For those, who haven't watched the decription method - actually, the drive IS NOT formatted. The MGE (Millitary Grade Encryption) affects mainly HDDs, and everything is placed in an unreachable segment of the drive.
i found a way to stop it! Remove the power cable or battery before the boot! remove the disk and attach it to another pc, remove the petya entry and rebuild the wbm (Windows Boot Manager)...
@Nguyen Truong Minh the sword and the shield always evolve together. Maybe Petya's (or any other viruses') creators laugh on their victims, but as time passes, there will be crafty programmers who can decrypt, defeat and develop a recovering method against it. The same with computer protection. As firewalls, antiviruses and users' caution improves (like knowing the free iPhone is a scam and they don't click the virus link), there will be crafty hackers who will manage to breach through these defense lines (I already heard about viruses that are able to trick antiviruses and hide from them).
Petya: HAHA! NOBODY CAN DEFEAT ME! IM THE UNDEFEATABLE VIRUS! Pandotech: hold my beer Edit: almost forgot about this comment, thanks for the 41 replies.
I am selling time stamps for the warnings/best moments 3:04 *Beware of eye bleed* 3:58 *Pando swearing alert* 4:26 *Pando starts spamming Petya* 0:00 *Video starts :)*
It doesn't format the disk, it encrypts the master file table so the drive becomes useless. 0 bytes/0 bytes is not the sign of a formatted disk, but a corrupted one
I have found that if you boot into the Windows install disk after the computer blue screens, but before it stats to boot from the hard drive again, and run the MBR repair command (fixmbr on Windows 2000/XP, and bootrec /fixmbr on Windows Vista onward), you will save your data. I suspect this happens because the file overwrites the MBR with a trojan that will encrypt the hard drive the next time the computer boots up, but it doesn't activate until you boot from the hard drive again, and if it hasn't activated, you can basically "disarm the bomb", and save all your data. But if the encryption has activated, you're basically screwed unless someone can make a decryption utility.
False, do not format the pc. Petya does not encrypt the files, what she does is erase the list that has the hard disk to find and work with them. To recover all your data, it is necessary to restore that "list", which can be restored with the serial that has to be set to petya. When the files are not found, it appears that the disk is empty, but this is false. So, how can I recover my valuable files? Answer: You must connect the hard drive of your computer to another computer, and scan that disk with an application, which will give us a code which we must put on a web (I do not remember what it was called) that will give us the key to be able to restore that list. We place the hard drive again on the affected PC and enter the previous key. If you want to see the URL of the websites and the name of the program, you can find it on RUclips
David. Do you fucking know what a hard drive is? If it encrypts then the physical storage device is well, encrypted. You can't just pop it into another computer.
DAVID HERNANDEZ if you put the hard drive on any other pc it will give the same problem. Because the hard drive is like a Memory Card where it stores all the system files and windows. And if you put it on another computer it will come with virus because it erases the system and encrypts the MBR.
DAVID HERNANDEZ well, instead you can just need a program to make a Petya key to decrypt or should I say, restore for free without paying. Also, like he/she said (Pando!) do not enter, so this technique by using the program to get a key for free is the best option.
The boot information and the OS information are crypted, that's why they don't appear. It shows 0 bytes used of 0 because Petya used a custom filesystem. Still, you may be right or not.
I think you just got a new subscriber! Love this. Tip tho: dont use all red for your text. Maybe switch to blue or black on the more red screens. It shows up better and is easier to read.😊
So basically if you get petya, your screwed. got it. Also, it should be noted that with heaping amounts of luck and skill you CAN restore an infected computer, if you stop the fake chkdsk scan BEFORE it finishes. Moms computer got it. I stopped the chkdsk scan before it finished and realized i aas dealing with something wayy out of my league. I brought it to a computer repair shop the next town over. Took them 3 days and god knows how many tries (they admitted it infected their machines too) to get it off, but they did it. Got moms computer back running eith some new antivirus! Praises to you Cold Snap tech in Eveleth, MN!
Here is the second way bc u cannot made it: Basically u download like the petya key from other person. The CMD will appear. Copy and paste the id notepad to your folder. Replace all then replace the name with id_raw. Now open the CMD and copy the petya key win 32 two times it will say that parameter is missing. U write like petya key win 32 then petya exe then the id_raw. Now click on any type of variant on cmd, GET THE KEY CODE FROM CMD AND YOU DONEE!
Idk if avast is totally taken off cuz in regist editor there is some archives with avast on name should i delete EVERYTHING ABOUT AVAST OR THAT THINGS without any file (i deleted all manually) are not dangerous??
It is imposssible that PETYA has formatted the drive because its core files are necessarily located into a partition, which is the one it encrypted. PETYA destroy the Master Boot Record or GUID Partition Table and the Master File Table. WINDOWS SIMPLY CANNOT RECOGNIZE AN ENCRYPTED DISK, AND EVEN CAN'T BOOT UP FROM IT SO *THERE ISN'T ANY PROOF* . The disk is empty and it is "0 Bytes of 0 Bytes" because Windows cannot recognize it and BOOTREC /SCANOS searched for Windows Boot Loader, which was cancelled and overwritten by Petya one. You could simply stop the chkdsk, and type bootrec /fixmbr and if some of system files weren't available anymore, simply copy that from X:\Sources to C:\Windows.
UPDATED THIS VIDEO, GO CHECK: ruclips.net/video/9fW-NWT3eyY/видео.html
:)
thanks bro i've been waiting for 5 years after this video last thanks!
TYSM FOR HELP
No keyboard found. Press any key to continue
*touches a door key*
Hmmm, i have a key for my home,car,gate. Which one should i pick??
**clicks mouse**
lol
It says "Press any key to continue" so I pressed off button
Red text on red background. Outstanding move
Lol i completely agree with you🤣🤣🤣
they fuckin shit their pants
But seriously tho
the red text is lighter
Drop shadow helps, but still, when you have an infinite library of colours to chose from why go red on red? Ridiculous.
For those, who haven't watched the decription method - actually, the drive IS NOT formatted. The MGE (Millitary Grade Encryption) affects mainly HDDs, and everything is placed in an unreachable segment of the drive.
i have an hdd oof
@@flamboyantliquid7659 i have ssd
@@ThySANSisNow usually Windows is on HDD. My Windows is on HDD, and my Kali and Ubuntu are on SDD.
I've been running windows on ssd for around 2-ish years, phew
@@Mentis_Mori same
Petya: *formates disk*
me: y know that you deleted youself too right
Petya: wait wha----
certified bruh moment
Yeah, bruh moment
bruh
yes
I think petya didnt delete hes own files or thats wrong and i have a brain error
Fact: The music actually scares me more than Petya xD
FR
The backsound music it's so more dramatically
*Scarely
Fr
xd
Yes
Intro song: XenoGenesis
1st song: Lunar Abyss
2nd song: Lunar Abyss
3rd song Lunar Abyss
4th song Lunar Abyss
5th song: idk
fifth song is detious & lockyn - allure
Good job man))
5th song - Darude Sandstorm
Geometry dash player???
Gd is dah besst
WARNING! Don’t play the intro at full volume
yea it seems messed up
tell me music name pls
TypicalLucas The Song Is Called Dark Paradise By TheFatRat
Why?
thef1y earrape
Yeah, you successfully recreated 2010 yt tutorial experience
Me: Realizes the first song is xenogenesis and the second is lunar abyss
Also me: *instantly checks the comments for geometry dash comments*
Lol Duell maestro
Bruh add me on gd Ifiel
same
Yeah you are right lol
Are you sure ? Because I have tried looking for it but in vain.
Do you play Geometry Dash?
Many of the songs that do you use are in the game
He does.
ya i play gd
@@BadPiggiesPhonk not you
@@BadPiggiesPhonk r/notopbutok
GameCube
Everyone srry 4 the high volume of the music
Hi, I just made my own original vide pls subscribe to me, and donate
PandoTech hiiiiiiiiii
PandoTech the password pls
Pasak PandoTech
i found a way to stop it! Remove the power cable or battery before the boot! remove the disk and attach it to another pc, remove the petya entry and rebuild the wbm (Windows Boot Manager)...
"'we are goanna remove petya,, he didnt remove he just show us what does
edit:wow so many responses
@Nguyen Truong Minh the sword and the shield always evolve together. Maybe Petya's (or any other viruses') creators laugh on their victims, but as time passes, there will be crafty programmers who can decrypt, defeat and develop a recovering method against it. The same with computer protection. As firewalls, antiviruses and users' caution improves (like knowing the free iPhone is a scam and they don't click the virus link), there will be crafty hackers who will manage to breach through these defense lines (I already heard about viruses that are able to trick antiviruses and hide from them).
@@NoraTheCreator117 anti-viruses are the most popular viruses. And hiding from them is so fucking easy :v
Nguyen Truong Minh the video is private
Yes no one can remove petya instead of the developers of petya can solve it.
General Gio Nope there is no way
25 likes we want the password
Horizon that password... For petya ransomware...
+PandoTech i'm your big fan can I help you to removing a virus
It’s pandotech
PandoTech
What did use for VM Reply pls
me: gets close to my dog
my dog: what are you doing?
me: i'm trying to *p e t y a*
comedy *gold*
Not the only one watching on 2021 less go
looooool
Lol thats a good one
Yes, Comedy.
Petya is actually a russian name
Petya: "hacking the pc"
Pandotech: seem like you have chosen, Death
Ransomware=run somewhere :D
Funny. You have to run somewhere when you click RUN the RANSOMWARE
lol run
Hahaha
Lol
*When I ran out of my home* WHAT TO DO NEXT?!!??!?
Petya: HAHA! NOBODY CAN DEFEAT ME! IM THE UNDEFEATABLE VIRUS!
Pandotech: hold my beer
Edit: almost forgot about this comment, thanks for the 41 replies.
military encryption algorythm xDDDDDDDDD
hold my system32
@@apostolisjlightning4226 algorithm * xD xD
Petya: you Can’t got Red Uthv me Viteo: not in my mind
Pandotech : im god and im your father
Dog: woof
Me: hey can i.. PETYA
badum, tsshhhhh
Oh no u wanna infect da dog.....so rude!
@@rai8424 ,He Meant "Pet You",Not Something Bad :D,Also This Joke Was Really Good.😂😂😂😂
r/comedyheaven
Can i Pet YA? hehe i get it! Nice joke!
@@bmw1seriesmcoupe496 r/woosh
I am selling time stamps for the warnings/best moments
3:04 *Beware of eye bleed*
3:58 *Pando swearing alert*
4:26 *Pando starts spamming Petya*
0:00 *Video starts :)*
🤣🤣🤣🤣
omg sweartng alert/?!??!? really??/1/?!/ he swer.>..>. OMGNGGG
It doesn't format the disk, it encrypts the master file table so the drive becomes useless.
0 bytes/0 bytes is not the sign of a formatted disk, but a corrupted one
I have found that if you boot into the Windows install disk after the computer blue screens, but before it stats to boot from the hard drive again, and run the MBR repair command (fixmbr on Windows 2000/XP, and bootrec /fixmbr on Windows Vista onward), you will save your data. I suspect this happens because the file overwrites the MBR with a trojan that will encrypt the hard drive the next time the computer boots up, but it doesn't activate until you boot from the hard drive again, and if it hasn't activated, you can basically "disarm the bomb", and save all your data. But if the encryption has activated, you're basically screwed unless someone can make a decryption utility.
They did decrypt, it wasn't formatted.
False, do not format the pc. Petya does not encrypt the files, what she does is erase the list that has the hard disk to find and work with them. To recover all your data, it is necessary to restore that "list", which can be restored with the serial that has to be set to petya. When the files are not found, it appears that the disk is empty, but this is false.
So, how can I recover my valuable files?
Answer: You must connect the hard drive of your computer to another computer, and scan that disk with an application, which will give us a code which we must put on a web (I do not remember what it was called) that will give us the key to be able to restore that list. We place the hard drive again on the affected PC and enter the previous key.
If you want to see the URL of the websites and the name of the program, you can find it on RUclips
You are false lol . I downloaded the same and i was the same :)
David. Do you fucking know what a hard drive is? If it encrypts then the physical storage device is well, encrypted. You can't just pop it into another computer.
DAVID HERNANDEZ if you put the hard drive on any other pc it will give the same problem.
Because the hard drive is like a Memory Card where it stores all the system files and windows.
And if you put it on another computer it will come with virus because it erases the system and encrypts the MBR.
DAVID HERNANDEZ well, instead you can just need a program to make a Petya key to decrypt or should I say, restore for free without paying. Also, like he/she said (Pando!) do not enter, so this technique by using the program to get a key for free is the best option.
Куба Попков he/she could say he/she.
4:20 this reminds me of me having a conversation with Google when i was younger.
lol
420
420
@@alt.egoistic oh look a pichu and a pikachu
Basically the skull is just a lot of dollar signs.
nice ASCII petya 10/10 lol
@Proloop Under Ok calm down Sherlock.
If you cant get rid of it then reset your Hardware.
But beware all your Files are then gone so this video is really Helpful
The boot information and the OS information are crypted, that's why they don't appear. It shows 0 bytes used of 0 because Petya used a custom filesystem. Still, you may be right or not.
wondering how i got so many like LMAO
ồ người vn kìa
He's going to be in my hate video
Top 10 fortnite youtubers who have sworn
@@@Moviesxp
@@Shunised he no fortnite
Petya: hey who r u
Me: killer queen bites the dust
Petya: NANI
PETYA: NOBODY CAN REMOVE ME!
Real life weapons: Hey you come here
lol
thank you for making this vid, it makes me feel safer, i don’t want my pc to get destroyed
Fortnite sucks
@@GamerYt-ce7jp shut up that doesnt even relate to the comment he posted
Freernite xd
@@iguanawithinternetaccess930 is there any law that i have to relate the comment to the reply i put?
@@GamerYt-ce7jp haters gonna hate.
I think you just got a new subscriber! Love this.
Tip tho: dont use all red for your text. Maybe switch to blue or black on the more red screens. It shows up better and is easier to read.😊
Red is fine for me.
If C: is empty, where is petya installed?
It is in X: I think
On the master boot record.
Petya is installed in the MBR
Anic17 I’m guessing you’re fucked if something takes over the MBR? Or at least the hard drive is fucked
No Where LOL
1:11 - Petya in a nutshell
Try SCP 173 anomaly apocalypse
@Robotul Zombie ENGLISH PROFESSOR!!
@Robotul Zombie Nuhetlls
@Robotul Zombie it says nutshell bruh
1:11
Sorry for the question, but is safe to do this on a VM or there is a risk to infect your principal PC?
Petya doesn't format HDD, it just encrypts Master File Table(MFT)
How about "BUG32.exe" virus?
Or maybe Not-Petya?
Coba SMADAV Nya bang
@@electroadvent9918 Not-Petya i think is the same but maybe with different background and text
you can see this guy is a geometry dash player by the songs
Or he just... Idk... *went to newgrounds for songs?*
Petya: *formats drive*
Also Petya: *tells you that it encrypted your files*
if the disk would be erased then petya wouldn't be able to start as well, it just moves the files into an unreachable part of the disk
7:00 if I don't have the key I can't press next
how did you continued without the key?
Music: lunar abyss. Is one of my favourites :D
Love it
This can be used to make nine circles levels in gd
Level : DUELO Maestro
@@malikarezkallah636 shame on then who doesnt understand what u r meaning
Petya:IM A RANSOMWERE
me:run some where :3
Petya: No one can remove me! We have military-grade defenses!
PandoTech: Hold my beer.
True 😂
military grade? nope it is fake can be destoryed by fixing Windows MBR after backuping data in a Windows live CD
3:44
WHAT
I DIED LAUGHING AFTER SEEING THAT!
WHAT THE **** PETYA DID YOU “ENCRYPTED”
Are you using the same windows vista when you downloaded trojan memz on it and removed it?
Petya: Make PC flashing
People with Epilepsy: *They’re Grooving*
Me rewatching: good CRAP
Also me realizing hes an astolfo pfp now: Look how they massacred my boy
Oops! Your ears have been encrypted by high volumed PandoTech intro!
When I ran Petya on windows 7 virtual machine, it removed all of the files. So Petya kills your files.
All the song in this video is from Geometry Dash!
1: Lunar Abyss
2: Detious & Lockyn - Allure
Thats it.
No. Geometry Dash got these songs from newgrounds, he probably did too.
4:34
If you look closely, it says: "Lame"
XD
XD
Wat
Xd
Szymonthebests Gamer @ it does lol
2:28
Creepypasta ransomware.
Never heard that one before
so, this video is about removing it, and i did not see you remove it at all
Petya Ransomeware: please pay to get your computer back!
Pandotech: im about to end this mans whole career
GD's "Duelo Maestro" level music. I just recognized it.
its that nine circles level right?
@@xdlebaghet9773 no
6:01 scanos? More like thanos cuz thanos will snap petya and ur computer is safe
AHAHAHA XD
lol
Good one xD
When you heard the music I bet you were like duelo maestro.... Lunar abyss
According to the description if u try to ACTUALLY do what it tells you to do it straight up erases anything anyway
I have one question in 4:51, HOW THE HELL DID YOU TYPE FROM A - Z SO FAST??
magic of fast typing on computers xd
So basically if you get petya, your screwed. got it.
Also, it should be noted that with heaping amounts of luck and skill you CAN restore an infected computer, if you stop the fake chkdsk scan BEFORE it finishes.
Moms computer got it. I stopped the chkdsk scan before it finished and realized i aas dealing with something wayy out of my league. I brought it to a computer repair shop the next town over. Took them 3 days and god knows how many tries (they admitted it infected their machines too) to get it off, but they did it. Got moms computer back running eith some new antivirus!
Praises to you Cold Snap tech in Eveleth, MN!
6:11 windows explorer doesnt work in that environment
4:54 any one notice the thing?
it said
Key: 82920
Yeah I DId
the actual key is usually longer
He typed it
@@jagged7666 oh.
0:18 Geometry Dash, Duelo Maestro mmmmmm
ohhh yeaah
What happens when you combined all viruses together
The bad stuff
Trust me I know, it went horribly
Here is the second way bc u cannot made it:
Basically u download like the petya key from other person. The CMD will appear. Copy and paste the id notepad to your folder.
Replace all then replace the name with id_raw. Now open the CMD and copy the petya key win 32 two times it will say that parameter is missing. U write like petya key win 32 then petya exe then the id_raw. Now click on any type of variant on cmd, GET THE KEY CODE FROM CMD AND YOU DONEE!
7:46 music name pls?
Yea whats the song?
Are u a geometry dash player.
I am lol
@@jagged7666 bruh I ask bcoz a geometry dash music is in the background
Death Moon was a good level
Only geometry dash fans will get
Duelo Maestro*
😶
Idk if avast is totally taken off cuz in regist editor there is some archives with avast on name should i delete EVERYTHING ABOUT AVAST OR THAT THINGS without any file (i deleted all manually) are not dangerous??
It doesn’t format the drive, the encryption makes windows assume it’s 0 bytes and nothing’s there
03:15 BOOM! RSOD this time!
Petya.exe: HAAHAHHAHAHAAH THERE IS NO WAY >:)
Pandotech: I'm using to delete Petya.exe
Petya.exe: excuse me WTF
wait what? GEOMETRY DASH DUELO MAESTRO SONG???????
Küçük BayProblemli nope thats just lunar abyss
What seaGDPA said... ^
0:18 that song seems familiar... But i don't remember the name. What is it called?
Lunar Abyss
@@Justmarch1 Oh thanks i heard that song on Geometry Dash
I am on a VM and I try to press all of the options on the boot menu and still it gives me the Petya screen
0:0:0:0:00 R.I.P Headphone users
Geometry dash...
No. its not geometry dash. Its Lchavasse - Lunar Abyss
That song is used in geometry dash: Dual Maestro
Its not GD music!!! Fuk you
@@DevoN1337 YOU SHUT UP ITS FROM NEWGROUNDS!!!!!!!
It's just from newgrounds...
Lchvasse - Lunar Abyss
thank me later 8)
Geometry dashers is here!
@@предпоследний-коронный wait for me
So how do you really remove "Petya RSW" I only see proof that the disc is "formatted"
But how the Petya Ransomware can still boot even the disk is formatted?
Song plays
Me: GEOMETRY DASH
ME TOO
DUELO MAESTRO
Yes
+
Thanks bro. I have my computer fixed ^^!
probably you’re lying cause he basically said that's impossible to escape Peyra.
@@seemo_simona He's not lying. Why would he lie?
cheats for minecraft)
if you enter the sites what is gonna happen?
also how are you going to chec5 the links?
are you going to put them in another pc?
its not formatted bc petya just stoled whole files and bytes to hide server and when entered key then files is back to drives files
Pan do tech
🍳 🍩 🖥
3:05 perfect timing
ох уж этот Петя!
Ага
wtf does this mean, what is life
@@gdhexagon5768 umm
It is imposssible that PETYA has formatted the drive because its core files are necessarily located into a partition, which is the one it encrypted. PETYA destroy the Master Boot Record or GUID Partition Table and the Master File Table. WINDOWS SIMPLY CANNOT RECOGNIZE AN ENCRYPTED DISK, AND EVEN CAN'T BOOT UP FROM IT SO *THERE ISN'T ANY PROOF* . The disk is empty and it is "0 Bytes of 0 Bytes" because Windows cannot recognize it and BOOTREC /SCANOS searched for Windows Boot Loader, which was cancelled and overwritten by Petya one. You could simply stop the chkdsk, and type bootrec /fixmbr and if some of system files weren't available anymore, simply copy that from X:\Sources to C:\Windows.
i think CMD and anti virus serves as the most crushing line of defense in your computer
4:05 lol look at the key
DUALO MAESTRO GEOMETRY DASH AAAAAAAAAAA
yeeeeeee
Duelo maestro!!!; [GD]
geometry dash Duelo maestro...
wrong
NIGHT LAME lunar abyss from newgrounds*
Can I use this video? I found a better music for this video
CHKDSK is a CMD command, that checks your disc. Available when runned as administrator
True, but not in this case.
pandotech what is the name of the song? that you used in the video?
SI PETYA FORMATEA EL DISCO DURO, COMO HACE PARA IMPLEMENTAR SU PROGRAMA DE ARRANQUE??????
This virus isn't the worst ever virus/malware to exists. There is CIH which "breaks" bios, or atleast on older systems.
OIETIF.exe too :P
If someone is looking for it... the name of the song is Lunar Abyss.
What if I do this on GPT and what if I simply delete system reserved partition and reinstall windows? Does it corrupt the computer's firmware?