Gomasom ransomware. How to remove? (Uninstall guide)

removal by Ugnius Kiguolis - - | Type: Ransomware
12

In this article, we are going to describe yet another ransomware, which is probably one of the most dangerous viruses that can infect your computer. A new ransomware was detected – it is called Gomasom ransomware. This virus is named this way because it is also known as GOogle MAil ranSOM. So what does this virus do?

Gomasom ransomware description

Once this ransomware enters the computer, it places a randomly entitled malicious .exe file in the C:\Users\User\AppData\Local\Microsoft Help\ folder as well as autorun file. As a result, this malware starts its hazardous activities right after you start your computer. This virus searches for personal records on the computer and encrypts them. Keep in mind that ransomware viruses tend to attack image, text, video, and audio files. However, every virus is different, and the difference between Gomasom and other viruses is that it encrypts executable files as well. You should know that you are not going to be able to access your personal files in any way after the encryption process.

Gomasom ransomware virus

Another different feature of Gomasom virus is that it does not leave a ransom note. However, it changes the names of the encrypted files in a particular way. For example, you had a file named Document.txt. Once this file gets decrypted, the file name will be changed to Document.txt!____[Random text here]@gmail.com_.crypt. As you can see, the file name includes a suspicious Gmail address. The cyber-criminals who have created this virus do not leave the ransom note, but they expect you to contact them via this e-mail. Basically, what is going to happen if you write to this e-mail address, is that the criminals are going to ask you to pay a fixed amount of money to get the decryption key. You should NOT pay the ransom. First of all, there is no guarantee that you are going to get your files back; second, you should not support cyber-criminals in such way. The first thing you need to do is to remove the Gomasom virus from your computer – if you manage to notice the change of filenames in time, you might stop the encryption process and save some files! You can remove this virus automatically, with anti-malware software, for instance, Reimage (Windows OS) or Webroot SecureAnywhere AntiVirus (Windows and Mac OS).

How did I get infected with Gomasom virus?

While low-level computer threats like spyware (adware, browser hijackers) are spread via bundling method, ransomware viruses are much more dangerous, and they are spread in quite different ways. There are several different methods how you can get infected with Gomasom malware.

  1. It IS spread as an attachment to malicious e-mail letters. Be aware of letters that come from unfamiliar senders and do not open any files that might be attached to them, no matter how safe they would look. Gomasom tends to act like a Trojan, so it pretends to be a safe file while in reality it is a very dangerous file.
  2. It MIGHT be spread via rogue websites on the Internet. Hackers sometimes tend to put malicious hyperlinks onto suspicious gambling or erotic content websites. In general, we suggest avoiding clicking on unreliable links. Do not let your curiosity cause harm for your computer!

If you want to find out how to remove this virus manually, continue reading on page 2.

Can I uninstall this ransomware manually?

Yes, you can uninstall Gomasom virus manually. However, we do not recommend doing so. If you are an inexperienced PC user, you might not be able to find ALL malicious files that Gomasom ransomware has placed on your computer. We suggest using an automatic removal tool instead. Do not forget that you are dealing with a VERY serious virus. An up-to-date anti-malware program is designed to detect newest viruses and remove them safely.

How to decrypt the files?

There are no 100% working ways to decrypt files that were encrypted by ransomware. Of course, unless you have a backup copy of your records. In such scenario, we recommend removing the virus and importing the files from an external backup drive then. Also, there are several tools that you can use for file decryption: Kaspersky virus-fighting utilities, R-Studio, Photorec.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Gomasom ransomware you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Gomasom ransomware. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual Gomasom virus Removal Guide:

Remove Gomasom using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Gomasom

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Gomasom removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Gomasom using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Gomasom. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Gomasom removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Gomasom and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author


  • Franko

    sounds freaky. so is there a way to fully decrypt the files?

    • marthinwilliams

      Yeah you gotta have a backup

  • Della93

    Ive been infected, but managed to decrypt the files. not THAT bad ransomware! but still, hope these cyber-criminals will be put behind bars

  • ROY

    NASTY VIRUS! GOMASOM INFECTED MY MOMS COMPUTER AND THERE IS NO WAY WE WILL GET OUR FILES BACK ! WE DO NOT HAVE MONEY TO PAY THE RANSOM! FILTHY CYBER CRIMINALS!!!