Remove Darus Virus Ransomware (+.Darus File Recovery)

.Darus File

The .Darus Virus in Depth

.Darus Virus
The _readme.txt file is left from the .Darus Virus and contains instructions for paying the ransom.

Ransomware is well known for how problematic and difficult to deal with it is – it is one of the biggest online threats at the moment and it doesn’t seem to slow down one bit. In fact, the number of infections has drastically increased in the recent months and currently, several new Ransomware infections( GusauMadek),  get released each day. We are trying to cover all new infections of this type to the best of our abilities, which is why, in this post, we will tell you about Darus. Darus is a typical cryptovirus infection that uses its advanced encryption algorithm to lock up the files present in its victims’ computers. I addition to placing its encryption on the files, it also changes their extension, so if you have been attack by Darus, you are likely to see that all of your personal files, regardless of what their file type is, now have the same extension. Needless to say, opening those files would result in the Ransomware telling you that the only way to open it is if you make a generous money “donation” to the people responsible for the creation of this nasty virus threat. It’s possible that the note/banner that tells you about the demanded ransom gets displayed on your screen as soon as the encryption of your data gets completed, even before you have attempted to open any of the locked-up files.

What to do now, that .Darus File has locked the files?

.Darus File
.Darus Virus Ransomware is from the STOP/ DJVU family, it will encrypt your files with .Darus extension

The users who get to face such an issue are oftentimes unsure about what to do in order to minimize the nasty consequences of this attack. “Minimize”, here, is exactly the right word to do because, sadly, full recovery from such an attack may not always be possible and the sooner you understand and accept that, the better. That being said, here are your main options:

Option 1: Pay the money

This may actually seem like a good idea to some – the money required may not be all that much and/or the value of the files that have gotten encrypted may vastly exceed the sum that is demanded for their release. Whatever the specific case, it is likely that many people would at least think about paying. However, there are several things you need to be informed about with regards to this option. First, you obviously cannot be sure that your files would actually get restored – the hackers may simply lie to you. There’s nothing you can do to make them send you the decryption key for the data if they don’t want to do that. However, if you have already paid, the money is gone and there’s no getting it back. Furthermore, there is usually no way to track the hackers because the money is usually paid in BitCoin – an online currency that is virtually untraceable by regular users.

Option 2: Removal + alternative recovery solutions

With the help of the guide we have here, most (if not all) of you should be able to remove Darus with relative ease. After that is the time to use any backups you may have lying around your house or your online accounts. Also, several suggested alternative file restoration methods can be found in our data-recovery guide. However, similarly to the other option, no guarantees can be given about whether or not you’d actually manage to get all of the files back. The good thing here is that at least your money wouldn’t be put on the line.

Darus SUMMARY:

Name Darus
Type Ransomware
Danger Level  High (Darus Ransomware encrypts all types of files)
Symptoms Darus Ransomware is hard to detect and aside from increased use of RAM and CPU, there would barely be any other visible red flags.
Distribution Method  Most of the time, Trojans get distributed through spam e-mails and social network messages, malicious ads, shady and pirated downloads, questionable torrents and other similar methods.

Darus Ransomware Removal

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to Darus

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

hosts_opt (1)

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Darus.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Darus , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – Darus

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to Darus RansomwareAbout the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: Darus Decryption

The previous steps were all aimed at removing the Darus Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

Author:
Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded MobileSecurityZone.com, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.

Leave a Reply

Your email address will not be published. Required fields are marked *