YouTube Ransomware is a new fake crypto ransomware that locks your computer’s screen making it inaccessible to you. According to our researchers, unlike what it claims on its ransom note, it does not encrypt your files at all but to simply trick you into believing so. Although it does not seem to do anything to your files, you should not put your guard down because after doing a thorough research about the YouTube Ransowmare, it seems that it is still under development process. if your computer is infected with this fake crypto ransomware, you must get rid of it quickly.
Once it gets in to your computer, the YouTube Ransomware displays a lock screen that mimics the YouTube web page template. But instead of videos, it displays a ransom note that tries to intimidate you. The ransom note consist of the following:
“You have violated the YouTube law!
Watching something copyrighted does not give you authorization to watch the content. Even if you never claimed to own the copyright or gave the copyrighted owner! watching these videos on YouTube may violate the copyright law! for that this computer will be blocked you cannot do anything! unless if you put in the password right Your computer will be set free to use and you will get another chance to use YouTube!”
As you can see, based on the poorly written ransom note, it is obvious that this fake crypto ransomware is not as dangerous unlike what it’s trying to show you in the ransom note. But still, you should not take any chances and leave such threat on your system for it might cause further complications. Remove the threat using the instructions we will discussed later on.
The YouTube Ransomware is very similar to other fake crypto ransomware which operates by limiting your access to your computer. Another reason not to underestimate this fake crypto ransomware is that it has the ability to modify Windows’ utilities such as the Windows Task Manager, Command Line and even the Registry Editor to make its removal difficult to do.
The YouTube Ransomware is distributed through different ways. This ransomware has an executable file named YouTube.exe that is sent to your email. The spam email may look like an important email but don’t let that fool you for spam emails like that often contain corrupted attachments. Moreover, this threat can also be obtained by clicking suspicious ads or links and even fake software updates. That’s why you should steer clear of suspicious links or websites for it may land you this annoying ransomware and opt for a trusted software’s official website to download it.
As promised, this article will provide you complete instructions to eliminate the YouTube ransomware. Follow them thoroughly.
Step 1: Hold down Alt + F4 simultaneously to close the lock screen.
Step 2: Open the Windows Task Manager by pressing Ctrl + Shift + Esc. Go to the Processes tab. Locate suspicious processes that can be related to the YouTube ransomware. Right-click on them and select Open File Location then scan them using any up-to-date antivirus. After opening each folder, end the infected processes and delete their folders.
Step 3: Open Control Panel by pressing Start key + R to launch Run and type appwiz.cpl in the search box and click OK.
Look for the YouTube ransomware or any suspicious program that might be related to it and then click Uninstall.
Step 4: Go to the System Configuration. To do so, click the Windows button and type msconfig in the search box and hit Enter Proceed to Startup and unmark items with an unknown manufacturer.
Step 5: Hold down Windows + E keys simultaneously.
Step 6: Go to the directories listed below and delete everything in it. Or other directories you might have saved the file related to the YouTube ransomware.
- %USERPROFILE%\Downloads
- %USERPROFILE%\Desktop
- %TEMP%
Step 7: Look for the malicious executable file (YouTube.exe) or any suspicious executable file that could be related to YouTube ransomware.
Step 8: Right-click on it and click Delete.
Step 9: Open the Registry Editor, to do so, tap Win + R and type in regedit and then press enter.
Step 10: Locate the path below and check if there is a new suspicious entry.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Step 11: If there is a new suspicious entry that can be related to the YouTube ransomware and delete it.
Step 12: Close the Registry Editor.
Step 13: Empty the Recycle Bin.
Step 14: Restart your PC.
Step 15: Perform a full system scan using SpyRemover Pro.