Severity scale  
  (99/100)

NoobCrypt ransomware virus. How to Remove? (Uninstall Guide)

removal by - -   | Type: Ransomware
12

NoobCrypt ransomware – not so dangerous?

NoobCrypt virus might be regarded as one of those viruses which seem to be powerful at firts glance but later on reveal their fatal flaws. The first version appeared in September, but it was quickly taken down by the virus researchers. However, it may still have caused problems for users as they were threatened to make 299 USD in return of the locked data. Regarding its ransom message, one might suspect that this virus is the misdeed of amateur hackers. However, the original version still has managed to encode personal information with the help of a complex mathematically interrelated set of codes, specifically AES algorithm. If we believe the content of the message, the virus was generated in Romania. Thus, the residents of the latter country should be extremely cautious. On the other hand, it does not mean that if you live in the country far from this European state, you can escape this threat. That is why it is important to arm up with the knowledge about effective NoobCrypt removal.

Reviewing this ransomware, it does not present any extraordinary nor unusual features. As usual, hackers attempt to persuade you into remitting the payment for the locked personal files. Certainly, without the private key, decoding your files is not an easy task to do. Thus, the cyber criminals employ psychological pressure to urge you with the payment. They threaten to delete some files every two hours. The standard amount of the ransom equals 299 dollars. The victims of NoobCrypt ransomware are expected to purchase Bitcoins and then enter the unique verification code in the provided bar in the ransom message.

The screenshot of NoobCrypt virus

At first glance, the virus is ordinary file-encrypting malware. Users who are befallen by this menace might panic while searching for a way to retrieve the files. However, IT experts have discovered that there are several significant flaws in the source code of the malware. It creates only one registry entry -- HKEY_CURRENT_USER\k1j3jk153kj153. Thus, it is unlikely to re-launch itself after the reboot of the operating system. The ransomware behaves more like a lock-screen virus. Luckily, there is no need to pay the money, because malware specialist, Jakub Knoustek, discovered a key. Enter ZdZ8EcvP95ki6NWR2 code into the bar which requires the verification code. After that, you will be able to decrypt the files for free. After that, remove NoobCrypt right away. Reimage is one of the security programs which quickly and effectively deal with the ransomware.

September 2016 update: NoobCrypt uses the same decryption password for all of its victims

Just recently Noob Crypt virus researchers have made a breakthrough with this ransomware by disclosing another huge flaw in the program's source code. Iakub Knoustek, who initially came up with NoobCrypt decryption key, continued to inspect the virus even further and found that this key is only suitable for some computers, while the others remain undecryptable. The main problem is that there are several versions of the NoobCrypt malware and each of the version feature a different decryption code. Luckily, the same code unlocks all computers infected with the same version of the virus. So, to decrypt your data, you only need to find out what particular version of the virus has infected your PC. To do that, pay attention to the ransom note details such as the amount of ransom and the Bitcoin wallet address. For instance, the code "ZdZ8EcvP95ki6NWR2" only works for the virus versions demanding the highest ransom -- 299 USD. The virus version demanding 100 dollars for the data decryption can be decontaminated with a code "RedStarPenis", while the ones asking for 50 USD can be unlocked using lsakhBVLIKAHg. Good luck decrypting your data! Just do not forget to eliminate the virus from your computer when you do!

The malware is revived again?

After the IT professionals have shattered the hackers' ambitions mercifully, it seems that there is going to be one virus less in the virtual world. Nonetheless, the authors have proved not be so "noob" and decided to counterattack the IT specialists. Consequently, an improved version of the ransomware was detected. The renewed edition contains several improvements, such as C+ evaluation copy. However, to big disappointment of the crooks and the joy of the virtual community, the improvements made the virus worse. In other words, the hackers included obfuscating elements, but in the end they resulted in the version of the virus which does not require any decryption key! However, such improvements reveal that crooks, whether they are member of organized cyber rime gang or just hacker-wannabes, still create significant problems for the users. Though rarely the virus updates mess up the virus itself, such renewed editions remind you to stay vigilant.

The infiltration peculiarities

Since the hackers behind NoobCrypt seem to be amateur hackers yet, it is likely that the malware is distributed via P2P file sharing websites or other questionable advertising, gaming, or pornographic domains. Such domains often contain various hyperlinks. After a user clicks on such link, he unintentionally downloads the file with the ransomware. Alternatively, it is a matter of time when cyber criminals decide to shift to another, a more profitable method of distributing the malware. It is a common tendency to transmit file-encrypting viruses via spam emails. In the case of some previous ransomware, cyber criminals have manifested real mastery by creating fake letters which can be easily mistaken for the official emails received by governmental institutions. Thus, if you receive an invitation to fill the form for a tax refund or customs declaration, do not open any attachments. They might contain NoobCrypt hijack within. In order to block any malware, which might disguise the virus, and decrease the number of spam emails, install an anti-spyware application.

Terminating NoobCrypt

Since this virus is not a mere PUP, we highly advise you to opt for the automatic elimination. The security application, Reimage or Malwarebytes Anti Malware, will remove NoobCrypt virus properly. If you update the application regularly, it will safeguard your PC from all kinds of threats. However, you might encounter some problems related to NoobCrypt removal because the virus locks your screen and you cannot operate your device properly. If after entering the above-provided code, the computer still remains unusable, use the recovery instructions below. After the threat is completely eliminated, you should focus on developing several plans in case ransomware targets your system again. Daily update security applications. Store your private information in several locations. You can employ portable data keeping devices, such as USB sticks or DVDs.

 

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall NoobCrypt ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall NoobCrypt ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Plumbytes
We are testing Plumbytes's efficiency (2016-11-15 01:56)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2016-11-15 01:56)
Hitman Pro
Webroot SecureAnywhere AntiVirus

Method 1. Remove NoobCrypt using Safe Mode with Networking

Step 1: Reboot your computer to Safe Mode with Networking
Windows 7 / Vista / XP
  • Click Start Shutdown Restart OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
  • Select Safe Mode with Networking from the list
Select 'Safe Mode with Networking'
Windows 10 / Windows 8
  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window.
Select 'Enable Safe Mode with Networking'
Step 2: Remove NoobCrypt

Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete NoobCrypt removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Reimage is a tool to detect malware. You need to purchase full version to remove infections.
More information about Reimage
Reimage is a tool to detect malware. You need to purchase full version to remove infections. More information about Reimage

Method 2. Remove NoobCrypt using System Restore

Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
  • Click Start Shutdown Restart OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
  • Select Command Prompt from the list
Select 'Safe Mode with Command Prompt'
Windows 10 / Windows 8
  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Select 'Enable Safe Mode with Command Prompt'
Step 2: Restore your system files and settings
  • Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
  • Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
  • When a new window shows up, click Next and select your restore point that is prior the infiltration of NoobCrypt. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
  • Now click Yes to start system restore. Click 'Yes' and start system restore
Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that NoobCrypt removal is performed successfully.
Reimage is a tool to detect malware. You need to purchase full version to remove infections.
More information about Reimage
Reimage is a tool to detect malware. You need to purchase full version to remove infections. More information about Reimage

Bonus: Recover your data

Guide which is presented above is supposed to help you remove NoobCrypt from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by NoobCrypt, you can use several methods to restore them:

Data Recovery Pro – the aid for the encrypted files

In case you happened to get infected with a modified NoobCrypt version and some of your files are still locked, run the application to regain access to the affected data.

ShadowExplorer – another alternative

Upon encountering a more damaging ransomware virus, this utility may prove to be effective in restoring the files.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go thru the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select "Export". You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from NoobCrypt and other ransomwares, use a reputable anti-spyware, such as Reimage, PlumbytesWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

Julie Splinters
Julie Splinters - Malware removal specialist

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.


Information updated:

Comments on NoobCrypt ransomware virus

0
0
Corney
Im glad that I do not need to worry. I have an anti-virus and anti-malware programs working and perform regular scans. No serious virus for years!
0
0
Danny.Elf4
Still we should not underestimate these hackers. They might strike again.
0
0
Kirk5008
That guy saved us. I thought about paying the money because those damn hackers encrypted a very important document.
0
0
Raymond
Eventually, the hackers turn out to be noobs. Still, nice try!

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)