Severity scale:  

Remove B2DR ransomware (updated Jun 2018) - Removal Instructions

removal by Gabriel E. Hall - - | Type: Ransomware

B2DR –  a ransomware-type cyber threat that has been updated in June 2018

B2DR ransom noteB2DR is a file-encrypting virus that aims to swindle your money.

B2DR is a file-encrypting virus that uses AES-256 cryptography to lock various files on the targeted computer. This ransomware[1] has a few versions that append can be separated from each other by appended file extension. Currently, malware appends one of four suffixes:,, and When data becomes useless, malware drops either ScrewYou.txt or readme.txt files with shady file recovery possibilities.

Name B2DR
Type Ransomware
Danger level High. Makes system changes, encrypts files
Cryptography AES-256
File extension;;;

Ransom note ScrewYou.txt; readme.txt
Distribution method Malicious spam emails, bogus software downloads, fake update installation, exploit kits.
To uninstall B2DR, install ReimageIntego and run a full system scan

B2DR ransomware seems to be spread via malicious spam email attachments[2]. However, other distribution methods might be applied too. As soon as malware executable is dropped on the system, the virus modifies Windows Registry, installs harmful components and starts scanning the system looking for files to encrypt.

B2DR malwareB2DR malware displays ransom note soon after all files are encrypted.

B2DR virus targets commonly used files to cause more damage to the users and urge them to pay the ransom. Malware makes files inaccessible by appending extension. However, the new file extension also has a contact email address –

In the ransom note called readme.txt, authors of B2DR ask to send them an email in order to learn how to get back access to corrupted files:

All your files are encrypted.
Ask how to restore your files by email
Use only,,
Messages written from other mail services we can not get.
!!!With any changes to the encrypted files, do not forget to backup files!!!
Your ID: ***

According to malware researchers, crooks offer to decrypt three files smaller than 2MB before paying the demanded sum of money:

Hey. Archive any three files no larger than 2 mb.
Archive upload to and send us a link to the archive.
We will decrypt the files. Thank you.

However, security specialists do not recommend playing such games. Having a business with cybercriminals is never a good idea. Therefore, instead of giving your money to evil-minded people, you have to remove B2DR from the PC. Even though this procedure won’t bring back your files, but it ensures that you won’t lose your money.

Cybercriminals may never give you B2DR decryptor, but blackmail you into paying hundreds or even thousands of dollars. Though, these three files might be the only data you might retrieve. However, crooks might threaten to delete or leak personal information in order to get more money from you.

For this reason, you should decrease your loss by eliminating ransomware. After B2DR removal with ReimageIntego or other malware elimination software, you can try to recover files using third-party software. There’s still a chance that some of them can be rescued.

B2DR ransomware asks to pay the ransomB2DR ransomware asks to contact crooks soon after file encryption.

Three new variants of B2DR emerged

Security researcher Michael Gillespie[3] discovered the new variant of B2DR ransomware in May 2018. The malware did not change much – even the ransom note name remained the same (Readme.txt). Nevertheless, the virus uses a different extension to encrypt files – .setimichas1971 @ Additionally, the contents of the ransom message vary from the original:

Your files were encrypted with AES-256. 

Ask how to restore your files by email

Use only,, Messages written from other mail services we can not get.

We always respond to messages. If there is no answer within 24 hours, then write us with another email service. 
If within 24 hours you have not received a response, you need to follow the following instructions: 
a) Download and install TOR browser: 
b ) From the TOR browser, follow the link: torbox3uiot6wchz.onion 
c) Register your e-mail (the Up Sign) 
d) Write us on e-mail: setimichas1971@torbox3uiot6wchz.onion 
ATTENTION: e-mail (setimichas1971@torbox3uiot6wchz.onion) accepts emails, only with e-mail registered in the TOR browser at torbox3uiot6wchz.onion 
Any actions on your part over encrypted files can damage them. Be sure to make backups!
In the message write us this ID:

The size of the ransom is unknown but is most likely between 0.1 and 0.3 BTC. As with the original version, we do not recommend paying cybercrooks, as it can result not only in data but also money loss. Unfortunately, this variant of B2DR is not decryptable as well. second variant

In June 2018, another variant of B2DR ransomware emerged. It uses a new ransom note file “ScrewYou.txt” and a new extension containing the contact email “”. However, cyber criminals still provide the same recovery instructions and urge to pay the ransom. The size of the payment is still unknown, but we do not recommend having business with crooks. It's better to eliminate the virus.

A couple of days later, researchers reported that malware started using file extension too. Different than the previous one, this variant provides data recovery instructions in Readme.txt file. Though, the situation remains the same. Victims are asked to contact them and pay the ransom. One more time we want to remind that it's not recommended to do.

Obfuscated email attachments might contain ransomware payload

Ransomware executable usually spreads as obfuscated spam email attachment. The payload might look like Word, PDF, ZIP or other legit file or archive. The letter itself might look like sent from the official organization or popular company. Though, inattentive computer users can be quite easily tricked and let a file-encrypting virus into the system.

However, security specialists from[4] tell that suspicious emails are not the only way malware might sneak into the device. Malware might also be installed in the following ways:

  • clicking malicious ads;
  • installing bogus programs or software updates;
  • downloading illegal programs, music, movies or other content;
  • by exploiting security vulnerabilities.

Instructions for B2DR ransomware elimination

B2DR removal requires employing strong and updated anti-malware tool. However, malware might block security software and prevent simple elimination. The good news is that ransomware can be disabled by booting to Safe Mode with Networking.

Then, you can install ReimageIntego, SpyHunter 5Combo Cleaner, Malwarebytes or your preferred anti-malware software and remove B2DR automatically. After that, you can use backups or try alternative recovery solutions. You can find our suggestions below.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove B2DR virus, follow these steps:

Remove B2DR using Safe Mode with Networking

Follow these steps to disable the virus and run automatic elimination:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove B2DR

    Log in to your infected account and start the browser. Download ReimageIntego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete B2DR removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove B2DR using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of B2DR. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with ReimageIntego and make sure that B2DR removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove B2DR from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by B2DR, you can use several methods to restore them:

Try Data Recovery Pro after B2DR ransomware attack

This tool can recover corrupted files and might be useful after ransomware attack. Though, we cannot promise that it brings back all of the data.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by B2DR ransomware;
  • Restore them.

Try Windows Previous Versions feture

This method can help to recover individual files if System Restore was enabled before ransomware attack.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer might recover files with .b2dr extension

In order to recover files with ShadowExplorer, you have to make sure that malware did not delete Shadow Volume Copies.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

B2DR decryptor is not available yet.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from B2DR and other ransomwares, use a reputable anti-spyware, such as ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes

Protect your privacy – employ a VPN

There are several ways how to make your online time more private – you can access an incognito tab. However, there is no secret that even in this mode, you are tracked for advertising purposes. There is a way to add an extra layer of protection and create a completely anonymous web browsing practice with the help of Private Internet Access VPN. This software reroutes traffic through different servers, thus leaving your IP address and geolocation in disguise. Besides, it is based on a strict no-log policy, meaning that no data will be recorded, leaked, and available for both first and third parties. The combination of a secure web browser and Private Internet Access VPN will let you browse the Internet without a feeling of being spied or targeted by criminals. 

No backups? No problem. Use a data recovery tool

If you wonder how data loss can occur, you should not look any further for answers – human errors, malware attacks, hardware failures, power cuts, natural disasters, or even simple negligence. In some cases, lost files are extremely important, and many straight out panic when such an unfortunate course of events happen. Due to this, you should always ensure that you prepare proper data backups on a regular basis.

If you were caught by surprise and did not have any backups to restore your files from, not everything is lost. Data Recovery Pro is one of the leading file recovery solutions you can find on the market – it is likely to restore even lost emails or data located on an external device.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions


Your opinion regarding B2DR ransomware