Shariz Virus Removal (+ .Shariz File Recovery)

About the .Shariz Virus

Ransomware is definitely among the worst categories of computer malware and, unfortunately, the number of Ransomware infections has been rapidly increasing throughout the past several years, and especially the past several months. Currently, a new Ransomware representatives get created pretty much every day and dealing with them after an infection has occurred is almost always extremely tricky. Shariz is the specific Ransomware threat we will be telling you about here – a new and very problematic cryptovirus.

With Ransomware cryptoviruses (Seto, Gero), the main problem isn’t the removal of the actual virus – this can actually be done pretty easily. The real problem here is repairing the damage that the infection has done. In the case of the Ransomware cryptoviruses, the said “damage” is the encryption of the user’s files and the inability of the user to open any of those files after the malware’s encryption has been placed on them. The files themselves remain unharmed but the only way to access and use them is the special decryption key that corresponds to the employed encryption. As you probably already know, the attacked users are supposed to pay money for this key. If the requested ransom money isn’t sent to the hackers within the given deadline, the sum may double or the decryption key may get deleted for good.

Should you pay for your encrypted .Shariz files?

Before we delve any further into this topic, let us tell you that no matter what course of action you choose to follow if a threat like Shariz has infected your machine and locked up your files, there is likely not going to be any guarantee if you’d be able to restore your files. That being said, each of those two potential approaches has its pros and cons.

For example, if you pay the money and get the decryption key, you will probably be able to get all of your data back since obtaining the correct decryption key is the most effective way of recovering your files. However, this is where the pros of this option end and the cons begin. First of all, there is absolutely no way you could know if you will be sent this key if you pay. The hackers can easily keep the money you send them and then ask for more or simply not contact you ever again. There is a huge risk here of losing serious amounts of money for absolutely no reason. And, of course, if you do receive key but it doesn’t work as it is supposed to, you will still not be able to get your money back.

The other possible course of action is to get rid of Shariz and try to find some alternative recovery solutions. Here, we can offer you both a removal guide for Shariz and some suggestions on how you may be able to bring some of your data to its accessible state. That being said, our suggestions are also not guaranteed to work. There, however, are two undeniable advantages if you choose to do that instead of paying – first, there would be no risk of money loss, and second, you get to remove Shariz and make your computer safe for future use. In our honest opinion, it is better to first try the alternatives and only if nothing seems to work and you really (really!) need those files, consider the ransom payment as a possible option.

SUMMARY:

Remove Shariz Virus

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to Shariz

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Shariz.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Shariz , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – Shariz

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to Shariz Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: Shariz Decryption

The previous steps were all aimed at removing the Shariz Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.