What is CryptoJoker?

CryptoJoker is a malware that is named ‘ransomware’ for the basic principle it uses. CryptoJoker aims to frighten a user and make him or her pay money. For this purpose once CryptoJoker gets into the system it inserts executable files into the %Temp% and %AppData% folders. The program processes locate the most useful and valuable for user files and encrypt them. The tasks are also responsible for collecting the information on the user, sending it to the Command&Control server and stopping ‘regedit’ and ’taskmgr’ processes. When the files are encrypted CryptoJoker generates a pop-up message blocking the screen. The text gives little information about the ransomware itself – only the notification about encryption and several email addresses writing to which the victim can get the details. This window will stay above all other windows until you remove CryptoJoker or terminate the WinDefrag.exe process.


How CryptoJoker gets on your PC?

CryptoJoker infection is spread on the Internet wearing the disguise of a PDF file, so it is assumed to get into computers via spam messages and spear phishing campaigns. Since this is a recently appeared threat that has already stroke many systems, you should be especially cautious while opening suspicious messages or clicking on the links of an unknown origin. It would also be wise to scan the files that you get through p2p sharing services.

How to remove CryptoJoker from your computer?

To uninstall CryptoJoker remove it from Control Panel, then delete all files and regkeys.

In our view, there are 3 products that potentially have CryptoJoker in their database. You can try to use them for removing CryptoJoker.

Recommended Solution:

Norton is a powerful removal tool. It can remove all instances of newest viruses, similar to CryptoJoker – files, folders, registry keys.


Download Norton*Trial version of Norton provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Norton.

Alternative Solution:

Norton Antivirus – detects files, registry values and folders of viruses that show the same behavior as CryptoJoker.


Download Norton

You can try both of these products to remove CryptoJoker

Or uninstall CryptoJoker manually.

Step 1: Start the system in Safe Mode

    For Windows XP/Vista/7:
  • Reboot the system
  • While the system is loading, press F8 button several times. Advanced Boot Options menu should appear
  • Choose Safe Mode with Networking.

For Windows 8/8.1/10:

  • On the Windows login screen click the Power button
  • Hold Shift and choose Restart
  • Select Troubleshoot
  • Go to the Advanced Options and then to Startup Settings
  • Select Enable Safe Mode with Networking

Step 2: Remove following files and folders of CryptoJoker:

Remove following registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\winpnp %Temp%\winpnp.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\drvpci %Temp%\drvpci.exe

Remove following files:


How to decrypt files infected by CryptoJoker?

Restore the system

  1. Initiate the search for ‘system restore’
  2. Click on the result
  3. Follow the on-screen instructions

Roll the files back to the previous version

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

Leave a Reply

Your email address will not be published. Required fields are marked *