Scarab ransomware virus. How to remove? (Uninstall guide)

removal by Julie Splinters - - | Type: Ransomware
12

Scarab ransomware returns with .scorpio file virus

The picture illustrating Scarab malware

Scarab ransomware functions as ransomware[1] which seems to be another variation of HiddenTear family of viruses. It presents its demands in d in IF_YOU_WANT_TO_GET_ALL_YOUR_FILES_BACK_ PLEASE_READ_THIS.txt file. Even though the malware exploits Base64, a much weaker encryption technique than RSA-2048 or AES-256, it still manages to inflict damage.

The ransom note informs that victims' files have been encrypted and marked with .scarab file extensions due to a security flaw in their operating systems. Then, the ransom note instructs to provide the personal identifier and contact the felons via qa458@yandex.ru email address. The latest edition appends .scorpio file extension. Furthermore, the racketeers present a different email address for contact purposes – resque@plague.desi. In order to earn users trust, the developers offer to decrypt three files for free.

Scarab virus felons do not indicate the sum of the ransom but rather urge affected users to contact them as soon as possible in order to save money. Ransom should be transmitted in bitcoins. It follows the manner of Locky as it provides two links for additional information. There is no need to pay the ransom. Instead, perform Scarab ransomware removal.

The name of the malware, scarab, the popular symbol of Ancient Egypt, refers to another ransomware named in the same topic. Recently, Ramsey malware emerged as the new variant of Jigsaw virus. Thus, you may suspect that the same hacker developed the malware. On the other hand, the crooks may sympathize with Locky distributors. They especially preferred naming their threats after deities and gods. One of the affiliated version, Osiris, wreaked havoc last year.

After acquiring the sample of Scarab malware, it will be much easier to identify the origin and, likewise, ways of counterattack. The malware should not be underestimated as it contains covert features. Even though it does not possess its independent application, the fact that it was able to infiltrate the device and encode files should alarm users. 

On the other hand, even if this misfortunate has befallen your computer, remove Scarab virus. Reimage or Malwarebytes Anti Malware are of use for such purpose.

Expanding distribution network

Note that the success of ransomware is highly determined by its ability to spread via different ways. It is likely to target users via spam emails[2]. Ironically, though this method is less effective than exploit kits or malicious scripts, hackers exclusively prefer this method. The problem that users still fall for the old bait – open email attachments which congratulate users on a supposedly won reward or the letter informing about an undelivered parcel.

Thus, if you do not retain rational thinking and cautiousness, no anti-virus will be able to save you from Scarab hijack or another malware infiltration. In addition, note that some hackers still use old trickery: visiting a corrupted site, you may notice a fake alert prompting to update your Java or Adobe Flash Player.

Terminating Scarab crypto-virus permanently

Despite the warning not to change the names of encrypted files or remove the virus, we suggest you to behave opposite. According to our security experts, you should remove Scarab ransomware with the assistance of a security application. However, make sure it is updated before a scan to be sure that there is a full virus data base which is ready to find malicious files.

In case you cannot launch your security software, take a look at the bottom instructions. They should help you launch it and overcome this issue. However, note that cyber security application does not decode files and can help you only for Scarab ransomware removal.

All programs that MAY help you are given in “files recovery” part. However, these suggested programs are not related to Scarab in any way, so there is no guarantee that they will work. Taking into account that the malware encrypts files with Base64, you may try using official online tools for reverting the format to its original one. Note that despite the name of the title, the malware targets all netizens, regardless of where you live in Norway[3] or in Egypt.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Scarab ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Scarab ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual Scarab virus Removal Guide:

Remove Scarab using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

In case the computer is out of the control, you may find this method quite effective. After that, you will be able to launch an anti-spyware tool and remove Scarab virus permanently.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Scarab

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Scarab removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Scarab using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Scarab. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Scarab removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Scarab from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Scarab, you can use several methods to restore them:

Data Recovery Pro method

In case, you had not back up your files before the malware encoded the files, Data Recovery Pro software might grant you the solution. It is especially handy in recovering damaged files. 

The benefit of Windows Previous Versions

This method might be effective restoring encoded data if System Restore was previously enabled. On the other hand, some users may find it inconvenient as they have to go through each file and perform the following steps.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Scarab malware and ShadowExplorer

Since the virus hardly eliminates volume shadow copies in advance, the tool might serve as the last resort to restore wanted files.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Scarab and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Julie Splinters
Julie Splinters - Malware removal specialist

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author

References

Removal guides in other languages