Severity scale:  
  (96/100) ransomware. How to remove? (Uninstall guide)

removal by Jake Doevan - - | Type: Ransomware ransomware is a new version of Scarab virus ransomware image ransomware is a file-encrypting virus which demands to contact the criminals after data encryption. virus is a new cyber threat which belongs to Scarab ransomware family. This file-encrypting infection locks essential data on the victimized computer and demands to pay the ransom for the decryption tool. Unfortunately, the price of the recovery software is currently unknown as criminals indicate to contact them for the instructions via email address. 

Type Ransomware
Ransomware family Scarab
distribution Spam emails, and malicious ads
symptoms Files marked with a specific extension are no longer accessible and encrypted with a strong algorithm
decryptable No. Alternative ways how to get back compromised data are indicated at the end of this article.
elimination Only a robust antivirus can uninstall ransomware safely. Use Reimage

Similar to other cyber threats from Scarab virus family, ransomware spreads inside malicious email attachments. After the infiltration, it leaves the ransom-demanding message and indicates the following information:


Your important files produced on this computer have been encrypted due a security problem
If you want to restore them, write us to the e-mail:
You have to pay for decryption. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.

Before paying you can send to us up to 3 files for free decryption.
Please note that files must NOT contain valuable information
and their total size must be less than 1Mb

Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
If you not write on e-mail in 2 day – your key has been deleted and you cant decrypt your files

Cybercriminals claim that they have virus decryptor and offer free decryption of 3 regular files. Additionally, they ask to contact them as soon as possible since the price of data recovery depends on it. However, our experts note that attackers are unreliable people and one should never agree to their terms[1].

There are multiple other ways how you can decrypt files with extension without financially motivating the hackers. Furthermore, if you have backups stored in the cloud, you can quickly restore locked files to the primary state and avoid financial losses.

Thus, we strongly advise you to remove ransomware before it has damaged your system even more. Unfortunately, simple elimination procedure won't eliminate this cyber threat as it would reappear after the startup and start data encryption once again.

You can perform safe ransomware removal by employing reliable security tools as Reimage. Such antivirus applications are designed to get rid of all virus-related components from the computer and ensure its security in the future. Later, make sure to check alternative data recovery methods below.

Spam emails and malicious ads are the primary ransomware distribution sources

The answer to the question of how I got infected with ransomware is more than simple. File-encrypting viruses spread via the same technique for a quite extended period now — malicious email attachments. This distribution method is based on the recklessness of novice PC users as they tend to open spam letters with unreliable content.

Criminals create letters which mimic the appearance of legal documents, invoices or shopping receipts from well-known brands and companies. Additionally, those emails include an attachment which if opened, drops the payload of the ransomware and executes it. 

Likewise, you should carefully monitor your activity online and avoid opening any emails from unreliable and suspicious sources. Also, stay away from ads on your frequently visited pages. If clicked, they might enable malicious scripts and start an automatic download of the crypto-malware[2].

Get rid of ransomware and proceed to data recovery

We understand that you want to recover files with extension as quickly as possible. Although, experts[3] note that it is only possible when you uninstall the file-encrypting virus from your system completely. Since this task might be complicated, we suggest using a professional malware removal software.

You should start ransomware removal by installing an antivirus. Our top choices are Reimage, Malwarebytes, and Plumbytes Anti-MalwareNorton Internet Security. They are effective, and easy-to-use to you will be able to proceed with data recovery steps and unlock your files quickly.

Although, if you can't remove ransomware since the virus prevents you from installing the security tool, you should check the instructions below. They are designed to guide you through the whole elimination and file recovery procedure.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.

If you decided to select another anti-spyware, uninstall Reimage from your computer.
Press mentions on Reimage
Alternate Software
Alternate Software

To remove virus, follow these steps:

Remove using Safe Mode with Networking

Boot your computer into Safe Mode with Networking to disable the infection:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by, you can use several methods to restore them:

Data Recovery Pro could help ransomware victims

If you have files encrypted by the ransomware, try recovering them with this professional software. Additionally, it might help you get back the access to data which has been accidentally deleted or compromised in other ways.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by ransomware;
  • Restore them.

Windows Previous Versions Feature option

Fortunately, Windows users can take advantage of an inbuilt feature which allows to travel back in time and restore files from their previous versions.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Try ShadowExplorer software

This application is designed to use Shadow Volume Copies on the system to recover encrypted data. Make sure that they are in place and follow the instructions below:

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored. ransomware decryptor is still in development.

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions