Severity scale:  
  (85/100)

StrawHat ransomware virus. How to remove? (Uninstall guide)

removal by Gabriel E. Hall - - | Type: Ransomware
12

StrawHat malware imitates ransomware

The screenshot of StrawHat ransomware

StrawHat virus reveals its true origin – the malware tries to pretend to be ransomware[1]. It simply renames the files rather than actually encodes them and attaches a random file extension. It functions via StrawHat PDF.exe file which already foreshadows the content.

The alternative trojan names – Generic.Ransom.Hiddentear.A.64B049AA, Trojan.Ransom.StrawHat, Ransom.HiddenTear, Generic.Ransom.Hiddentear.A.64B049AA – suggest that the malware is created on the basis of HiddenTear malware. Even if the virus indeed encoded data, you may have tried using either of free HiddenTear decrypter.

Regardless of the technical specifications, the ransom message does a good job alarming the virtual community:

YOU BECAME VICTIM OF THE STRAWHAT RANSOMWARE!

The files on your computer have been encrypted with a military-grade encryption algorithm. There is no way to restore your data without a special decryption program.

Now you should send us an email with your personal identifier.

This email will be as confirmation you are ready to pay for the decryption key. You have to pay for the decryption in Bitcoins.

The ransom message does not indicate any specific requirements except the Bitcoin address. It does not mention how many bitcoins victims should purchase. Fortunately, the malware will not function on most of the systems unless they have installed Visual Basic Power Packs. The latter is a legitimate product of Microsoft.

If you noticed running StrawHat PDF.exe command in your Task Manager, make a rush to remove StrawHat PDF.exe virus. You can do so with the assistance of malware elimination tool, such as Reimage or Malwarebytes Anti Malware.

Ways to evade ransomware hijack

Ransomware developers often prefer using trojans and exploit kits to expand the range of their ransomware. Spam email attachments are popular among certain ransomware authors, such as Locky or Cerber.

Alternatively, there is a high possibility to encounter ransomware by launching a fake Flash Player[2] installer. StrawHat hijack is likely to have taken place after a user downloaded a corrupted torrent file.

In order to limit the chances of ransomware encounter, keep your security and system apps updates. Pay attention to the installation wizards of new apps. Download them only from trusted and official sites. Now let us look through StrawHat removal options. 

Eradicate StrawHat malware completely

Hopefully, StrawHat removal should not pose any problems. Close its ransom message, run malware elimination tool, update and scan it. If the malware interferes with this process, reboot the computer and run the scan again. Likewise, you should be able to remove StrawHat virus completely.

You might also scan the device after again to make sure the malware is fully deleted. It is unlikely that this single-use malware will evolve into a serious threat. On the final note, not only English but Portuguese[3] and Danish users should be cautious of the malware. 

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove StrawHat ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall StrawHat ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual StrawHat virus Removal Guide:

Remove StrawHat using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

Reboot the system in Safe Mode. Then, you should be able to fully eradicate StrawHat malware.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove StrawHat

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete StrawHat removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove StrawHat using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of StrawHat. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that StrawHat removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove StrawHat from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by StrawHat, you can use several methods to restore them:

Data Recovery Pro solution

This program might come in handy recovering damaged files. It might be the last straw option if you have not backed up your data in advance. Though this malware does not encode anything, the program might still prove to be useful if you encounter a real file-encrypting threat.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from StrawHat and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions

References