.Good ransomware (Removal Instructions) - Sep 2019 update

.Good virus Removal Guide

What is .Good ransomware?

.Good ransomware – a file locking cyber threat which offers to decrypt a small file for free as evidence

.Good ransomware.Good virus - a file locking cyber threat which ads the .good appendix to each corrupted document.

.Good ransomware detected as Trojan.GenericKD.32335732 by Bitdefender is a file locking virus which appears in a computer system due to a secret infiltration. It usually comes via spam messages. However, sometimes it might approach your machine after clicking on a malicious link or fake ad. Once installed, .Good file virus starts modifying the Windows Registry section which lets the cyber threat to perform its actions. The ransomware uses AES encryption to corrupt files on the infected computer and ads the .good extension to each of it. After that, a ransom note called HOW_TO_RECOVER_FILES.txt, Restore-My-Files.txt, or RETURN FILES.txt is displayed. Crooks urge victims to pay the demanded ransom for the decryption tool and offer to send a small file for free unlocking.

Name .Good
Detection name Trojan.GenericKD.32335732
Category Ransomware
Extension .good
Ransom note HOW_TO_RECOVER_FILES.txt, Restore-My-Files.txt, or RETURN FILES.txt
Encryption algorithm AES cipher is used for file encryption
Ransom It is known that cybercrooks urge for Bitcoin as the type of currency
Email address dsupport@airmail.cc, etc.
Special offers Crooks offer to decrypt three files for free as evidence that the decryption key does exist
Changes Modifications are seen in the Windows Registry
Removal Install FortectIntego

.Good ransomware provides dsupport@airmail.cc email address which should be a way for contacting. Users are urged to pay Bitcoin. This is the most famous cryptocurrency used by cybercriminals as it lets the transfer to remain secret. You can detect .Good files virus from such text message:

Your personal identifier: –
Your important files are now encrypted due to a security problem with your PC!
Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
Contact us using this email address: dsupport@airmail.cc
Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 10Mb (non archived), and files should not contain valuable information (databases, backups, large excel sheets, etc.).
How to obtain Bitcoins?
* The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click'Buy bitcoins', and select the seller by payment method and price:
hxxps://localbitcoins.com/buy_bitcoins
* Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price
(they add their fee to our) or you can become a victim of a scam.

We recommend staying away from any contact with the cybercriminals. Especially, do not get tricked by their false promises and avoid paying the demanded price. It is known that users are very likely to get scammed by cybercrooks. After they get the money from their victims, criminals run off and leave the users desperate. As an alternative, we suggest performing the .Good ransomware removal ASAP.

.Good virus.Good ransomware - a dangerous virus which can enter your PC through a spam email.

In addition, keep in mind that cyber threats such as .Good ransomware might be capable of injecting other bogus and dangerous components on the infected machine. Usually, malware-laden content that is left after the residence of the ransomware is discovered in the Windows Registry section or Task Manager.[1]

Besides the beforementioned feature, .Good ransomware might be capable of running malicious processes in the background, executing commands via Powershell that allow the malware to delete Shadow Volume Copies of encrypted documents. This is a way to harden the data recovery process for the victims and force them to buy the offered key.

You need to remove .Good ransomware from your computer system as soon as you spot the first ransomware-related symptoms to avoid further damaging consequences. You can fix the damage that was done by the infection with the help of an anti-malware tool. We suggest using FortectIntego or any other similar program if you are likely too.

Remember that you can never be fully protected from ransomware-type infections. If you want to avoid viruses such as .Good ransomware, you need to take some precautionary measures which are written in this article. Moreover, purchase a USB drive and keep important files there. If you do so, no hackers will be able to corrupt data that is safely kept on your external device.

.Good malware.Good malware - a ransomware strain that might aim to scam users for money swindling purposes.

Prevent ransomware from infecting your PC

According to IT specialists who investigate malware[2], ransomware-type viruses are often spread via spam messages. Such hazardous payload comes in the form of an attachment which is clipped to the phishing email, or as a link which is inserted into the message. If you overcome a dubious-looking email message, better eliminate it as you cannot know what can be hidden behind it.

Moreover, if you like visiting various rogue sites, especially third-party ones, you are very likely to catch a dangerous infection which will cause various harm to the system. Questionable pages often lack protection and might be infected will virus-related content that once clicked launches that same minute.

Additionally, get an antivirus[3]. Scan your computer with the security tool after you visit rogue sites. Perform system scans once in a while just to make sure that no cyber threat managed to slip through the security system. Of course, take care of all updates that are recommended. If not, you might overcome outdated registry entries in the future.

Get rid of .Good virus

If you spot encrypted files and other symptoms that show the ransomware[4] infection, you need to remove .Good virus from your computer permanently. Use professional anti-malware tools for this process. We advise installing FortectIntego, SpyHunter 5Combo Cleaner, or Malwarebytes. Note that you need to get rid of the cyber threat before you start recovering your corrupted data. Otherwise, the virus will lock up files again because it will still be inside your computer system.

After you perform the .Good ransomware removal, you should carry out some system backups to be sure that the system is fully clean. After that, you can start thinking about data recovery techniques. We offer some third-party software which might be helpful in such situation. You can find these methods below this article. Complete each step carefully to reach best results possible.

Offer
do it now!
Download
Fortect Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of .Good virus. Follow these steps

Manual removal using Safe Mode

Enable the Safe Mode function on your computer system to deactivate the cryptovirus. Follow these instructions:

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
    Settings
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
    Reboot
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.
    Startup

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Downloads
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):

    %AppData%
    %LocalAppData%
    %ProgramData%
    %WinDir%

After you are finished, reboot the PC in normal mode.

Remove .Good using System Restore

Turn on the System Restore feature to avoid various damage which might be caused by the .Good ransomware:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of .Good. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that .Good removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove .Good from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If you have spot files with the .good extension, we guess that you are wondering, how to restore important documents. You can see some few methods that we provided below. Complete each step cautiously to achieve best results.

If your files are encrypted by .Good, you can use several methods to restore them:

Try using the Data Recovery Pro method:

If you want to restore corrupted documents, you can give this method a try.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by .Good ransomware;
  • Restore them.

Windows Previous Versions feature might let you get important files back:

Perform each step as shown in the instructions. However, note that such a method will not work if you did not activate the System Restore function before the virus infiltration.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Use Shadow Explorer for data recovery:

This method might be helpful if the virus did not eliminate Shadow Volume Copies of affected documents, otherwise, choose another technique.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

There is no official decryptor for this ransomware discovered yet. IT experts are hoping to find it out in the following future.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from .Good and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

References