Severity scale:  
  (95/100)

Gr3g ransomware virus. How to remove? (Uninstall guide)

removal by Julie Splinters - - | Type: Ransomware
12

Gr3g ransomware is out on the hunt

The picture displaying Gr3g virus note

Gr3g virus functions as a file-encrypting threat. After finishing the encryption process, the malware appends .libbywovas@dr.com.gr3g file extension. It seems to be a new virus unassociated with any major ransomware group. On the other hand, its possible relation to HiddenTear should not be ignored.

At the moment, the virus only presents its ransom .txt file Readme.txt file. It informs victims that their files have been encoded. They have 96 hours to contact the perpetrators via libbywovas@dr.com. Here is the extract from the ransom note:

ATTENTION. To email (libbywovas@dr.com) write messages only from these e-mail services.
From other email services, messages may not be received by us.

Yahoo. https://mail.yahoo.com
Gmail. https://www.google.com
Mail. https://www.mail.com

ATTENTION. We will reply you within 24 hours. If there is no response from us, please send your message again.
Tor email: libbywovas@torbox3uiot6wchz.onion
To register tor e-mail, use the service http://torbox3uiot6wchz.onion (Open only to the tor browser).

In addition, the ransomware developers offer to decipher three files each smaller than 2MB to gain users’ trust.
Interestingly, Gr3g crypto-malware disguises under rasmans.exe file[1]. The file is associated with WinLAC company. Certain security services detect this file as malicious[2].

There is still little information about the malware. On another hand, if you detected some of your files with the above-mentioned extension, concentrate on Gr3g removal. Reimage or Malwarebytes Anti Malware accelerates the process.

Ransomware prevention measures

According to IT specialists, the malware is quite active. At the moment, individual users are the main target. Ransomware are commonly distributed via the following three channels:

  • Spam email attachments
  • Exploit kits
  • Trojans
  • Browser extensions and apps

Regarding Gr3g ransomware, it seems to use the latter method as it disguises under an app. Likewise, pay utmost attention while installing any program. Make sure you download only signed applications by verified publishers. On the other hand, CCleaner v5.33 is a perfect illustrating sample that cyber villains can foist the malware in a legitimate and trusted program. In order to limit the risk of Gr3g hijack or other ransomware infiltration.

Remove Gr3g malware properly

Since the malware still needs improvement, it is likely that you might not encounter difficulties getting rid of the threat. In order to begin Gr3g removal, you may need to reboot the system in Safe Mode. There is an alternative method.
After that, you should be able to access the security application and remove Gr3g virus completely.

At the moment, there is no information about Gr3g Decryptor. Until it is released, take a look at the alternative data recovery methods. You may also use backup copies. At the moment, the virus has been detected only in English[3] domains.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Gr3g ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Gr3g ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual Gr3g virus Removal Guide:

Remove Gr3g using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Gr3g

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Gr3g removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Gr3g using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

In case the first method failed, enter advanced settings to perform System Restore. It will not delete Gr3g virus, but it may grant you access to the security tool.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Gr3g. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Gr3g removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Gr3g from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Gr3g, you can use several methods to restore them:

Data Recovery Pro method

This application is designed to repair damaged files. If you do not have backup copies, you might give this program a try.

What is Windows Previous Versions function?

If System Restore was previously activated, you might benefit from this method. On the other hand, it takes much more time as you have to go through each encrypted file manually.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

The benefits of ShadowExplorer

There is no information whether the malware deletes these copies beforehand, so you might succeed in recovering your files likewise.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Gr3g and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Julie Splinters
Julie Splinters - Malware removal specialist

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions

References