer?

It is not currently known how this Trojan is being distributed. It could be distributed using fake software cracks or through free programs you download off of the Internet. As more information becomes available, we will update it here.

As the current unlock code is known and we can use Safe mode with Networking clean the computer, removing this infection is fairly easy. If the code does not work or you are unable to remove it on your own, you can use the removal guide below to remove the M4N1F3STO Virus for free.

Array
View Associated M4N1F3STO Virus Screen Locker Registry Information

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\WindowsApplication1 [path_to]\receipt.exe