Severity scale:  
  (99/100)

.GDCB file extension virus. How to remove? (Uninstall guide)

removal by Gabriel E. Hall - - | Type: Ransomware
12

GDCB virus is one of the GandCrab ransomware versions

An example of files locked by .GDCB file extension virus

GDCB virus is a version of infamous GandCrab ransomware. This malicious crypto-virus spreads via Rig and GrandSoft exploit kits[1] and spam email attachments. Once the ransomware executable is opened, virus locks most of the personal files (.doc, .txt, .jpg, .png, .audio, .video, etc.) on a target PC by appending .GDCB file extension to each of them. For this purpose, it uses a strong AES[2] cryptography, which renders the files useless without having an active decryption key.

When GDCB ransomware finishes file encryption, it creates a GDCB-DECRYPT.txt file on the desktop and all folders that contain at least one encrypted data. This so-called, ransom note instructs the victim to do the following steps:

1. Download Tor browser – https://www.torproject.org/
2. Install Tor browser
3. Open Tor Browser
4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/[id]
5. Follow the instructions on this page

According to extortionists, initiating these steps and transferring the ransom is the only way to decrypt files encrypted by .GDCB file virus. Criminals require paying 1.54 DASH[3] for the GandCrab decrypter, which is equal to 1200 USD. If the data locked by this virus is significant to you, then you may consider transferring the ransom.

However, cybersecurity experts recommend refraining from doing that because any deal with crooks can lead to other problems. No one can guarantee that decrypter that is promoted by GandCrab ransomware developers will remove GDCB virus from your computer.

Instead of paying the ransom, you should remove GDCB with Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware or another powerful anti-virus program and recover your files using professional data recovery tools or Shadow Volume Copies. At the moment, it seems that virus fails to remove them. You can find more data recovery options at the end of this article.

More powerful spam filters would decrease the dissemination of ransomware

The developers of this ransomware virus employ three distribution strategies – Rig exploits kit, GrandSoft exploit kit and malvertising. The first two methods are initiated via system's vulnerabilities that allow the SQL server to run malicious code. In case of success, extortionists can execute malicious programs onto the system and lock personal files remotely. Unfortunately, protection from exploit kits is a difficult task, though possible. All you have to do is to update both your OS and anti-virus regularly, but that won't ensure a hundred percent protection.

Apart from exploit kits, ransomware developers prefer spreading email letters with malicious attachments. Such emails feature doubtful subjects, for example, Receipt Feb-21310 [ random numbered] and have no body text. Besides, the sender should be unknown and contain some grammar or typo mistakes. The latest known version of GandCrab ransomware virus has been disseminated via @cdkconstruction.org email address (the first part always differs). In all of the cases, the letter contains a .doc file attached. Most ransomware virus uses such malspam schema. Therefore, experts[4] recommend avoiding any interaction with suspicious emails. Double-check each message and report it as spam if it turns out to be suspicious.

Remove GDCB ransomware with one click

If you found gdcb-decrypt.txt file on your PC, you have a serious virus on your computer. Typically, it provides a limited amount of time to think whether to pay the ransom or not. As for now, there's no free GDCB decryptor available, so the only way to get it is to transfer the set amount of DASH coins and wait for the criminals to send you a paid decryptor.

However, you should think twice because GDCB virus removal is a better way out. Although all encrypted files will be removed along with the virus, you will have many changes to decrypt them using alternative data recovery methods (listed below).

To remove GDCB ransomware from the system, you will have to use a professional anti-malware program because even IT specialists can hardly eradicate such intricate infections from the system without leaving their footprints.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove .GDCB file extension virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall .GDCB file extension virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.
Press mentions on Reimage

Manual .GDCB virus Removal Guide:

Remove .GDCB using Safe Mode with Networking

To get rid of .GDCB file extension virus with Safe Mode with Networking, follow the guide given below. This will help you launch antivirus and run a full scan.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove .GDCB

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete .GDCB removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove .GDCB using System Restore

Steps given below will explain how to use System Restore to eliminate ransomware from the system.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of .GDCB. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that .GDCB removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove .GDCB from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by .GDCB, you can use several methods to restore them:

Data Recovery Pro can help you recover your encrypted files

Data Recovery Pro is a free software utility that can help you to recover files locked by .GDCB file extension virus and other ransomware even if it's initial purpose is to recover accidentally deleted files. Use the guide below to unlock them.

Previous Windows Version can help to recover individual files

This option can also help you decrypt files encrypted by ransomware. However, unlike the previous method, Previous Windows Version will recover your files only if Windows Previous Versions feature was enabled on your computer.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Download ShadowExplorer to start using your encrypted files

If GandCrab ransomware didn't delete Volume Shadow Copies, you should try to remove .GDCB file extension from personal files by following these steps:

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

GDCB decrypter is not available

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from .GDCB and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions

References

Removal guides in other languages