Severity scale:  
  (97/100)

Mr. Dec Ransomware. How to remove? (Uninstall guide)

removal by Alice Woods - - | Type: Ransomware

Mr. Dec Ransomware is a highly dangerous cyber threat

Mr. Dec Ransomware image

Mr. Dec is a ransomware-type infection which aims to encrypt valuable information on the computer and generate profits from ransom demands. Once it settles on the system, all data is locked and appended with .[ID][ID] extension[1] at the end of the file-names. The only thing user can access is the ransom note named as Decoding help.hta. Criminals encourage their victims to contact them via mr.dec@tutanota.com or mr.dec@protonmail.com e-mail addresses for further instructions.

Name Mr. Dec
Type Ransomware
Danger level Very high
Distribution Spreads inside malicious spam e-mails
Given e-mail address mr.dec@tutanota.com and mr.dec@protonmail.com 
File extension .[ID][random characters][ID]
Name of the ransom note Decoding help.hta
Symptoms It encrypts important data on the computer and demands to pay the ransom for the decryption software
Removal You can only uninstall Mr. Dec with a professional anti-malware like Reimage

Despite how threatening it might seem, we do not recommend you to contact the criminals in any way. According to the instructions, they should send you Mr. Dec's decryptor after you make the payment. Unfortunately, these are merely empty promises by hackers since they are only interested in blackmailing you for more money.

Thus, there is a high risk that you will be asked for more money once you pay for Mr.Dec ransomware authors. Here is the extract of the ransom note which is displayed right after the malware finishes data encryption:

1. In the subject line, write your ID.
2. Attach 1-2 infected files that do not contain important information (less than 2 mb)
3. Attach the file with the location c:\\Windows\DECODE KEY.KEY
are required to generate the decoder and restore the test file.
Hurry up! Time is limited!
Attention!!!
At the end of this time, the private key for generating the decoder will be destroyed. Files will not
be restored!

Note that criminals are good at human psychology. Likewise, they put their victims under time pressure to make sure that they will agree to pay the ransom for locked files. However, we want to warn you that you do not necessarily need to make the transaction for data decryption. You can retrieve data encrypted by Mr. Dec virus with the help of one of the software indicated below.

Although, you must remove Mr. Dec before starting data recovery. Even though many might think that they are experienced enough to deal with ransomware-type infections, only professionals or automatic tools can help you eliminate this cyber threat from your system.

Therefore, we strongly advise you to stay cautious and do not try manual Mr. Dec removal. It is highly dangerous and might put your computer's well-being at risk. Instead, you should install professional antivirus software and let it eliminate this ransomware automatically. For that, our choice would be Reimage.

Stay away from spam emails

In order to avoid ransomware attacks in the future, one must understand how it reaches the system in the first place. Likewise, we advise you to stay away from malicious spam emails right away since it is the primary malware distribution source which can easily trick many novice computer users.

Usually, the sent emails look innocent and even legitimate, like coming from a well-known company as an invoice or another document. Unfortunately, this is merely a trick, and the attachment is holding the payload of the ransomware. Thus, if you open it, you automatically let the cyber threat inside your system. 

For this reason, we recommend you to open letters only from trustful senders and delete the unknown or potentially dangerous emails right away. Additionally, you should avoid downloading software from peer-to-peer (P2P)[2] file-sharing sites where hackers also distribute malicious programs. 

Safe Mr. Dec virus removal guide

As we have already mentioned, there is no other way how to remove Mr. Dec rather than get help from a professional. For that, you can either see your local IT specialists or install a robust antivirus to help you complete the elimination procedure safely. 

Just install Reimage, Malwarebytes MalwarebytesCombo Cleaner, or Plumbytes Anti-MalwareMalwarebytes Malwarebytes, and it will complete Mr. Dec removal within several minutes. Also, this software is excellent for protecting computers from various other cyber threats that might try to enter the system. Likewise, it is a long-term investment in your PC's security. 

Additionally, Virusi.bg[3] experts say that if you are unable to download the malware removal program, there is a high risk that the ransomware is still active. Check the guidelines below and learn how to deactivate the malicious software to start the elimination procedure right away.

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove Mr. Dec Ransomware, follow these steps:

Remove Mr. Dec Ransomware using Safe Mode with Networking

You should start the elimination of the ransomware by booting your computer into Safe Mode as shown below:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Mr. Dec Ransomware

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Mr. Dec Ransomware removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Mr. Dec Ransomware using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Mr. Dec Ransomware. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Mr. Dec Ransomware removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Mr. Dec Ransomware from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Mr. Dec Ransomware, you can use several methods to restore them:

Get Data Recovery Pro tool for decryption

Experts have developed a professional software which is designed to help people recover files if they have accidentally lost them or in case of ransomware attack.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Mr. Dec Ransomware ransomware;
  • Restore them.

Windows Previous Versions feature might help you

Another great way to get back the access to the compromised files is to use an inbuilt Windows feature. Unfortunately, it requires System Restore function to be enabled before ransomware attack.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

You might retrieve files using Shadow Explorer

If the malware hasn't corrupted or deleted Shadow Volume Copies from your computer, we highly advise you trying this tool.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

There is no Mr. Dec ransomware decryptor available yet.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Mr. Dec Ransomware and other ransomwares, use a reputable anti-spyware, such as Reimage, Malwarebytes MalwarebytesCombo Cleaner or Plumbytes Anti-MalwareMalwarebytes Malwarebytes

About the author

Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions

References