Remove .PICO Ransomware v1.0 Virus and Recover Encrypted Files

6 Sep

This article will provide the complete information about .PICO Ransomware v1.0 Virus including its technical details as well as some easy steps to remove this malware and recover the encrypted files. All the files that have .PICO file extension are locked and they cannot be accessed directly. This ransomware is a newly detected malware and some reports suggest that it is a version of Thanatos Ransomware. Its ransom note is a text file namely README.txt. In this ransom note, it asks the victim to pay a fine of 100$ in Bitcoin or Ethereum to get the decryption key. So, before thinking anything about data recovery, you must focus on removing this malware and its scripts completely so that it cannot damage any other files and programs.

Every PC that is affected by .PICO Ransomware v1.0 Virus, it creates a files and folders on the desktop such as %Desktop%\Ransomware\ThanatosSouce\Release\Ransomware.pdb. The source code of this ransomware is very similar to Thanatos Ransomware. In its ransom note, it contains all the details about the malware including the demanded ransom money, payment process, email ID, Machine ID and so on. In order to run README.txt and “Microsoft Update System Web Helper”, it secretly modifies the registry editor. The related registry key are stored in the sub-keys as follow: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Microsoft Update System Web-Helper” = “C:\Windows\System32\notepad.exe %UserProfile%\Desktop\README.txt”.

.PICO Ransomware v1.0 Virus executes certain commands to delete the backup files in the Windows. The commands are as follow:

sc stop VVS

sc stop wscsvc

sc stop WinDefend

sc stop wuauserv

sc stop BITS

sc stop ERSvc

sc stop WerSvc

cmd.exe /C bcdedit /set {default} recoveryenabled No

cmd.exe /C bcdedit /set {default} bootstatuspolicy ignoreallfailures

C:\Windows\System32\cmd.exe” /C vssadmin.exe Delete Shadows /All /Quiet

Further, .PICO Ransomware v1.0 Virus contains data stealing scripts in order to steal personal sensitive information such as login credentials, IP address, System address and geographical location, firewall security settings and anti-virus and so on. On the other hand, it mostly targets personal files and multimedia documents such as music, videos, text, documents, archives etc. for encryption. It demands to pay ransom money but this is never recommended because this is a spam. They will not provide the original decryption key even after the complete money is paid. So, if there is backup files in some external storage device then use it. Otherwise you may also try using some data recovery software.

How .PICO Ransomware v1.0 Virus attacks the PC:;

  • Through spam email campaigns where additional attachment are sends containing malware scripts
  • Through peer-to-peer files sharing networks such as torrents
  • Through hyperlinks and intrusive ads
  • Through infected storage devices such as pen-drive and CDs
  • Not having an proper anti-malware tool and firewall security settings

Remove .PICO Ransomware v1.0 Virus using powerful Windows Scanner
Download Automatic Removal Tool to eliminate infectious threat

Now, if you don’t want to face all these functions later inside the PC with .PICO Ransomware v1.0 Virus then you were highly suggested to delete .PICO Ransomware v1.0 Virus by installing expert’s anti-malware tool inside the PC.

So, what is anti-malware tool?

Anti-malware tool (SpyHunter 4) is a powerful real time protection programs for the Windows Operating System which has been created by Enigma Software Group. It is fully capable to protect the Computer against threat like .PICO Ransomware v1.0 Virus. However, you can also remove this threat by manual process but it is little bit complexly. Besides that, the manual process requires Computer skill. That means, you need to put some extra effort on your PC in order to remove .PICO Ransomware v1.0 Virus. As well as, you should have ability to revert back any wrong steps which you have taken in manual process. Otherwise the PC might be goes even worst conditions. On the other hand with the anti-malware tool you don’t requires any extra Computer skill or effort. The Spy Hunter has been designed between experts and novice Users level. Thus, you can easily operate without any worries of harm your Computer. Therefore, in my opinion I would like to prefer anti-malware tool in order to uninstall .PICO Ransomware v1.0 Virus from Computer.

Complete tutorial to delete .PICO Ransomware v1.0 Virus using automatic removal method


  1. As you will run anti-malware tool, you will see two options located in middle of screen. Please click on **Scan Computer Now** option in order to proceed to full System scan.step-1
  2. You can also see the error result while scanning of PC.step-2
  3. If you want to scan any particular volume drive or removal pen drives then you can use this Custom Scan option.step-3
  4. Spyware Helpdesk will help you in solving the PC’s errors online (just like Customer services).step-4
  5. System Guard, this functions will helps you to keep your Computer safe from offline threat.step-5
  6. By using Network Sentry Option your browser will safe from online threat and your online activities will be protected by this anti-malware tool.step-6
  7. Al last, by enabling the Scan Scheduler function, your Computer will automatically keep scanned timely by this tool and notifies you if this tool caught any error.step-7

How to get rid of .PICO Ransomware v1.0 Virus manually?

Eliminate .PICO Ransomware v1.0 Virus by going through Control Panel:

  1. Click on the Start menu icon located on below left of screen (Right click for Windows 8 and 8.1 Users).control-panel-1
  1. Select Control Panel option > Programs.control-panel-2
  1. The Programs which were installed on PC were located in this list.control-panel-3
  1. Please find out .PICO Ransomware v1.0 Virus as well as their associated files and click on it to uninstall it.control-panel-4

Remove .PICO Ransomware v1.0 Virus entries from Windows Registry box:

  1. In order to go to the Windows registry box, please click on Win logo button+ R key together.manual1
  1. Type **regedit** in run dialog box. (If it asks your permission to open this window then click on Yes button)manual2
  1. Registry Box will suddenly open up please go through every location given below in this window in order to find out and delete .PICO Ransomware v1.0 Virus.manual3
  • HKLM\SOFTWARE\Classes\AppID\ .PICO Ransomware v1.0 Virus.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar
  • HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
  • HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
  • HKEY_CURRENT_USER\Software\Opera Software
    Explorer\Main\Start Page Redirect=
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\virus name
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Shell = %AppData%\IDP.ARES.Generic.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Random
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Random.

Method to prevent .PICO Ransomware v1.0 Virus and other similar threats in future

After all, the single biggest factor in preventing a threat like .PICO Ransomware v1.0 Virus infection is lies upon you. Even you already install anti-malware and you scan your Computer timely, if you don’t be carefully towards your PC while using it. It is obviously to get infected by .PICO Ransomware v1.0 Virus again. Therefore, you just need vigilance to avoid being affected by threat in future and n some tips and suggestion mention here will hopefully prevent your Computer from infection in coming time.

  • Keep your anti-malware updated.
  • Use strong passwords for valuable information to prevent from hacking.
  • Disable auto-run functions for downloaded files and injected drives.
  • Block auto update from network inside System.
  • Leave it out unknown recipient email attachments.
  • Avoid connecting to open source network like Wi-Fi.
  • Use hardware based firewall in order to protect your System against infections.
  • Deploy DNS protection from automatically get modified.
  • Use ad blocker extension and software in order to surf without getting any additional commercial ads and junk notifications.
  • Do not use any untrusted or unofficial domain for surfing and downloading files inside browser.

Click here to Download Automatic Removal Tool to Uninstall .PICO Ransomware v1.0 Virus

Leave a Reply